{"type": "bundle", "id": "bundle--4e342ebd-6655-4b45-adba-fd8d59f57e34", "objects": [{"type": "identity", "spec_version": "2.1", "id": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.324662Z", "modified": "2026-06-02T15:57:32.324662Z", "name": "Malicious Chrome Extension IOC Database", "description": "Community-maintained database of malicious Chrome and Edge browser extension indicators of compromise (IOCs). See https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids for details.", "identity_class": "organization", "contact_information": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}, {"type": "malware", "spec_version": "2.1", "id": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.325584Z", "modified": "2026-06-02T15:57:32.325584Z", "name": "\u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME", "description": "Malicious browser extension campaign: \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME", "malware_types": ["malware"], "is_family": true, "first_seen": "2020-06-18T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--060b902b-705c-41b4-b41e-c4a416d45118", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.586758Z", "modified": "2026-06-02T15:57:32.586758Z", "name": "Unknown Campaign", "description": "Malicious browser extension campaign: Unknown Campaign", "malware_types": ["malware"], "is_family": true, "first_seen": "2019-07-18T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.019588Z", "modified": "2026-06-02T15:57:33.019588Z", "name": "\u201cThese extensions have not all been confirmed to be malicious by other third-par", "description": "Malicious browser extension campaign: \u201cThese extensions have not all been confirmed to be malicious by other third-par", "malware_types": ["malware"], "is_family": true, "first_seen": "2020-12-26T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--a75be05d-cd3c-4fe3-97f4-67ab6695b01b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.047694Z", "modified": "2026-06-02T15:57:33.047694Z", "name": "\u201cThe extension was \u2018Offered by:  Extensions\u2019 in the Chrome Web Store and is the ", "description": "Malicious browser extension campaign: \u201cThe extension was \u2018Offered by:  Extensions\u2019 in the Chrome Web Store and is the ", "malware_types": ["malware"], "is_family": true, "first_seen": "2021-05-18T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--ca65381a-a1b4-47a9-8038-d42907522589", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.049044Z", "modified": "2026-06-02T15:57:33.049044Z", "name": "Part of Dec 2024 Cyberhaven supply chain campaign", "description": "Malicious browser extension campaign: Part of Dec 2024 Cyberhaven supply chain campaign", "malware_types": ["spyware", "credential-stealer"], "is_family": true, "first_seen": "2024-12-24T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.083476Z", "modified": "2026-06-02T15:57:33.083476Z", "name": "GitLab TamperedChef campaign", "description": "Malicious browser extension campaign: GitLab TamperedChef campaign", "malware_types": ["adware"], "is_family": true, "first_seen": "2025-02-13T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--e7e4a457-8c36-4541-b068-29e0b2a67c38", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.102527Z", "modified": "2026-06-02T15:57:33.102527Z", "name": "BiScience/Urban Cybersecurity AI chat harvesting", "description": "Malicious browser extension campaign: BiScience/Urban Cybersecurity AI chat harvesting", "malware_types": ["spyware"], "is_family": true, "first_seen": "2025-12-15T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--9c431e34-bd5c-4385-a893-98dfe373cf1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.105068Z", "modified": "2026-06-02T15:57:33.105068Z", "name": "AITOPIA impersonator campaign", "description": "Malicious browser extension campaign: AITOPIA impersonator campaign", "malware_types": ["spyware"], "is_family": true, "first_seen": "2025-12-29T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--499903e6-888d-4d8d-9549-8c43f6753805", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.107562Z", "modified": "2026-06-02T15:57:33.107562Z", "name": "RedDirection campaign", "description": "Malicious browser extension campaign: RedDirection campaign", "malware_types": ["spyware", "adware"], "is_family": true, "first_seen": "2025-07-08T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.122157Z", "modified": "2026-06-02T15:57:33.122157Z", "name": "Palant serasearchtop", "description": "Malicious browser extension campaign: Palant serasearchtop", "malware_types": ["adware", "spyware"], "is_family": true, "first_seen": "2023-05-16T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--311e3b9a-a699-4e99-92bd-0315ae109b2d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.159898Z", "modified": "2026-06-02T15:57:33.159898Z", "name": "McAfee affiliate fraud campaign", "description": "Malicious browser extension campaign: McAfee affiliate fraud campaign", "malware_types": ["adware", "spyware"], "is_family": true, "first_seen": "2022-08-31T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--4f20ea30-34d4-409e-a474-20b75c276fa4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.164758Z", "modified": "2026-06-02T15:57:33.164758Z", "name": "Dormant Colors campaign", "description": "Malicious browser extension campaign: Dormant Colors campaign", "malware_types": ["adware"], "is_family": true, "first_seen": "2022-10-25T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--256c8f86-0f4e-450f-a1dc-c2bec1e289bf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.166167Z", "modified": "2026-06-02T15:57:33.166167Z", "name": "SearchBlox Roblox backdoor", "description": "Malicious browser extension campaign: SearchBlox Roblox backdoor", "malware_types": ["credential-stealer"], "is_family": true, "first_seen": "2022-11-23T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.168571Z", "modified": "2026-06-02T15:57:33.168571Z", "name": "Krebs/Nguyen fake brand extension network", "description": "Malicious browser extension campaign: Krebs/Nguyen fake brand extension network", "malware_types": ["credential-stealer"], "is_family": true, "first_seen": "2021-05-29T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--033f848f-700e-4c4f-af76-e802eaf69b5e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.186587Z", "modified": "2026-06-02T15:57:33.186587Z", "name": "ReasonLabs cashback killer campaign", "description": "Malicious browser extension campaign: ReasonLabs cashback killer campaign", "malware_types": ["adware", "spyware"], "is_family": true, "first_seen": "2023-12-20T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--08233d9f-925d-4150-8de5-5117a0118a00", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.190101Z", "modified": "2026-06-02T15:57:33.190101Z", "name": "PCVARK malicious ad blocker cluster", "description": "Malicious browser extension campaign: PCVARK malicious ad blocker cluster", "malware_types": ["adware", "spyware"], "is_family": true, "first_seen": "2023-06-05T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.19616Z", "modified": "2026-06-02T15:57:33.19616Z", "name": "Palant Jun 2023 affiliate fraud cluster", "description": "Malicious browser extension campaign: Palant Jun 2023 affiliate fraud cluster", "malware_types": ["adware"], "is_family": true, "first_seen": "2023-06-08T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--1f15d1df-83bb-40fc-886f-481572848476", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.311709Z", "modified": "2026-06-02T15:57:33.311709Z", "name": "Palant cluster C000003 \u2014 distinct subcluster within Jun 2023 affiliate fraud cam", "description": "Malicious browser extension campaign: Palant cluster C000003 \u2014 distinct subcluster within Jun 2023 affiliate fraud cam", "malware_types": ["adware"], "is_family": true, "first_seen": "2023-06-08T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--7ec6ead0-df30-4c4c-9627-068538985824", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.316489Z", "modified": "2026-06-02T15:57:33.316489Z", "name": "Browser game extensions abusing broad host permissions", "description": "Malicious browser extension campaign: Browser game extensions abusing broad host permissions", "malware_types": ["adware", "spyware"], "is_family": true, "first_seen": "2023-06-14T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--51692bc1-8bf5-4bda-89c2-471e2f6f5ff2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.331767Z", "modified": "2026-06-02T15:57:33.331767Z", "name": "ShadyPanda Phase 3 RCE backdoor", "description": "Malicious browser extension campaign: ShadyPanda Phase 3 RCE backdoor", "malware_types": ["spyware", "credential-stealer"], "is_family": true, "first_seen": "2025-12-01T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.337994Z", "modified": "2026-06-02T15:57:33.337994Z", "name": "ShadyPanda Phase 1/2 affiliate fraud + search hijacking", "description": "Malicious browser extension campaign: ShadyPanda Phase 1/2 affiliate fraud + search hijacking", "malware_types": ["adware", "spyware"], "is_family": true, "first_seen": "2025-12-01T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.362619Z", "modified": "2026-06-02T15:57:33.362619Z", "name": "ShadyPanda Phase 4 Edge spyware", "description": "Malicious browser extension campaign: ShadyPanda Phase 4 Edge spyware", "malware_types": ["spyware"], "is_family": true, "first_seen": "2025-12-01T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--98837265-0f98-4152-bb0a-fec841286748", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.378471Z", "modified": "2026-06-02T15:57:33.378471Z", "name": "Krebs/Nguyen May 2021 fake brand extension network", "description": "Malicious browser extension campaign: Krebs/Nguyen May 2021 fake brand extension network", "malware_types": ["credential-stealer"], "is_family": true, "first_seen": "2021-05-29T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.392129Z", "modified": "2026-06-02T15:57:33.392129Z", "name": "DarkSpectre", "description": "Malicious browser extension campaign: DarkSpectre", "malware_types": ["spyware", "adware"], "is_family": true, "first_seen": "2025-12-30T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--15211aa2-69b0-4854-a89f-1a70cb5cf1fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.435947Z", "modified": "2026-06-02T15:57:33.435947Z", "name": "VK Styles campaign", "description": "Malicious browser extension campaign: VK Styles campaign", "malware_types": ["credential-stealer", "spyware", "adware"], "is_family": true, "first_seen": "2026-02-12T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--1a75a2e3-6683-48ab-932f-ca091c82b6c6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.437321Z", "modified": "2026-06-02T15:57:33.437321Z", "name": "Cyberhaven Dec 2024 OAuth phishing supply chain attack", "description": "Malicious browser extension campaign: Cyberhaven Dec 2024 OAuth phishing supply chain attack", "malware_types": ["spyware", "credential-stealer"], "is_family": true, "first_seen": "2025-01-01T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--dc9ea46b-b274-4038-99fd-c61319e96162", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.441832Z", "modified": "2026-06-02T15:57:33.441832Z", "name": "RedDirection / Koi Security Jul 2025 campaign", "description": "Malicious browser extension campaign: RedDirection / Koi Security Jul 2025 campaign", "malware_types": ["adware", "spyware"], "is_family": true, "first_seen": "2025-07-09T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--e276c33d-8078-4c1a-a70f-570644328914", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.451193Z", "modified": "2026-06-02T15:57:33.451193Z", "name": "Secure Annex unknow", "description": "Malicious browser extension campaign: Secure Annex unknow", "malware_types": ["spyware"], "is_family": true, "first_seen": "2025-04-10T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--38103490-5fc4-4c54-96df-f98dd6bbf562", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.454919Z", "modified": "2026-06-02T15:57:33.454919Z", "name": "adindex ad fraud campaign (Palant Feb 2025)", "description": "Malicious browser extension campaign: adindex ad fraud campaign (Palant Feb 2025)", "malware_types": ["adware"], "is_family": true, "first_seen": "2025-02-03T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.465612Z", "modified": "2026-06-02T15:57:33.465612Z", "name": "Two overlapping malicious extension clusters: Phoenix Invicta extensions circumv", "description": "Malicious browser extension campaign: Two overlapping malicious extension clusters: Phoenix Invicta extensions circumv", "malware_types": ["spyware", "adware", "credential-stealer"], "is_family": true, "first_seen": "2025-01-20T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.48997Z", "modified": "2026-06-02T15:57:33.48997Z", "name": "Source: https://github", "description": "Malicious browser extension campaign: Source: https://github", "malware_types": ["malware"], "is_family": true, "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.491276Z", "modified": "2026-06-02T15:57:33.491276Z", "name": "Socket April 2026 MaaS campaign", "description": "Malicious browser extension campaign: Socket April 2026 MaaS campaign", "malware_types": ["credential-stealer", "spyware"], "is_family": true, "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.601627Z", "modified": "2026-06-02T15:57:33.601627Z", "name": "Stub entry imported from malicious_extension_sentry", "description": "Malicious browser extension campaign: Stub entry imported from malicious_extension_sentry", "malware_types": ["malware"], "is_family": true, "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.60585Z", "modified": "2026-06-02T15:57:33.60585Z", "name": "DBX Tecnologia / Grupo OPT WhatsApp automation campaign", "description": "Malicious browser extension campaign: DBX Tecnologia / Grupo OPT WhatsApp automation campaign", "malware_types": ["adware", "spyware"], "is_family": true, "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--7c1a1e38-e78a-455f-be97-baedc4781596", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.647601Z", "modified": "2026-06-02T15:57:33.647601Z", "name": "Stage 5A static analysis confirmed malicious behavior", "description": "Malicious browser extension campaign: Stage 5A static analysis confirmed malicious behavior", "malware_types": ["malware"], "is_family": true, "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.649939Z", "modified": "2026-06-02T15:57:33.649939Z", "name": "YowGames cursor farm", "description": "Malicious browser extension campaign: YowGames cursor farm", "malware_types": ["adware", "spyware"], "is_family": true, "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--8844a8fc-39a8-47b6-a7e7-a547bb298c48", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.730673Z", "modified": "2026-06-02T15:57:33.730673Z", "name": "Pixatab new tab hijacking cluster", "description": "Malicious browser extension campaign: Pixatab new tab hijacking cluster", "malware_types": ["adware"], "is_family": true, "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.790341Z", "modified": "2026-06-02T15:57:33.790341Z", "name": "TabPlugins cursor farm", "description": "Malicious browser extension campaign: TabPlugins cursor farm", "malware_types": ["adware"], "is_family": true, "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.199858Z", "modified": "2026-06-02T15:57:35.199858Z", "name": "Stub entry imported from gnyman/chromium-mal-ids", "description": "Malicious browser extension campaign: Stub entry imported from gnyman/chromium-mal-ids", "malware_types": ["malware"], "is_family": true, "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--fd1fe44f-7eeb-4e9c-9024-9b480cfc75cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.217584Z", "modified": "2026-06-02T15:57:35.217584Z", "name": "Unit 42 Feb 2026 AI-accelerated malicious extension campaign", "description": "Malicious browser extension campaign: Unit 42 Feb 2026 AI-accelerated malicious extension campaign", "malware_types": ["malware"], "is_family": true, "first_seen": "2026-02-20T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.218971Z", "modified": "2026-06-02T15:57:35.218971Z", "name": "Policy Violation", "description": "Malicious browser extension campaign: Policy Violation", "malware_types": ["malware"], "is_family": true, "first_seen": "2026-05-31T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.234105Z", "modified": "2026-06-02T15:57:35.234105Z", "name": "Malware", "description": "Malicious browser extension campaign: Malware", "malware_types": ["malware"], "is_family": true, "first_seen": "2026-05-28T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "malware", "spec_version": "2.1", "id": "malware--a06184f1-eb8d-4cdc-a998-82567090d293", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.23743Z", "modified": "2026-06-02T15:57:35.23743Z", "name": "Bundling Unwanted Software", "description": "Malicious browser extension campaign: Bundling Unwanted Software", "malware_types": ["malware"], "is_family": true, "first_seen": "2026-05-28T00:00:00Z", "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d1cf1ee4-9953-4d18-9e7a-4419f231cbe8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.326727Z", "modified": "2026-06-02T15:57:32.326727Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (acmnokigkgihogfbeooklgemindnbine) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acmnokigkgihogfbeooklgemindnbine']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:acmnokigkgihogfbeooklgemindnbine", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acmnokigkgihogfbeooklgemindnbine", "external_id": "acmnokigkgihogfbeooklgemindnbine"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7e4cb1f2-b98c-4f5c-b023-db6662d0613e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.334442Z", "modified": "2026-06-02T15:57:32.334442Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (apgohnlmnmkblgfplgnlmkjcpocgfomp) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/apgohnlmnmkblgfplgnlmkjcpocgfomp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:apgohnlmnmkblgfplgnlmkjcpocgfomp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/apgohnlmnmkblgfplgnlmkjcpocgfomp", "external_id": "apgohnlmnmkblgfplgnlmkjcpocgfomp"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--14a9da13-a2e1-4d22-a1a7-5da5de39689c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.335947Z", "modified": "2026-06-02T15:57:32.335947Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (apjnadhmhgdobcdanndaphcpmnjbnfng) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/apjnadhmhgdobcdanndaphcpmnjbnfng']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:apjnadhmhgdobcdanndaphcpmnjbnfng", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/apjnadhmhgdobcdanndaphcpmnjbnfng", "external_id": "apjnadhmhgdobcdanndaphcpmnjbnfng"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--72cb94c6-01ac-4573-aac5-d02948c4fcde", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.337342Z", "modified": "2026-06-02T15:57:32.337342Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bahkljhhdeciiaodlkppoonappfnheoi) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bahkljhhdeciiaodlkppoonappfnheoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bahkljhhdeciiaodlkppoonappfnheoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bahkljhhdeciiaodlkppoonappfnheoi", "external_id": "bahkljhhdeciiaodlkppoonappfnheoi"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e4439165-3f80-4bbc-8270-36e30d2e3e29", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.338704Z", "modified": "2026-06-02T15:57:32.338704Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bannaglhmenocdjcmlkhkcciioaepfpj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bannaglhmenocdjcmlkhkcciioaepfpj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bannaglhmenocdjcmlkhkcciioaepfpj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bannaglhmenocdjcmlkhkcciioaepfpj", "external_id": "bannaglhmenocdjcmlkhkcciioaepfpj"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a27a8d93-05f2-4ff6-ab0a-26d6788f2421", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.339931Z", "modified": "2026-06-02T15:57:32.339931Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bgffinjklipdhacmidehoncomokcmjmh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bgffinjklipdhacmidehoncomokcmjmh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bgffinjklipdhacmidehoncomokcmjmh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bgffinjklipdhacmidehoncomokcmjmh", "external_id": "bgffinjklipdhacmidehoncomokcmjmh"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8f780067-6881-4c1e-ac1b-08f201434bff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.341066Z", "modified": "2026-06-02T15:57:32.341066Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bifdhahddjbdbjmiekcnmeiffabcfjgh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bifdhahddjbdbjmiekcnmeiffabcfjgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bifdhahddjbdbjmiekcnmeiffabcfjgh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bifdhahddjbdbjmiekcnmeiffabcfjgh", "external_id": "bifdhahddjbdbjmiekcnmeiffabcfjgh"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d625d11c-1625-4724-b916-7e0edd9f8913", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.342198Z", "modified": "2026-06-02T15:57:32.342198Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bjpknhldlbknoidifkjnnkpginjgkgnm) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bjpknhldlbknoidifkjnnkpginjgkgnm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bjpknhldlbknoidifkjnnkpginjgkgnm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bjpknhldlbknoidifkjnnkpginjgkgnm", "external_id": "bjpknhldlbknoidifkjnnkpginjgkgnm"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2e55acbd-d576-4d56-9e8f-5d293adc0f27", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.343542Z", "modified": "2026-06-02T15:57:32.343542Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (blngdeeenccpfjbkolalandfmiinhkak) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/blngdeeenccpfjbkolalandfmiinhkak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:blngdeeenccpfjbkolalandfmiinhkak", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/blngdeeenccpfjbkolalandfmiinhkak", "external_id": "blngdeeenccpfjbkolalandfmiinhkak"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ebb88e00-eb11-467e-8a28-d1c791af899e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.344691Z", "modified": "2026-06-02T15:57:32.344691Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ccdfhjebekpopcelcfkpgagbehppkadi) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ccdfhjebekpopcelcfkpgagbehppkadi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ccdfhjebekpopcelcfkpgagbehppkadi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ccdfhjebekpopcelcfkpgagbehppkadi", "external_id": "ccdfhjebekpopcelcfkpgagbehppkadi"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e73943c6-bde1-4d3d-868e-c690f074a7e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.345819Z", "modified": "2026-06-02T15:57:32.345819Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cceejgojinihpakmciijfdgafhpchigo) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cceejgojinihpakmciijfdgafhpchigo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cceejgojinihpakmciijfdgafhpchigo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cceejgojinihpakmciijfdgafhpchigo", "external_id": "cceejgojinihpakmciijfdgafhpchigo"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ac1d854a-38f1-4df8-8a3c-335bf4f9c732", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.347059Z", "modified": "2026-06-02T15:57:32.347059Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cebjhmljaodmgmcaecenghhikkjdfabo) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cebjhmljaodmgmcaecenghhikkjdfabo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cebjhmljaodmgmcaecenghhikkjdfabo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cebjhmljaodmgmcaecenghhikkjdfabo", "external_id": "cebjhmljaodmgmcaecenghhikkjdfabo"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1b7b2530-f53a-47ca-81cb-21ed946d97e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.348222Z", "modified": "2026-06-02T15:57:32.348222Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (chbpnonhcgdbcpicacolalkgjlcjkbbd) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/chbpnonhcgdbcpicacolalkgjlcjkbbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:chbpnonhcgdbcpicacolalkgjlcjkbbd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/chbpnonhcgdbcpicacolalkgjlcjkbbd", "external_id": "chbpnonhcgdbcpicacolalkgjlcjkbbd"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3dd72257-9eb1-40d8-8603-8f2ef183b191", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.349306Z", "modified": "2026-06-02T15:57:32.349306Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cifafogcmckphmnbeipgkpfbjphmajbc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cifafogcmckphmnbeipgkpfbjphmajbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cifafogcmckphmnbeipgkpfbjphmajbc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cifafogcmckphmnbeipgkpfbjphmajbc", "external_id": "cifafogcmckphmnbeipgkpfbjphmajbc"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--56f0c4da-d1ec-413d-be18-62e0cdeaedcd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.350381Z", "modified": "2026-06-02T15:57:32.350381Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (clopbiaijcfolfmjebjinippgmdkkppj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/clopbiaijcfolfmjebjinippgmdkkppj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:clopbiaijcfolfmjebjinippgmdkkppj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/clopbiaijcfolfmjebjinippgmdkkppj", "external_id": "clopbiaijcfolfmjebjinippgmdkkppj"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6a16b873-350b-4f49-9c86-e3736ed9ef9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.35147Z", "modified": "2026-06-02T15:57:32.35147Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cpgoblgcfemdmaolmfhpoifikehgbjbf) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cpgoblgcfemdmaolmfhpoifikehgbjbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cpgoblgcfemdmaolmfhpoifikehgbjbf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cpgoblgcfemdmaolmfhpoifikehgbjbf", "external_id": "cpgoblgcfemdmaolmfhpoifikehgbjbf"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0ca2da1f-6b31-43d7-8d0c-0cd8dacca43a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.35254Z", "modified": "2026-06-02T15:57:32.35254Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dcmjopnlojhkngkmagminjbiahokmfig) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dcmjopnlojhkngkmagminjbiahokmfig']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dcmjopnlojhkngkmagminjbiahokmfig", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dcmjopnlojhkngkmagminjbiahokmfig", "external_id": "dcmjopnlojhkngkmagminjbiahokmfig"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--586761c2-d55c-4d48-9ab5-ab5b82150356", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.353622Z", "modified": "2026-06-02T15:57:32.353622Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (deiiiklocnibjflinkfmefpofgcfhdga) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/deiiiklocnibjflinkfmefpofgcfhdga']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:deiiiklocnibjflinkfmefpofgcfhdga", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/deiiiklocnibjflinkfmefpofgcfhdga", "external_id": "deiiiklocnibjflinkfmefpofgcfhdga"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eb38a18e-a904-4824-8cb3-983f038e472e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.354869Z", "modified": "2026-06-02T15:57:32.354869Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dipecofobdcjnpffbkmfkdbfmjfjfgmn) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dipecofobdcjnpffbkmfkdbfmjfjfgmn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dipecofobdcjnpffbkmfkdbfmjfjfgmn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dipecofobdcjnpffbkmfkdbfmjfjfgmn", "external_id": "dipecofobdcjnpffbkmfkdbfmjfjfgmn"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fa3f1f1d-6ed9-4665-afc4-932e5ee818d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.355961Z", "modified": "2026-06-02T15:57:32.355961Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dopkmmcoegcjggfanajnindneifffpck) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dopkmmcoegcjggfanajnindneifffpck']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dopkmmcoegcjggfanajnindneifffpck", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dopkmmcoegcjggfanajnindneifffpck", "external_id": "dopkmmcoegcjggfanajnindneifffpck"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--35d35351-3b5c-4589-a197-fafb4e136085", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.357029Z", "modified": "2026-06-02T15:57:32.357029Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dopmojabcdlfbnppmjeaajclohofnbol) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dopmojabcdlfbnppmjeaajclohofnbol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dopmojabcdlfbnppmjeaajclohofnbol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dopmojabcdlfbnppmjeaajclohofnbol", "external_id": "dopmojabcdlfbnppmjeaajclohofnbol"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2de4358e-59f8-4653-bec8-ab8fc583a94e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.358104Z", "modified": "2026-06-02T15:57:32.358104Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (edcepmkpdojmciieeijebkodahjfliif) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edcepmkpdojmciieeijebkodahjfliif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:edcepmkpdojmciieeijebkodahjfliif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edcepmkpdojmciieeijebkodahjfliif", "external_id": "edcepmkpdojmciieeijebkodahjfliif"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ffc0aac1-bd4c-46e2-acee-a5cf67fa6875", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.359187Z", "modified": "2026-06-02T15:57:32.359187Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ekbecnhekcpbfgdchfjcfmnocdfpcanj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekbecnhekcpbfgdchfjcfmnocdfpcanj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekbecnhekcpbfgdchfjcfmnocdfpcanj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekbecnhekcpbfgdchfjcfmnocdfpcanj", "external_id": "ekbecnhekcpbfgdchfjcfmnocdfpcanj"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4dfa900c-d430-437b-b86d-7c2dd5b2b12f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.360266Z", "modified": "2026-06-02T15:57:32.360266Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (elflophcopcglipligoibfejllmndhmp) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/elflophcopcglipligoibfejllmndhmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:elflophcopcglipligoibfejllmndhmp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/elflophcopcglipligoibfejllmndhmp", "external_id": "elflophcopcglipligoibfejllmndhmp"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1dfce761-e890-4a64-a633-58bc496349e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.361342Z", "modified": "2026-06-02T15:57:32.361342Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eogfeijdemimhpfhlpjoifeckijeejkc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eogfeijdemimhpfhlpjoifeckijeejkc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eogfeijdemimhpfhlpjoifeckijeejkc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eogfeijdemimhpfhlpjoifeckijeejkc", "external_id": "eogfeijdemimhpfhlpjoifeckijeejkc"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--61ba1bba-006d-4f9d-9f06-b3c1d3f9ff14", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.362576Z", "modified": "2026-06-02T15:57:32.362576Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fcobokliblbalmjmahdebcdalglnieii) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fcobokliblbalmjmahdebcdalglnieii']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fcobokliblbalmjmahdebcdalglnieii", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fcobokliblbalmjmahdebcdalglnieii", "external_id": "fcobokliblbalmjmahdebcdalglnieii"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--093136b2-d4bd-4176-aab7-b62ade152dad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.363656Z", "modified": "2026-06-02T15:57:32.363656Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fgafnjobnempajahhgebbbpkpegcdlbf) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fgafnjobnempajahhgebbbpkpegcdlbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fgafnjobnempajahhgebbbpkpegcdlbf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fgafnjobnempajahhgebbbpkpegcdlbf", "external_id": "fgafnjobnempajahhgebbbpkpegcdlbf"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4c4523b4-caf0-4bf3-9c07-6f0269fc8bb3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.364722Z", "modified": "2026-06-02T15:57:32.364722Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fgcomdacecoimaejookmlcfogngmfmli) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fgcomdacecoimaejookmlcfogngmfmli']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fgcomdacecoimaejookmlcfogngmfmli", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fgcomdacecoimaejookmlcfogngmfmli", "external_id": "fgcomdacecoimaejookmlcfogngmfmli"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f2d9bacf-478a-47dd-b4e1-dab5bde3b9f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.365783Z", "modified": "2026-06-02T15:57:32.365783Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fgmeppijnhhafacemgoocgelcflipnfd) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fgmeppijnhhafacemgoocgelcflipnfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fgmeppijnhhafacemgoocgelcflipnfd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fgmeppijnhhafacemgoocgelcflipnfd", "external_id": "fgmeppijnhhafacemgoocgelcflipnfd"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--09580681-7bd8-4a83-9dd7-2caecd74c67f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.36685Z", "modified": "2026-06-02T15:57:32.36685Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fhanjgcjamaagccdkanegeefdpdkeban) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fhanjgcjamaagccdkanegeefdpdkeban']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fhanjgcjamaagccdkanegeefdpdkeban", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fhanjgcjamaagccdkanegeefdpdkeban", "external_id": "fhanjgcjamaagccdkanegeefdpdkeban"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3af8b0c1-2669-4cd7-868c-f9660205dccc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.367931Z", "modified": "2026-06-02T15:57:32.367931Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (flfkimeelfnpapcgmobfgfifhackkend) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flfkimeelfnpapcgmobfgfifhackkend']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:flfkimeelfnpapcgmobfgfifhackkend", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flfkimeelfnpapcgmobfgfifhackkend", "external_id": "flfkimeelfnpapcgmobfgfifhackkend"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b8cc34ab-758d-40cb-a499-ca442e857de0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.368985Z", "modified": "2026-06-02T15:57:32.368985Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fmahbaepkpdimfcjpopjklankbbhdobk) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmahbaepkpdimfcjpopjklankbbhdobk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmahbaepkpdimfcjpopjklankbbhdobk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmahbaepkpdimfcjpopjklankbbhdobk", "external_id": "fmahbaepkpdimfcjpopjklankbbhdobk"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c2deaf65-5edb-460e-ad73-693fb51c31bb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.370203Z", "modified": "2026-06-02T15:57:32.370203Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (foebfmkeamadbhjcdglihfijdaohomlm) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/foebfmkeamadbhjcdglihfijdaohomlm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:foebfmkeamadbhjcdglihfijdaohomlm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/foebfmkeamadbhjcdglihfijdaohomlm", "external_id": "foebfmkeamadbhjcdglihfijdaohomlm"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a107eb29-b7f0-4ca0-82ae-a87113268049", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.371276Z", "modified": "2026-06-02T15:57:32.371276Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fpngnlpmkfkhodklbljnncdcmkiopide) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fpngnlpmkfkhodklbljnncdcmkiopide']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fpngnlpmkfkhodklbljnncdcmkiopide", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fpngnlpmkfkhodklbljnncdcmkiopide", "external_id": "fpngnlpmkfkhodklbljnncdcmkiopide"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d5ba5a65-6dcf-43ee-9278-6cdf9a807f79", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.372348Z", "modified": "2026-06-02T15:57:32.372348Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gdifegeihkihjbkkgdijkcpkjekoicbl) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gdifegeihkihjbkkgdijkcpkjekoicbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gdifegeihkihjbkkgdijkcpkjekoicbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gdifegeihkihjbkkgdijkcpkjekoicbl", "external_id": "gdifegeihkihjbkkgdijkcpkjekoicbl"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4dc586ba-6514-4592-b678-08e14e071a6f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.373413Z", "modified": "2026-06-02T15:57:32.373413Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gfcmbgjehfhemioddkpcipehdfnjmief) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gfcmbgjehfhemioddkpcipehdfnjmief']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gfcmbgjehfhemioddkpcipehdfnjmief", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gfcmbgjehfhemioddkpcipehdfnjmief", "external_id": "gfcmbgjehfhemioddkpcipehdfnjmief"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ed3f52e7-e50d-4989-bb56-cab6bcf46a08", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.374465Z", "modified": "2026-06-02T15:57:32.374465Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gfdefkjpjdbiiclhimebabkmclmiiegk) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gfdefkjpjdbiiclhimebabkmclmiiegk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gfdefkjpjdbiiclhimebabkmclmiiegk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gfdefkjpjdbiiclhimebabkmclmiiegk", "external_id": "gfdefkjpjdbiiclhimebabkmclmiiegk"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7df01931-ab10-4ad1-a839-5a95cbb567cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.375531Z", "modified": "2026-06-02T15:57:32.375531Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ggijmaajgdkdijomfipnpdfijcnodpip) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ggijmaajgdkdijomfipnpdfijcnodpip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ggijmaajgdkdijomfipnpdfijcnodpip", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ggijmaajgdkdijomfipnpdfijcnodpip", "external_id": "ggijmaajgdkdijomfipnpdfijcnodpip"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fe918439-2c85-44c2-9f2f-558142d62c4a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.376584Z", "modified": "2026-06-02T15:57:32.376584Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ghgjhnkjohlnmngbniijbkidigifekaa) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ghgjhnkjohlnmngbniijbkidigifekaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ghgjhnkjohlnmngbniijbkidigifekaa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ghgjhnkjohlnmngbniijbkidigifekaa", "external_id": "ghgjhnkjohlnmngbniijbkidigifekaa"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--30ab8087-f6ab-4307-a0f9-4f6c8efe6f57", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.377789Z", "modified": "2026-06-02T15:57:32.377789Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gllihgnfnbpdmnppfjdlkciijkddfohn) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gllihgnfnbpdmnppfjdlkciijkddfohn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gllihgnfnbpdmnppfjdlkciijkddfohn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gllihgnfnbpdmnppfjdlkciijkddfohn", "external_id": "gllihgnfnbpdmnppfjdlkciijkddfohn"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--35ee779c-bc56-49fa-9272-e140e9df11f8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.378877Z", "modified": "2026-06-02T15:57:32.378877Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gmmohhcojdhgbjjahhpkfhbapgcfgfne) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gmmohhcojdhgbjjahhpkfhbapgcfgfne']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gmmohhcojdhgbjjahhpkfhbapgcfgfne", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gmmohhcojdhgbjjahhpkfhbapgcfgfne", "external_id": "gmmohhcojdhgbjjahhpkfhbapgcfgfne"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cdce8581-5856-4b47-95b4-a748f51df994", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.379978Z", "modified": "2026-06-02T15:57:32.379978Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gofhadkfcffpjdbonbladicjdbkpickk) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gofhadkfcffpjdbonbladicjdbkpickk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gofhadkfcffpjdbonbladicjdbkpickk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gofhadkfcffpjdbonbladicjdbkpickk", "external_id": "gofhadkfcffpjdbonbladicjdbkpickk"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--58d5fbb6-3e2f-46b8-8f5b-7a5e59d63d7e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.381042Z", "modified": "2026-06-02T15:57:32.381042Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hapicipmkalhnklammmfdblkngahelln) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hapicipmkalhnklammmfdblkngahelln']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hapicipmkalhnklammmfdblkngahelln", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hapicipmkalhnklammmfdblkngahelln", "external_id": "hapicipmkalhnklammmfdblkngahelln"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--efa81e39-ef8e-47c8-b121-5a27cdf4a934", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.382118Z", "modified": "2026-06-02T15:57:32.382118Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hijipblimhboccjcnnjnjelcdmceeafa) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hijipblimhboccjcnnjnjelcdmceeafa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hijipblimhboccjcnnjnjelcdmceeafa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hijipblimhboccjcnnjnjelcdmceeafa", "external_id": "hijipblimhboccjcnnjnjelcdmceeafa"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4c66e113-202d-49a4-87ad-f67ef1f887b9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.383205Z", "modified": "2026-06-02T15:57:32.383205Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hmamdkecijcegebmhndhcihjjkndbjgk) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmamdkecijcegebmhndhcihjjkndbjgk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmamdkecijcegebmhndhcihjjkndbjgk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmamdkecijcegebmhndhcihjjkndbjgk", "external_id": "hmamdkecijcegebmhndhcihjjkndbjgk"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6b22e520-fd49-44ba-80e1-6a78faf1cd22", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.384293Z", "modified": "2026-06-02T15:57:32.384293Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hodfejbmfdhcgolcglcojkpfdjjdepji) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hodfejbmfdhcgolcglcojkpfdjjdepji']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hodfejbmfdhcgolcglcojkpfdjjdepji", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hodfejbmfdhcgolcglcojkpfdjjdepji", "external_id": "hodfejbmfdhcgolcglcojkpfdjjdepji"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b8e743cf-b13c-4944-a899-ab1efccd7a92", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.385523Z", "modified": "2026-06-02T15:57:32.385523Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hpfijbjnmddglpmogpaeofdbehkpball) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hpfijbjnmddglpmogpaeofdbehkpball']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hpfijbjnmddglpmogpaeofdbehkpball", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hpfijbjnmddglpmogpaeofdbehkpball", "external_id": "hpfijbjnmddglpmogpaeofdbehkpball"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2f9971ac-f3a1-4da7-b207-4f2d6cba2e11", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.386596Z", "modified": "2026-06-02T15:57:32.386596Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ianfonfnhjeidghdegbkbbjgliiciiic) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ianfonfnhjeidghdegbkbbjgliiciiic']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ianfonfnhjeidghdegbkbbjgliiciiic", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ianfonfnhjeidghdegbkbbjgliiciiic", "external_id": "ianfonfnhjeidghdegbkbbjgliiciiic"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f432787c-cab9-4b73-94ff-fda950576146", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.387682Z", "modified": "2026-06-02T15:57:32.387682Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ibfjiddieiljjjccjemgnoopkpmpniej) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ibfjiddieiljjjccjemgnoopkpmpniej']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ibfjiddieiljjjccjemgnoopkpmpniej", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ibfjiddieiljjjccjemgnoopkpmpniej", "external_id": "ibfjiddieiljjjccjemgnoopkpmpniej"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--093553bc-bcd0-4117-b278-2bc6e7fb4ab9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.38876Z", "modified": "2026-06-02T15:57:32.38876Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (inhdgbalcopmbpjfincjponejamhaeop) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/inhdgbalcopmbpjfincjponejamhaeop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:inhdgbalcopmbpjfincjponejamhaeop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/inhdgbalcopmbpjfincjponejamhaeop", "external_id": "inhdgbalcopmbpjfincjponejamhaeop"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--def76cd5-c07d-49ae-9e59-e712680e5bc1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.389817Z", "modified": "2026-06-02T15:57:32.389817Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iondldgmpaoekbgabgconiajpbkebkin) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iondldgmpaoekbgabgconiajpbkebkin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iondldgmpaoekbgabgconiajpbkebkin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iondldgmpaoekbgabgconiajpbkebkin", "external_id": "iondldgmpaoekbgabgconiajpbkebkin"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f7df439c-ddaf-4b3b-84cf-d75e7ff8a459", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.390886Z", "modified": "2026-06-02T15:57:32.390886Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ipagcbjbgailmjeaojmpiddflpbgjngl) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ipagcbjbgailmjeaojmpiddflpbgjngl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ipagcbjbgailmjeaojmpiddflpbgjngl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ipagcbjbgailmjeaojmpiddflpbgjngl", "external_id": "ipagcbjbgailmjeaojmpiddflpbgjngl"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--429d9c7d-fa8b-455c-9843-3c737b8e02a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.391952Z", "modified": "2026-06-02T15:57:32.391952Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jagbooldjnemiedoagckjomjegkopfno) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jagbooldjnemiedoagckjomjegkopfno']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jagbooldjnemiedoagckjomjegkopfno", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jagbooldjnemiedoagckjomjegkopfno", "external_id": "jagbooldjnemiedoagckjomjegkopfno"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--075b6898-91d5-483d-9a84-012e7a96155c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.393183Z", "modified": "2026-06-02T15:57:32.393183Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jdheollkkpfglhohnpgkonecdealeebn) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jdheollkkpfglhohnpgkonecdealeebn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jdheollkkpfglhohnpgkonecdealeebn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jdheollkkpfglhohnpgkonecdealeebn", "external_id": "jdheollkkpfglhohnpgkonecdealeebn"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dfc48089-4790-4fc6-a80d-a0328523887d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.394245Z", "modified": "2026-06-02T15:57:32.394245Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jfefcmidfkpncdkjkkghhmjkafanhiam) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jfefcmidfkpncdkjkkghhmjkafanhiam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jfefcmidfkpncdkjkkghhmjkafanhiam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jfefcmidfkpncdkjkkghhmjkafanhiam", "external_id": "jfefcmidfkpncdkjkkghhmjkafanhiam"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--72c076ee-fa7e-4262-b23f-41d76d2a6059", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.395307Z", "modified": "2026-06-02T15:57:32.395307Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jfgkpeobcmjlocjpfgocelimhppdmigj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jfgkpeobcmjlocjpfgocelimhppdmigj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jfgkpeobcmjlocjpfgocelimhppdmigj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jfgkpeobcmjlocjpfgocelimhppdmigj", "external_id": "jfgkpeobcmjlocjpfgocelimhppdmigj"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bba0b6fd-d50f-44a9-b07a-f71c216e42be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.396372Z", "modified": "2026-06-02T15:57:32.396372Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jghiljaagglmcdeopnjkfhcikjnddhhc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jghiljaagglmcdeopnjkfhcikjnddhhc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jghiljaagglmcdeopnjkfhcikjnddhhc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jghiljaagglmcdeopnjkfhcikjnddhhc", "external_id": "jghiljaagglmcdeopnjkfhcikjnddhhc"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a7757e68-6be1-44f9-aa01-d51ad02a984c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.397433Z", "modified": "2026-06-02T15:57:32.397433Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jgjakaebbliafihodjhpkpankimhckdf) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jgjakaebbliafihodjhpkpankimhckdf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jgjakaebbliafihodjhpkpankimhckdf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jgjakaebbliafihodjhpkpankimhckdf", "external_id": "jgjakaebbliafihodjhpkpankimhckdf"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9059221b-3caf-4246-9783-ada39524e0c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.398483Z", "modified": "2026-06-02T15:57:32.398483Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jiiinmeiedloeiabcgkdcbbpfelmbaff) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jiiinmeiedloeiabcgkdcbbpfelmbaff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jiiinmeiedloeiabcgkdcbbpfelmbaff", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jiiinmeiedloeiabcgkdcbbpfelmbaff", "external_id": "jiiinmeiedloeiabcgkdcbbpfelmbaff"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4353746c-79ac-451a-9cd6-7189fab20501", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.399558Z", "modified": "2026-06-02T15:57:32.399558Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jkdngiblfdmfjhiahibnnhcjncehcgab) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jkdngiblfdmfjhiahibnnhcjncehcgab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jkdngiblfdmfjhiahibnnhcjncehcgab", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jkdngiblfdmfjhiahibnnhcjncehcgab", "external_id": "jkdngiblfdmfjhiahibnnhcjncehcgab"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ca5a1c66-f581-4fee-9580-19645601e645", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.40079Z", "modified": "2026-06-02T15:57:32.40079Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jkofpdjclecgjcfomkaajhhmmhnninia) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jkofpdjclecgjcfomkaajhhmmhnninia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jkofpdjclecgjcfomkaajhhmmhnninia", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jkofpdjclecgjcfomkaajhhmmhnninia", "external_id": "jkofpdjclecgjcfomkaajhhmmhnninia"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8c59d02f-f374-4af7-8854-60c842b25a59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.401864Z", "modified": "2026-06-02T15:57:32.401864Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kbdbmddhlgckaggdapibpihadohhelao) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kbdbmddhlgckaggdapibpihadohhelao']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kbdbmddhlgckaggdapibpihadohhelao", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kbdbmddhlgckaggdapibpihadohhelao", "external_id": "kbdbmddhlgckaggdapibpihadohhelao"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--99e4b9d8-7a5e-4cc6-9f7e-faf5a6596fd8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.402941Z", "modified": "2026-06-02T15:57:32.402941Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (keceijnpfmmlnebgnkhojinbkopolaom) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/keceijnpfmmlnebgnkhojinbkopolaom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:keceijnpfmmlnebgnkhojinbkopolaom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/keceijnpfmmlnebgnkhojinbkopolaom", "external_id": "keceijnpfmmlnebgnkhojinbkopolaom"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b7597fb6-3f2b-4d01-a660-0f587137f22f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.404016Z", "modified": "2026-06-02T15:57:32.404016Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (khhemdcdllgomlbleegjdpbeflgbomcj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/khhemdcdllgomlbleegjdpbeflgbomcj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:khhemdcdllgomlbleegjdpbeflgbomcj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/khhemdcdllgomlbleegjdpbeflgbomcj", "external_id": "khhemdcdllgomlbleegjdpbeflgbomcj"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f70937f1-e995-4e88-9bde-21b6f457162a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.405073Z", "modified": "2026-06-02T15:57:32.405073Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kjdcopljcgiekkmjhinmcpioncofoclg) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjdcopljcgiekkmjhinmcpioncofoclg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjdcopljcgiekkmjhinmcpioncofoclg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjdcopljcgiekkmjhinmcpioncofoclg", "external_id": "kjdcopljcgiekkmjhinmcpioncofoclg"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ba45f874-28a3-451d-a7fa-5854374c849c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.406153Z", "modified": "2026-06-02T15:57:32.406153Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kjgaljeofmfgjfipajjeeflbknekghma) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjgaljeofmfgjfipajjeeflbknekghma']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjgaljeofmfgjfipajjeeflbknekghma", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjgaljeofmfgjfipajjeeflbknekghma", "external_id": "kjgaljeofmfgjfipajjeeflbknekghma"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--533a67cd-3da8-4514-83c7-5f5e778a2d41", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.407219Z", "modified": "2026-06-02T15:57:32.407219Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (labpefoeghdmpbfijhnnejdmnjccgplc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/labpefoeghdmpbfijhnnejdmnjccgplc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:labpefoeghdmpbfijhnnejdmnjccgplc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/labpefoeghdmpbfijhnnejdmnjccgplc", "external_id": "labpefoeghdmpbfijhnnejdmnjccgplc"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6d47557b-6349-4819-90a9-e4ea58f47205", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.409549Z", "modified": "2026-06-02T15:57:32.409549Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lameokaalbmnhgapanlloeichlbjloak) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lameokaalbmnhgapanlloeichlbjloak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lameokaalbmnhgapanlloeichlbjloak", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lameokaalbmnhgapanlloeichlbjloak", "external_id": "lameokaalbmnhgapanlloeichlbjloak"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fa0e98c6-dbfd-4618-86f3-f004d6173a8a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.410661Z", "modified": "2026-06-02T15:57:32.410661Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lbeekfefglldjjenkaekhnogoplpmfin) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lbeekfefglldjjenkaekhnogoplpmfin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lbeekfefglldjjenkaekhnogoplpmfin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lbeekfefglldjjenkaekhnogoplpmfin", "external_id": "lbeekfefglldjjenkaekhnogoplpmfin"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8eed9bca-7e78-4870-a63a-5976910a603e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.411778Z", "modified": "2026-06-02T15:57:32.411778Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lbhddhdfbcdcfbbbmimncbakkjobaedh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lbhddhdfbcdcfbbbmimncbakkjobaedh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lbhddhdfbcdcfbbbmimncbakkjobaedh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lbhddhdfbcdcfbbbmimncbakkjobaedh", "external_id": "lbhddhdfbcdcfbbbmimncbakkjobaedh"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fa0f122b-c139-4764-bffe-08ff3eaa8b15", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.412861Z", "modified": "2026-06-02T15:57:32.412861Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ldoiiiffclpggehajofeffljablcodif) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldoiiiffclpggehajofeffljablcodif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ldoiiiffclpggehajofeffljablcodif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldoiiiffclpggehajofeffljablcodif", "external_id": "ldoiiiffclpggehajofeffljablcodif"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6133fd68-9365-4b17-9fc6-1c7241c9d66f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.413933Z", "modified": "2026-06-02T15:57:32.413933Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lhjdepbplpkgmghgiphdjpnagpmhijbg) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lhjdepbplpkgmghgiphdjpnagpmhijbg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lhjdepbplpkgmghgiphdjpnagpmhijbg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lhjdepbplpkgmghgiphdjpnagpmhijbg", "external_id": "lhjdepbplpkgmghgiphdjpnagpmhijbg"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7c9ab1d5-96e6-452a-9b22-edc41fdcaca1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.415Z", "modified": "2026-06-02T15:57:32.415Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ljddilebjpmmomoppeemckhpilhmoaok) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljddilebjpmmomoppeemckhpilhmoaok']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljddilebjpmmomoppeemckhpilhmoaok", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljddilebjpmmomoppeemckhpilhmoaok", "external_id": "ljddilebjpmmomoppeemckhpilhmoaok"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--29499375-9dd0-4f3d-ae82-9d4a24432072", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.416087Z", "modified": "2026-06-02T15:57:32.416087Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ljnfpiodfojmjfbiechgkbkhikfbknjc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljnfpiodfojmjfbiechgkbkhikfbknjc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljnfpiodfojmjfbiechgkbkhikfbknjc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljnfpiodfojmjfbiechgkbkhikfbknjc", "external_id": "ljnfpiodfojmjfbiechgkbkhikfbknjc"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6c38ae7b-c855-4859-ac9a-408834c7bf62", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.417312Z", "modified": "2026-06-02T15:57:32.417312Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lnedcnepmplnjmfdiclhbfhneconamoj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lnedcnepmplnjmfdiclhbfhneconamoj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lnedcnepmplnjmfdiclhbfhneconamoj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lnedcnepmplnjmfdiclhbfhneconamoj", "external_id": "lnedcnepmplnjmfdiclhbfhneconamoj"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fb6790fb-c175-4b7a-b99b-5ca07252e0a1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.418385Z", "modified": "2026-06-02T15:57:32.418385Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lnlkgfpceclfhomgocnnenmadlhanghf) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lnlkgfpceclfhomgocnnenmadlhanghf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lnlkgfpceclfhomgocnnenmadlhanghf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lnlkgfpceclfhomgocnnenmadlhanghf", "external_id": "lnlkgfpceclfhomgocnnenmadlhanghf"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fcd9a027-494e-4f41-b609-73a159623a0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.419456Z", "modified": "2026-06-02T15:57:32.419456Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (loigeafmbglngofpkkddgobapkkcaena) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/loigeafmbglngofpkkddgobapkkcaena']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:loigeafmbglngofpkkddgobapkkcaena", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/loigeafmbglngofpkkddgobapkkcaena", "external_id": "loigeafmbglngofpkkddgobapkkcaena"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c581e43f-e722-411e-a5a3-ccebf854b863", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.42052Z", "modified": "2026-06-02T15:57:32.42052Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lpajppfbbiafpmbeompbinpigbemekcg) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lpajppfbbiafpmbeompbinpigbemekcg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lpajppfbbiafpmbeompbinpigbemekcg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lpajppfbbiafpmbeompbinpigbemekcg", "external_id": "lpajppfbbiafpmbeompbinpigbemekcg"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--54c15b2b-32cc-4ef9-9e16-2110817b34db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.421667Z", "modified": "2026-06-02T15:57:32.421667Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (majekhlfhmeeplofdolkddbecmgjgplm) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/majekhlfhmeeplofdolkddbecmgjgplm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:majekhlfhmeeplofdolkddbecmgjgplm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/majekhlfhmeeplofdolkddbecmgjgplm", "external_id": "majekhlfhmeeplofdolkddbecmgjgplm"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1ee3e774-dfdd-4d6c-b5e2-3d324a33f055", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.42276Z", "modified": "2026-06-02T15:57:32.42276Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mapafdeimlgplbahigmhneiibemhgcnc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mapafdeimlgplbahigmhneiibemhgcnc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mapafdeimlgplbahigmhneiibemhgcnc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mapafdeimlgplbahigmhneiibemhgcnc", "external_id": "mapafdeimlgplbahigmhneiibemhgcnc"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--22d6940d-c1fe-4f84-adfc-858c6ebd8dc0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.423839Z", "modified": "2026-06-02T15:57:32.423839Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mcfeaailfhmpdphgnheboncfiikfkenn) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mcfeaailfhmpdphgnheboncfiikfkenn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mcfeaailfhmpdphgnheboncfiikfkenn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mcfeaailfhmpdphgnheboncfiikfkenn", "external_id": "mcfeaailfhmpdphgnheboncfiikfkenn"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1ec3baaa-2607-4077-b956-7f80b79bd3d5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.425079Z", "modified": "2026-06-02T15:57:32.425079Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mgkjakldpclhkfadefnoncnjkiaffpkp) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mgkjakldpclhkfadefnoncnjkiaffpkp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mgkjakldpclhkfadefnoncnjkiaffpkp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mgkjakldpclhkfadefnoncnjkiaffpkp", "external_id": "mgkjakldpclhkfadefnoncnjkiaffpkp"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--80a87285-c037-4d76-bccd-87c8793ef7fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.426164Z", "modified": "2026-06-02T15:57:32.426164Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mhinpnedhapjlbgnhcifjdkklbeefbpa) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mhinpnedhapjlbgnhcifjdkklbeefbpa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mhinpnedhapjlbgnhcifjdkklbeefbpa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mhinpnedhapjlbgnhcifjdkklbeefbpa", "external_id": "mhinpnedhapjlbgnhcifjdkklbeefbpa"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6776fff1-4fc8-4cec-8de0-d8ec10903c2a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.427249Z", "modified": "2026-06-02T15:57:32.427249Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mihiainclhehjnklijgpokdpldjmjdap) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mihiainclhehjnklijgpokdpldjmjdap']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mihiainclhehjnklijgpokdpldjmjdap", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mihiainclhehjnklijgpokdpldjmjdap", "external_id": "mihiainclhehjnklijgpokdpldjmjdap"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--add1374c-0454-4b8d-9d20-dec10dd45975", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.428326Z", "modified": "2026-06-02T15:57:32.428326Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mmkakbkmcnchdopphcbphjioggaanmim) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmkakbkmcnchdopphcbphjioggaanmim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmkakbkmcnchdopphcbphjioggaanmim", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmkakbkmcnchdopphcbphjioggaanmim", "external_id": "mmkakbkmcnchdopphcbphjioggaanmim"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d3b89f1d-98ea-4d6a-936e-231d2b8de129", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.429407Z", "modified": "2026-06-02T15:57:32.429407Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mopkkgobjofbkkgemcidkndbglkcfhjj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mopkkgobjofbkkgemcidkndbglkcfhjj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mopkkgobjofbkkgemcidkndbglkcfhjj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mopkkgobjofbkkgemcidkndbglkcfhjj", "external_id": "mopkkgobjofbkkgemcidkndbglkcfhjj"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--216ab328-79db-44c8-bafe-07bb99ddc065", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.430471Z", "modified": "2026-06-02T15:57:32.430471Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mpifmhgignilkmeckejgamolchmgfdom) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mpifmhgignilkmeckejgamolchmgfdom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mpifmhgignilkmeckejgamolchmgfdom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mpifmhgignilkmeckejgamolchmgfdom", "external_id": "mpifmhgignilkmeckejgamolchmgfdom"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--02f552e1-66b4-4e55-88ae-9bfcba76d3d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.431545Z", "modified": "2026-06-02T15:57:32.431545Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nabmpeienmkmicpjckkgihobgleppbkc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nabmpeienmkmicpjckkgihobgleppbkc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nabmpeienmkmicpjckkgihobgleppbkc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nabmpeienmkmicpjckkgihobgleppbkc", "external_id": "nabmpeienmkmicpjckkgihobgleppbkc"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--073e1f0f-f30a-4bce-825e-41bf05b4a960", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.43278Z", "modified": "2026-06-02T15:57:32.43278Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nahhmpbckpgdidfnmfkfgiflpjijilce) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nahhmpbckpgdidfnmfkfgiflpjijilce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nahhmpbckpgdidfnmfkfgiflpjijilce", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nahhmpbckpgdidfnmfkfgiflpjijilce", "external_id": "nahhmpbckpgdidfnmfkfgiflpjijilce"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--864e7f93-4152-47a9-ab1e-85cb3f207ae6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.433867Z", "modified": "2026-06-02T15:57:32.433867Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ncepfbpjhkahgdemgmjmcgbgnfdinnhk) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ncepfbpjhkahgdemgmjmcgbgnfdinnhk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ncepfbpjhkahgdemgmjmcgbgnfdinnhk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ncepfbpjhkahgdemgmjmcgbgnfdinnhk", "external_id": "ncepfbpjhkahgdemgmjmcgbgnfdinnhk"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7b1edc97-5bd9-42b6-96c6-695d130219ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.434951Z", "modified": "2026-06-02T15:57:32.434951Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (npaklgbiblcbpokaiddpmmbknncnbljb) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/npaklgbiblcbpokaiddpmmbknncnbljb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:npaklgbiblcbpokaiddpmmbknncnbljb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/npaklgbiblcbpokaiddpmmbknncnbljb", "external_id": "npaklgbiblcbpokaiddpmmbknncnbljb"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6eb5512d-1b9b-4179-a018-20af5a1eb38c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.436034Z", "modified": "2026-06-02T15:57:32.436034Z", "name": "Malicious Extension: Browsing Protector", "description": "Malicious browser extension: Browsing Protector (npdfkclmbnoklkdebjfodpendkepbjek) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/npdfkclmbnoklkdebjfodpendkepbjek']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:npdfkclmbnoklkdebjfodpendkepbjek", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/npdfkclmbnoklkdebjfodpendkepbjek", "external_id": "npdfkclmbnoklkdebjfodpendkepbjek"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--73cc64ec-c4db-46ec-85ef-334a4fdcc117", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.437102Z", "modified": "2026-06-02T15:57:32.437102Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nplenkhhmalidgamfdejkblbaihndkcm) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nplenkhhmalidgamfdejkblbaihndkcm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nplenkhhmalidgamfdejkblbaihndkcm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nplenkhhmalidgamfdejkblbaihndkcm", "external_id": "nplenkhhmalidgamfdejkblbaihndkcm"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fbe5463e-c3b8-4a39-a587-e19cd5ec46db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.438167Z", "modified": "2026-06-02T15:57:32.438167Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oalfdomffplbcimjikgaklfamodahpmi) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oalfdomffplbcimjikgaklfamodahpmi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oalfdomffplbcimjikgaklfamodahpmi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oalfdomffplbcimjikgaklfamodahpmi", "external_id": "oalfdomffplbcimjikgaklfamodahpmi"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4a05b664-57ae-47e4-8c40-04e7cf07654b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.439231Z", "modified": "2026-06-02T15:57:32.439231Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (odnakbaioopckimfnkllgijmkikhfhhf) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/odnakbaioopckimfnkllgijmkikhfhhf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:odnakbaioopckimfnkllgijmkikhfhhf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/odnakbaioopckimfnkllgijmkikhfhhf", "external_id": "odnakbaioopckimfnkllgijmkikhfhhf"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3cd5584c-1bd8-46c5-88a1-ce609dc11f4f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.440484Z", "modified": "2026-06-02T15:57:32.440484Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oklejhdbgggnfaggiidiaokelehcfjdp) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oklejhdbgggnfaggiidiaokelehcfjdp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oklejhdbgggnfaggiidiaokelehcfjdp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oklejhdbgggnfaggiidiaokelehcfjdp", "external_id": "oklejhdbgggnfaggiidiaokelehcfjdp"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8da10e8c-d2f2-4f88-bf41-185ff446bf75", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.441553Z", "modified": "2026-06-02T15:57:32.441553Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (omgeapkgiddakeoklcapboapbamdgmhp) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/omgeapkgiddakeoklcapboapbamdgmhp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:omgeapkgiddakeoklcapboapbamdgmhp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/omgeapkgiddakeoklcapboapbamdgmhp", "external_id": "omgeapkgiddakeoklcapboapbamdgmhp"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--465a13df-faa9-4622-8f0f-77efb1d9c44f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.44262Z", "modified": "2026-06-02T15:57:32.44262Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oonbcpdabjcggcklopgbdagbfnkhbgbe) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oonbcpdabjcggcklopgbdagbfnkhbgbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oonbcpdabjcggcklopgbdagbfnkhbgbe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oonbcpdabjcggcklopgbdagbfnkhbgbe", "external_id": "oonbcpdabjcggcklopgbdagbfnkhbgbe"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7909f14c-2de0-4c43-98ad-54e80423f32a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.444701Z", "modified": "2026-06-02T15:57:32.444701Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (opahibnipmkjincplepgjiiinbfmppmh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opahibnipmkjincplepgjiiinbfmppmh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opahibnipmkjincplepgjiiinbfmppmh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opahibnipmkjincplepgjiiinbfmppmh", "external_id": "opahibnipmkjincplepgjiiinbfmppmh"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e20d06f3-991c-42a0-98e1-9e0ecb30c6f7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.445871Z", "modified": "2026-06-02T15:57:32.445871Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pamchlfnkebmjbfbknoclehcpfclbhpl) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pamchlfnkebmjbfbknoclehcpfclbhpl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pamchlfnkebmjbfbknoclehcpfclbhpl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pamchlfnkebmjbfbknoclehcpfclbhpl", "external_id": "pamchlfnkebmjbfbknoclehcpfclbhpl"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dfad3269-0b31-43ca-b950-11581a5b4e52", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.446976Z", "modified": "2026-06-02T15:57:32.446976Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pcfapghfanllmbdfiipeiihpkojekckk) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pcfapghfanllmbdfiipeiihpkojekckk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pcfapghfanllmbdfiipeiihpkojekckk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pcfapghfanllmbdfiipeiihpkojekckk", "external_id": "pcfapghfanllmbdfiipeiihpkojekckk"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--393e7134-9e5f-49c0-8555-a77965c6a339", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.448091Z", "modified": "2026-06-02T15:57:32.448091Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pchfjdkempbhcjdifpfphmgdmnmadgce) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pchfjdkempbhcjdifpfphmgdmnmadgce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pchfjdkempbhcjdifpfphmgdmnmadgce", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pchfjdkempbhcjdifpfphmgdmnmadgce", "external_id": "pchfjdkempbhcjdifpfphmgdmnmadgce"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9d2c38d4-2e1a-46b9-84ea-315132e37d41", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.449381Z", "modified": "2026-06-02T15:57:32.449381Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pdpcpceofkopegffcdnffeenbfdldock) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdpcpceofkopegffcdnffeenbfdldock']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdpcpceofkopegffcdnffeenbfdldock", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdpcpceofkopegffcdnffeenbfdldock", "external_id": "pdpcpceofkopegffcdnffeenbfdldock"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--57f71e19-5ab0-424c-abee-d1f84e40f558", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.450455Z", "modified": "2026-06-02T15:57:32.450455Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pgahbiaijngfmbbijfgmchcnkipajgha) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgahbiaijngfmbbijfgmchcnkipajgha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgahbiaijngfmbbijfgmchcnkipajgha", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgahbiaijngfmbbijfgmchcnkipajgha", "external_id": "pgahbiaijngfmbbijfgmchcnkipajgha"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--deb5d00c-17b7-4474-820d-12df29c97338", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.451532Z", "modified": "2026-06-02T15:57:32.451532Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pidohlmjfgjbafgfleommlolmbjdcpal) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pidohlmjfgjbafgfleommlolmbjdcpal']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pidohlmjfgjbafgfleommlolmbjdcpal", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pidohlmjfgjbafgfleommlolmbjdcpal", "external_id": "pidohlmjfgjbafgfleommlolmbjdcpal"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8068c964-4eac-47e2-a0f9-7506b5059301", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.452598Z", "modified": "2026-06-02T15:57:32.452598Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pilplloabdedfmialnfchjomjmpjcoej) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pilplloabdedfmialnfchjomjmpjcoej']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pilplloabdedfmialnfchjomjmpjcoej", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pilplloabdedfmialnfchjomjmpjcoej", "external_id": "pilplloabdedfmialnfchjomjmpjcoej"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1506e42c-b0d2-4a8f-b5b4-d55c42ca8bf1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.453653Z", "modified": "2026-06-02T15:57:32.453653Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pklmnoldkkoholegljdkibjjhmegpjep) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pklmnoldkkoholegljdkibjjhmegpjep']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pklmnoldkkoholegljdkibjjhmegpjep", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pklmnoldkkoholegljdkibjjhmegpjep", "external_id": "pklmnoldkkoholegljdkibjjhmegpjep"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bf1d3949-7b00-4e56-8dce-655d46d87c0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.454721Z", "modified": "2026-06-02T15:57:32.454721Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pknkncdfjlncijifekldbjmeaiakdbof) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pknkncdfjlncijifekldbjmeaiakdbof']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pknkncdfjlncijifekldbjmeaiakdbof", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pknkncdfjlncijifekldbjmeaiakdbof", "external_id": "pknkncdfjlncijifekldbjmeaiakdbof"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bcd40c57-9877-49b4-923e-f1235815e220", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.455801Z", "modified": "2026-06-02T15:57:32.455801Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (plmgefkiicjfchonlmnbabfebpnpckkk) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/plmgefkiicjfchonlmnbabfebpnpckkk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:plmgefkiicjfchonlmnbabfebpnpckkk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/plmgefkiicjfchonlmnbabfebpnpckkk", "external_id": "plmgefkiicjfchonlmnbabfebpnpckkk"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--40044138-a69b-4565-9f43-026aec2238af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.457033Z", "modified": "2026-06-02T15:57:32.457033Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pnciakodcdnehobpfcjcnnlcpmjlpkac) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pnciakodcdnehobpfcjcnnlcpmjlpkac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pnciakodcdnehobpfcjcnnlcpmjlpkac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pnciakodcdnehobpfcjcnnlcpmjlpkac", "external_id": "pnciakodcdnehobpfcjcnnlcpmjlpkac"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6b253cf7-2767-4fe6-8a80-eb758df1c2be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.4581Z", "modified": "2026-06-02T15:57:32.4581Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ponodoigcmkglddlljanchegmkgkhmgb) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ponodoigcmkglddlljanchegmkgkhmgb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ponodoigcmkglddlljanchegmkgkhmgb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ponodoigcmkglddlljanchegmkgkhmgb", "external_id": "ponodoigcmkglddlljanchegmkgkhmgb"}, {"source_name": "Original Research", "url": "https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f82b8b6f-ed97-405a-b2ae-fbdbcc6f60a0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.459114Z", "modified": "2026-06-02T15:57:32.459114Z", "name": "Malicious Extension: \u201cPackageTrak Promotions\u201d", "description": "Malicious browser extension: \u201cPackageTrak Promotions\u201d (oanbpfkcehelcjjipodkaafialmfejmi) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oanbpfkcehelcjjipodkaafialmfejmi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oanbpfkcehelcjjipodkaafialmfejmi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oanbpfkcehelcjjipodkaafialmfejmi", "external_id": "oanbpfkcehelcjjipodkaafialmfejmi"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1d9374b4-0ec2-4307-9bae-5d56cf14904e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.460127Z", "modified": "2026-06-02T15:57:32.460127Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lhfibgclamcffnddoicjmoopmgomknmb) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lhfibgclamcffnddoicjmoopmgomknmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lhfibgclamcffnddoicjmoopmgomknmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lhfibgclamcffnddoicjmoopmgomknmb", "external_id": "lhfibgclamcffnddoicjmoopmgomknmb"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c1379723-852d-4494-a586-2cd069053110", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.461134Z", "modified": "2026-06-02T15:57:32.461134Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ilcbbngkolbclhlildojhgjdbkkehfia) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ilcbbngkolbclhlildojhgjdbkkehfia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ilcbbngkolbclhlildojhgjdbkkehfia", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ilcbbngkolbclhlildojhgjdbkkehfia", "external_id": "ilcbbngkolbclhlildojhgjdbkkehfia"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6754d83b-6409-4961-80c2-73c6f9eda18f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.462153Z", "modified": "2026-06-02T15:57:32.462153Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pnhjnmacgahapmnnifmneapinilajfol) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pnhjnmacgahapmnnifmneapinilajfol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pnhjnmacgahapmnnifmneapinilajfol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pnhjnmacgahapmnnifmneapinilajfol", "external_id": "pnhjnmacgahapmnnifmneapinilajfol"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--be22b090-3734-4fe2-b89c-62822e5aca40", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.46316Z", "modified": "2026-06-02T15:57:32.46316Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ocifcogajbgikalbpphmoedjlcfjkhgh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ocifcogajbgikalbpphmoedjlcfjkhgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ocifcogajbgikalbpphmoedjlcfjkhgh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ocifcogajbgikalbpphmoedjlcfjkhgh", "external_id": "ocifcogajbgikalbpphmoedjlcfjkhgh"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--441d26f7-4ee7-4183-a73f-2069b19366a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.464323Z", "modified": "2026-06-02T15:57:32.464323Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (peglehonblabfemopkgmfcpofbchegcl) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/peglehonblabfemopkgmfcpofbchegcl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:peglehonblabfemopkgmfcpofbchegcl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/peglehonblabfemopkgmfcpofbchegcl", "external_id": "peglehonblabfemopkgmfcpofbchegcl"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--09eb9bcf-191b-4469-8990-d6865395a7b9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.465328Z", "modified": "2026-06-02T15:57:32.465328Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aaeohfpkhojgdhocdfpkdaffbehjbmmd) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aaeohfpkhojgdhocdfpkdaffbehjbmmd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aaeohfpkhojgdhocdfpkdaffbehjbmmd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aaeohfpkhojgdhocdfpkdaffbehjbmmd", "external_id": "aaeohfpkhojgdhocdfpkdaffbehjbmmd"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a324157b-8b36-44b7-be61-a9e64896b9f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.466323Z", "modified": "2026-06-02T15:57:32.466323Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lidnmohoigekohfmdpopgcpigjkpemll) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lidnmohoigekohfmdpopgcpigjkpemll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lidnmohoigekohfmdpopgcpigjkpemll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lidnmohoigekohfmdpopgcpigjkpemll", "external_id": "lidnmohoigekohfmdpopgcpigjkpemll"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dacc1975-75e3-430c-8113-d27ec5b5cae8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.467334Z", "modified": "2026-06-02T15:57:32.467334Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jmbmildjdmppofnohldicmnkojfhggmb) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jmbmildjdmppofnohldicmnkojfhggmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jmbmildjdmppofnohldicmnkojfhggmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jmbmildjdmppofnohldicmnkojfhggmb", "external_id": "jmbmildjdmppofnohldicmnkojfhggmb"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--57f14619-b3d5-4cbd-9bca-9c0c2b27e933", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.468396Z", "modified": "2026-06-02T15:57:32.468396Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jdoaaldnifinadckcbfkbiekgaebkeif) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jdoaaldnifinadckcbfkbiekgaebkeif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jdoaaldnifinadckcbfkbiekgaebkeif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jdoaaldnifinadckcbfkbiekgaebkeif", "external_id": "jdoaaldnifinadckcbfkbiekgaebkeif"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--64d49d34-f2c3-47cf-a9ca-166f66eba368", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.469464Z", "modified": "2026-06-02T15:57:32.469464Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ogjfhmgoalinegalajpmjoliipdibhdm) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ogjfhmgoalinegalajpmjoliipdibhdm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ogjfhmgoalinegalajpmjoliipdibhdm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ogjfhmgoalinegalajpmjoliipdibhdm", "external_id": "ogjfhmgoalinegalajpmjoliipdibhdm"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d3a12c1f-0fb6-43e8-9d0a-2301ecaeb45b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.470537Z", "modified": "2026-06-02T15:57:32.470537Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lebmkjafnodbnhbahbgdollaaabcmpbh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lebmkjafnodbnhbahbgdollaaabcmpbh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lebmkjafnodbnhbahbgdollaaabcmpbh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lebmkjafnodbnhbahbgdollaaabcmpbh", "external_id": "lebmkjafnodbnhbahbgdollaaabcmpbh"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ae0057be-c21f-4024-b22b-b91e2a31c89a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.471841Z", "modified": "2026-06-02T15:57:32.471841Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gjammdgdlgmoidmdfoefkeklnhmllpjp) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gjammdgdlgmoidmdfoefkeklnhmllpjp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gjammdgdlgmoidmdfoefkeklnhmllpjp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gjammdgdlgmoidmdfoefkeklnhmllpjp", "external_id": "gjammdgdlgmoidmdfoefkeklnhmllpjp"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2e485f6b-2677-461a-9d6c-916fb0b908f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.47292Z", "modified": "2026-06-02T15:57:32.47292Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kdkpllchojjkbgephbbeacaahecgfpga) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kdkpllchojjkbgephbbeacaahecgfpga']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kdkpllchojjkbgephbbeacaahecgfpga", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kdkpllchojjkbgephbbeacaahecgfpga", "external_id": "kdkpllchojjkbgephbbeacaahecgfpga"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5bf47651-dbd4-4494-a8d4-6b8a825eee2a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.473976Z", "modified": "2026-06-02T15:57:32.473976Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jaehldonmiabhfohkenmlimnceapgpnp) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jaehldonmiabhfohkenmlimnceapgpnp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jaehldonmiabhfohkenmlimnceapgpnp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jaehldonmiabhfohkenmlimnceapgpnp", "external_id": "jaehldonmiabhfohkenmlimnceapgpnp"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d3096373-2de5-4caf-ae77-6b290935c6cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.475043Z", "modified": "2026-06-02T15:57:32.475043Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pmhlkgkblgeeigiegkmacefjoflennbn) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmhlkgkblgeeigiegkmacefjoflennbn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmhlkgkblgeeigiegkmacefjoflennbn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmhlkgkblgeeigiegkmacefjoflennbn", "external_id": "pmhlkgkblgeeigiegkmacefjoflennbn"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7bab2f44-6ed6-4334-882a-d14896b5659a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.476122Z", "modified": "2026-06-02T15:57:32.476122Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ofdfbeanbffehepagohhengmjnhlkich) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofdfbeanbffehepagohhengmjnhlkich']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ofdfbeanbffehepagohhengmjnhlkich", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofdfbeanbffehepagohhengmjnhlkich", "external_id": "ofdfbeanbffehepagohhengmjnhlkich"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--18daf97b-0d8d-4aa1-9ecf-2414573f864a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.477167Z", "modified": "2026-06-02T15:57:32.477167Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mjchijabihjkhmmaaihpgmhkklgakinl) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mjchijabihjkhmmaaihpgmhkklgakinl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mjchijabihjkhmmaaihpgmhkklgakinl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mjchijabihjkhmmaaihpgmhkklgakinl", "external_id": "mjchijabihjkhmmaaihpgmhkklgakinl"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4c443976-0989-4c78-be79-38135b249033", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.478383Z", "modified": "2026-06-02T15:57:32.478383Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (poppendnaoonepbkmjejdfebihohaalo) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/poppendnaoonepbkmjejdfebihohaalo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:poppendnaoonepbkmjejdfebihohaalo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/poppendnaoonepbkmjejdfebihohaalo", "external_id": "poppendnaoonepbkmjejdfebihohaalo"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7bf12a0a-87f7-4a4d-8511-4f6ac08a4b46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.479866Z", "modified": "2026-06-02T15:57:32.479866Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eogoljjmndnjfikmcbmopmlhjnhbmdda) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eogoljjmndnjfikmcbmopmlhjnhbmdda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eogoljjmndnjfikmcbmopmlhjnhbmdda", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eogoljjmndnjfikmcbmopmlhjnhbmdda", "external_id": "eogoljjmndnjfikmcbmopmlhjnhbmdda"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--18506a1f-c0cd-4986-9c0a-3c50595809ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.481054Z", "modified": "2026-06-02T15:57:32.481054Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gdnkjjhpffldmfljpbfemliidkeeecdj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gdnkjjhpffldmfljpbfemliidkeeecdj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gdnkjjhpffldmfljpbfemliidkeeecdj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gdnkjjhpffldmfljpbfemliidkeeecdj", "external_id": "gdnkjjhpffldmfljpbfemliidkeeecdj"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1ad1cf59-2e16-477f-901e-88bb2ed43552", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.48227Z", "modified": "2026-06-02T15:57:32.48227Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gelcjfdfebnabkielednfoogpbhdeoai) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gelcjfdfebnabkielednfoogpbhdeoai']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gelcjfdfebnabkielednfoogpbhdeoai", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gelcjfdfebnabkielednfoogpbhdeoai", "external_id": "gelcjfdfebnabkielednfoogpbhdeoai"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--41258603-f48f-4fe9-984e-328cd337aa1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.483455Z", "modified": "2026-06-02T15:57:32.483455Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ofpihhkeakgnnbkmcoifjkkhnllddbld) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofpihhkeakgnnbkmcoifjkkhnllddbld']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ofpihhkeakgnnbkmcoifjkkhnllddbld", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofpihhkeakgnnbkmcoifjkkhnllddbld", "external_id": "ofpihhkeakgnnbkmcoifjkkhnllddbld"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4f8362cf-5a60-413a-add5-00b0400a6b11", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.484531Z", "modified": "2026-06-02T15:57:32.484531Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pjjghngpidphgicpgdebpmdgdicepege) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pjjghngpidphgicpgdebpmdgdicepege']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pjjghngpidphgicpgdebpmdgdicepege", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pjjghngpidphgicpgdebpmdgdicepege", "external_id": "pjjghngpidphgicpgdebpmdgdicepege"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6ac2fa05-126f-40e6-b051-c4e91b7fe6ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.485568Z", "modified": "2026-06-02T15:57:32.485568Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nchdkdaknojhpimbfbejfcdnmjfbllhj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nchdkdaknojhpimbfbejfcdnmjfbllhj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nchdkdaknojhpimbfbejfcdnmjfbllhj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nchdkdaknojhpimbfbejfcdnmjfbllhj", "external_id": "nchdkdaknojhpimbfbejfcdnmjfbllhj"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--47ef35df-3075-435f-b778-ade7813bd333", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.486587Z", "modified": "2026-06-02T15:57:32.486587Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (blcfpeooekoekehdpbikibeblpjlehlh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/blcfpeooekoekehdpbikibeblpjlehlh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:blcfpeooekoekehdpbikibeblpjlehlh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/blcfpeooekoekehdpbikibeblpjlehlh", "external_id": "blcfpeooekoekehdpbikibeblpjlehlh"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c3655a2c-0dfb-4e36-bf58-6d87e680c718", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.487826Z", "modified": "2026-06-02T15:57:32.487826Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (looclnmoilplejheganiloofamfilbcd) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/looclnmoilplejheganiloofamfilbcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:looclnmoilplejheganiloofamfilbcd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/looclnmoilplejheganiloofamfilbcd", "external_id": "looclnmoilplejheganiloofamfilbcd"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5724b971-9196-4345-b531-815b1832b1e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.488866Z", "modified": "2026-06-02T15:57:32.488866Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oehimkphpeeeneindfeekidpmkpffkgc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oehimkphpeeeneindfeekidpmkpffkgc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oehimkphpeeeneindfeekidpmkpffkgc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oehimkphpeeeneindfeekidpmkpffkgc", "external_id": "oehimkphpeeeneindfeekidpmkpffkgc"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a126e23c-ccf3-49c8-b953-b8ffb5814fd7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.489887Z", "modified": "2026-06-02T15:57:32.489887Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eebbihndkbkejmlgfoofigacgicamfha) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eebbihndkbkejmlgfoofigacgicamfha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eebbihndkbkejmlgfoofigacgicamfha", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eebbihndkbkejmlgfoofigacgicamfha", "external_id": "eebbihndkbkejmlgfoofigacgicamfha"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e1916ce3-0673-4aeb-a0ac-069246f38c63", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.490903Z", "modified": "2026-06-02T15:57:32.490903Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (faopefnnleiebimhkldlplkgkjpbmcea) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/faopefnnleiebimhkldlplkgkjpbmcea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:faopefnnleiebimhkldlplkgkjpbmcea", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/faopefnnleiebimhkldlplkgkjpbmcea", "external_id": "faopefnnleiebimhkldlplkgkjpbmcea"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--daf7a934-1969-428a-b392-d4180e3d96f4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.491923Z", "modified": "2026-06-02T15:57:32.491923Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (obcfkcpejehknjdollnafpebkcpkklbl) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obcfkcpejehknjdollnafpebkcpkklbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obcfkcpejehknjdollnafpebkcpkklbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obcfkcpejehknjdollnafpebkcpkklbl", "external_id": "obcfkcpejehknjdollnafpebkcpkklbl"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--35f245aa-76b1-4ddc-b11e-9ed595ccee17", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.492923Z", "modified": "2026-06-02T15:57:32.492923Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jepocknhdcgdmbiodbpopcbjnlgecdhf) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jepocknhdcgdmbiodbpopcbjnlgecdhf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jepocknhdcgdmbiodbpopcbjnlgecdhf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jepocknhdcgdmbiodbpopcbjnlgecdhf", "external_id": "jepocknhdcgdmbiodbpopcbjnlgecdhf"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2844b473-c674-4601-92b1-9d0b8977ed63", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.493916Z", "modified": "2026-06-02T15:57:32.493916Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dehhfjanlmglmabomenmpjnnopigplae) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dehhfjanlmglmabomenmpjnnopigplae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dehhfjanlmglmabomenmpjnnopigplae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dehhfjanlmglmabomenmpjnnopigplae", "external_id": "dehhfjanlmglmabomenmpjnnopigplae"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fdf4d1b0-8a31-4d7c-853e-179e9b2e04d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.495092Z", "modified": "2026-06-02T15:57:32.495092Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ekijhekekfckmkmbemiijdkihdibnbgh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekijhekekfckmkmbemiijdkihdibnbgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekijhekekfckmkmbemiijdkihdibnbgh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekijhekekfckmkmbemiijdkihdibnbgh", "external_id": "ekijhekekfckmkmbemiijdkihdibnbgh"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1d63e293-b35d-4b04-8728-cc914941d6f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.496114Z", "modified": "2026-06-02T15:57:32.496114Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pjpjefgijnjlhgegceegmpecklonpdjp) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pjpjefgijnjlhgegceegmpecklonpdjp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pjpjefgijnjlhgegceegmpecklonpdjp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pjpjefgijnjlhgegceegmpecklonpdjp", "external_id": "pjpjefgijnjlhgegceegmpecklonpdjp"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--df2b68da-9157-4a41-926f-19f91cc95aa7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.497108Z", "modified": "2026-06-02T15:57:32.497108Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nlhocomjnfjedielocojomgfldbjmdjj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nlhocomjnfjedielocojomgfldbjmdjj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nlhocomjnfjedielocojomgfldbjmdjj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nlhocomjnfjedielocojomgfldbjmdjj", "external_id": "nlhocomjnfjedielocojomgfldbjmdjj"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b40e7350-1534-4fd9-844b-2e227fe15998", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.498099Z", "modified": "2026-06-02T15:57:32.498099Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (opooaebceonakifaacigffdhogdgfadg) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opooaebceonakifaacigffdhogdgfadg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opooaebceonakifaacigffdhogdgfadg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opooaebceonakifaacigffdhogdgfadg", "external_id": "opooaebceonakifaacigffdhogdgfadg"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b5e52b97-93f5-4048-8f3a-fb3f179ca018", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.499093Z", "modified": "2026-06-02T15:57:32.499093Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ojofdaokgfdlbeomlelkiiipkocneien) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojofdaokgfdlbeomlelkiiipkocneien']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ojofdaokgfdlbeomlelkiiipkocneien", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojofdaokgfdlbeomlelkiiipkocneien", "external_id": "ojofdaokgfdlbeomlelkiiipkocneien"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--978676c9-cd96-4c4b-995a-6393e17e3631", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.500104Z", "modified": "2026-06-02T15:57:32.500104Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gpaaalbnkccgmmbkendiciheljgpdhob) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gpaaalbnkccgmmbkendiciheljgpdhob']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gpaaalbnkccgmmbkendiciheljgpdhob", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gpaaalbnkccgmmbkendiciheljgpdhob", "external_id": "gpaaalbnkccgmmbkendiciheljgpdhob"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f9fe5084-789f-4e96-ac1f-2ada324bcff1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.501105Z", "modified": "2026-06-02T15:57:32.501105Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (almfnpjmjpnknlgpipillhfmchjikkno) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/almfnpjmjpnknlgpipillhfmchjikkno']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:almfnpjmjpnknlgpipillhfmchjikkno", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/almfnpjmjpnknlgpipillhfmchjikkno", "external_id": "almfnpjmjpnknlgpipillhfmchjikkno"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7bf9a1c2-bf6c-42c8-b61f-20e34b601110", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.503326Z", "modified": "2026-06-02T15:57:32.503326Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eeacchjlmkcleifpppcjbmahcnlihamj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eeacchjlmkcleifpppcjbmahcnlihamj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eeacchjlmkcleifpppcjbmahcnlihamj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eeacchjlmkcleifpppcjbmahcnlihamj", "external_id": "eeacchjlmkcleifpppcjbmahcnlihamj"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--08087502-0352-4486-b86d-41b77fa644eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.504415Z", "modified": "2026-06-02T15:57:32.504415Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lojgkcienjoiogbfkbjiidpfnabhkckf) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lojgkcienjoiogbfkbjiidpfnabhkckf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lojgkcienjoiogbfkbjiidpfnabhkckf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lojgkcienjoiogbfkbjiidpfnabhkckf", "external_id": "lojgkcienjoiogbfkbjiidpfnabhkckf"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d081e781-4c3c-4a1c-869d-81e63a861024", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.505463Z", "modified": "2026-06-02T15:57:32.505463Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gkemhapalomnipjhminflfhjcjehjhmp) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gkemhapalomnipjhminflfhjcjehjhmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gkemhapalomnipjhminflfhjcjehjhmp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gkemhapalomnipjhminflfhjcjehjhmp", "external_id": "gkemhapalomnipjhminflfhjcjehjhmp"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8239a7f8-c880-43c9-b8bd-ae4b5e46d86b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.506513Z", "modified": "2026-06-02T15:57:32.506513Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (icolkoeolaodpjogekifcidcdbgbdobc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/icolkoeolaodpjogekifcidcdbgbdobc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:icolkoeolaodpjogekifcidcdbgbdobc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/icolkoeolaodpjogekifcidcdbgbdobc", "external_id": "icolkoeolaodpjogekifcidcdbgbdobc"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3dde732f-c454-4e08-9c05-2ebeff6f0860", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.507539Z", "modified": "2026-06-02T15:57:32.507539Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (abjbfhcehjndcpbiiagdnlfolkbfblpb) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/abjbfhcehjndcpbiiagdnlfolkbfblpb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:abjbfhcehjndcpbiiagdnlfolkbfblpb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/abjbfhcehjndcpbiiagdnlfolkbfblpb", "external_id": "abjbfhcehjndcpbiiagdnlfolkbfblpb"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b8e309d3-c964-4d3a-8184-a16141667724", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.508557Z", "modified": "2026-06-02T15:57:32.508557Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bbjilncoookdcjjnkcdaofiollndepla) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbjilncoookdcjjnkcdaofiollndepla']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bbjilncoookdcjjnkcdaofiollndepla", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbjilncoookdcjjnkcdaofiollndepla", "external_id": "bbjilncoookdcjjnkcdaofiollndepla"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--da01ad8f-4bb1-4e36-8e25-af5e6a057300", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.509568Z", "modified": "2026-06-02T15:57:32.509568Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (igpcgjcdhmdjhdlgoncfnpkdipanlida) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/igpcgjcdhmdjhdlgoncfnpkdipanlida']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:igpcgjcdhmdjhdlgoncfnpkdipanlida", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/igpcgjcdhmdjhdlgoncfnpkdipanlida", "external_id": "igpcgjcdhmdjhdlgoncfnpkdipanlida"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d89f0ccc-79ed-406b-96eb-c7c7e4cb2e6e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.510734Z", "modified": "2026-06-02T15:57:32.510734Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nfhpojfdhcdmimokleagkdcbkmcgfjkh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nfhpojfdhcdmimokleagkdcbkmcgfjkh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nfhpojfdhcdmimokleagkdcbkmcgfjkh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nfhpojfdhcdmimokleagkdcbkmcgfjkh", "external_id": "nfhpojfdhcdmimokleagkdcbkmcgfjkh"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f8995c9f-1520-4a5f-b761-15508bc872c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.511761Z", "modified": "2026-06-02T15:57:32.511761Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jfnlkmaledafkdhdokgnhlcmeamakham) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jfnlkmaledafkdhdokgnhlcmeamakham']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jfnlkmaledafkdhdokgnhlcmeamakham", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jfnlkmaledafkdhdokgnhlcmeamakham", "external_id": "jfnlkmaledafkdhdokgnhlcmeamakham"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--19143a6f-7865-49be-9b2f-6129c256b035", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.512764Z", "modified": "2026-06-02T15:57:32.512764Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dibjpjiifnahccnokciamjlfgdlgimmn) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dibjpjiifnahccnokciamjlfgdlgimmn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dibjpjiifnahccnokciamjlfgdlgimmn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dibjpjiifnahccnokciamjlfgdlgimmn", "external_id": "dibjpjiifnahccnokciamjlfgdlgimmn"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--844660d7-d82c-4b72-aa78-ab7cca49d74d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.513759Z", "modified": "2026-06-02T15:57:32.513759Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fjclfmhapndgeabdcikbhemimpijpnah) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fjclfmhapndgeabdcikbhemimpijpnah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fjclfmhapndgeabdcikbhemimpijpnah", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fjclfmhapndgeabdcikbhemimpijpnah", "external_id": "fjclfmhapndgeabdcikbhemimpijpnah"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--37809b22-5327-4306-9a23-63169b19661e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.514767Z", "modified": "2026-06-02T15:57:32.514767Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jpnamljnefhpbpcofcbonjjjkmfjbhdp) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jpnamljnefhpbpcofcbonjjjkmfjbhdp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jpnamljnefhpbpcofcbonjjjkmfjbhdp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jpnamljnefhpbpcofcbonjjjkmfjbhdp", "external_id": "jpnamljnefhpbpcofcbonjjjkmfjbhdp"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8c511abf-4f92-448f-b8b8-20c9a33beea7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.515779Z", "modified": "2026-06-02T15:57:32.515779Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iggmbfojpkfikoahlfghaalpbpkhfohc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iggmbfojpkfikoahlfghaalpbpkhfohc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iggmbfojpkfikoahlfghaalpbpkhfohc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iggmbfojpkfikoahlfghaalpbpkhfohc", "external_id": "iggmbfojpkfikoahlfghaalpbpkhfohc"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bb7ca7c2-3845-40da-a8ab-af003f434858", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.51679Z", "modified": "2026-06-02T15:57:32.51679Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fkllfgoempnigpogkgkgmghkchmjcjni) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fkllfgoempnigpogkgkgmghkchmjcjni']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fkllfgoempnigpogkgkgmghkchmjcjni", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fkllfgoempnigpogkgkgmghkchmjcjni", "external_id": "fkllfgoempnigpogkgkgmghkchmjcjni"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8368f5de-4804-45f6-b309-35c111436ed4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.517957Z", "modified": "2026-06-02T15:57:32.517957Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dealfjgnmkibkcldkcpbikenmajlglmc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dealfjgnmkibkcldkcpbikenmajlglmc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dealfjgnmkibkcldkcpbikenmajlglmc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dealfjgnmkibkcldkcpbikenmajlglmc", "external_id": "dealfjgnmkibkcldkcpbikenmajlglmc"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2823e92c-5312-4b8a-a348-92086a57d084", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.518964Z", "modified": "2026-06-02T15:57:32.518964Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (abghmipjfclfpgmmelbgolfgmhnigbma) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/abghmipjfclfpgmmelbgolfgmhnigbma']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:abghmipjfclfpgmmelbgolfgmhnigbma", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/abghmipjfclfpgmmelbgolfgmhnigbma", "external_id": "abghmipjfclfpgmmelbgolfgmhnigbma"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--08a83477-b6ed-4522-ac34-bc15b38a33fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.519984Z", "modified": "2026-06-02T15:57:32.519984Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dcbfmglfdlgpnolgdjoioeocllioebpe) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dcbfmglfdlgpnolgdjoioeocllioebpe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dcbfmglfdlgpnolgdjoioeocllioebpe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dcbfmglfdlgpnolgdjoioeocllioebpe", "external_id": "dcbfmglfdlgpnolgdjoioeocllioebpe"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1694c70c-d4b0-459c-ab3c-fc9ae3cd0a58", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.520987Z", "modified": "2026-06-02T15:57:32.520987Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (obmbmalbahpfbckpcfbipooimkldgphm) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obmbmalbahpfbckpcfbipooimkldgphm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obmbmalbahpfbckpcfbipooimkldgphm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obmbmalbahpfbckpcfbipooimkldgphm", "external_id": "obmbmalbahpfbckpcfbipooimkldgphm"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aff83377-239e-4d9d-9197-c051e4cbc0dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.521983Z", "modified": "2026-06-02T15:57:32.521983Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gbkmkgfjngebdcpklbkeccelcjaobblk) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gbkmkgfjngebdcpklbkeccelcjaobblk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gbkmkgfjngebdcpklbkeccelcjaobblk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gbkmkgfjngebdcpklbkeccelcjaobblk", "external_id": "gbkmkgfjngebdcpklbkeccelcjaobblk"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e635cbf3-5428-425c-a643-2ed3d9c350bc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.522974Z", "modified": "2026-06-02T15:57:32.522974Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ehibgcefkpbfkklbpahilhicidnhiboc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ehibgcefkpbfkklbpahilhicidnhiboc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ehibgcefkpbfkklbpahilhicidnhiboc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ehibgcefkpbfkklbpahilhicidnhiboc", "external_id": "ehibgcefkpbfkklbpahilhicidnhiboc"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--85ff7715-36bc-4134-9757-3319c36cb848", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.523993Z", "modified": "2026-06-02T15:57:32.523993Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gmljddfeipofcffbhhcpohkegndieeab) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gmljddfeipofcffbhhcpohkegndieeab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gmljddfeipofcffbhhcpohkegndieeab", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gmljddfeipofcffbhhcpohkegndieeab", "external_id": "gmljddfeipofcffbhhcpohkegndieeab"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--926264ec-5696-46e1-9561-6d595b28cdff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.525151Z", "modified": "2026-06-02T15:57:32.525151Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dajgdhiemoaecngkpliephmheifopmjb) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dajgdhiemoaecngkpliephmheifopmjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dajgdhiemoaecngkpliephmheifopmjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dajgdhiemoaecngkpliephmheifopmjb", "external_id": "dajgdhiemoaecngkpliephmheifopmjb"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fe0d6b2c-1faf-4908-9248-2342d11621b6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.526158Z", "modified": "2026-06-02T15:57:32.526158Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fdbmoflclpmkmeobidcgmfamkicinnlg) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fdbmoflclpmkmeobidcgmfamkicinnlg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fdbmoflclpmkmeobidcgmfamkicinnlg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fdbmoflclpmkmeobidcgmfamkicinnlg", "external_id": "fdbmoflclpmkmeobidcgmfamkicinnlg"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8052e485-9b72-417c-988d-63a312326f8b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.527176Z", "modified": "2026-06-02T15:57:32.527176Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (obbfndpanmiplgfcbeonoocobbnjdmdc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obbfndpanmiplgfcbeonoocobbnjdmdc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obbfndpanmiplgfcbeonoocobbnjdmdc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obbfndpanmiplgfcbeonoocobbnjdmdc", "external_id": "obbfndpanmiplgfcbeonoocobbnjdmdc"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--68935938-5ba9-4763-890a-276fdf58554c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.528183Z", "modified": "2026-06-02T15:57:32.528183Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lgljionbhcfbnpjgfnhhoadpdngkmfnh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lgljionbhcfbnpjgfnhhoadpdngkmfnh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lgljionbhcfbnpjgfnhhoadpdngkmfnh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lgljionbhcfbnpjgfnhhoadpdngkmfnh", "external_id": "lgljionbhcfbnpjgfnhhoadpdngkmfnh"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3b9f2a59-1a04-45c3-bfb8-b10b46c5ef9e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.529187Z", "modified": "2026-06-02T15:57:32.529187Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ddenjpheppdmfimooolgihimdgpilhfo) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ddenjpheppdmfimooolgihimdgpilhfo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ddenjpheppdmfimooolgihimdgpilhfo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ddenjpheppdmfimooolgihimdgpilhfo", "external_id": "ddenjpheppdmfimooolgihimdgpilhfo"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--82352e29-9362-4134-8154-62021fb46e22", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.530187Z", "modified": "2026-06-02T15:57:32.530187Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bblkckhknhmalchbceidkmjalmcmnkfa) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bblkckhknhmalchbceidkmjalmcmnkfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bblkckhknhmalchbceidkmjalmcmnkfa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bblkckhknhmalchbceidkmjalmcmnkfa", "external_id": "bblkckhknhmalchbceidkmjalmcmnkfa"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fd7abb99-0d05-42cd-81ad-50591802660a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.5312Z", "modified": "2026-06-02T15:57:32.5312Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fhkmacopackahlbnpcfijgphgoimpggb) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fhkmacopackahlbnpcfijgphgoimpggb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fhkmacopackahlbnpcfijgphgoimpggb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fhkmacopackahlbnpcfijgphgoimpggb", "external_id": "fhkmacopackahlbnpcfijgphgoimpggb"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0b5cff67-4e2b-4b78-ad2b-68312f4ba276", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.53237Z", "modified": "2026-06-02T15:57:32.53237Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eohnfgagodblipmmalphhfepaonpnjgk) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eohnfgagodblipmmalphhfepaonpnjgk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eohnfgagodblipmmalphhfepaonpnjgk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eohnfgagodblipmmalphhfepaonpnjgk", "external_id": "eohnfgagodblipmmalphhfepaonpnjgk"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2d3d6fb7-f487-46b9-9f58-e373e889fb6f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.533388Z", "modified": "2026-06-02T15:57:32.533388Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (emkkigmmpfbjmikfadmfeebomholoikg) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/emkkigmmpfbjmikfadmfeebomholoikg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:emkkigmmpfbjmikfadmfeebomholoikg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/emkkigmmpfbjmikfadmfeebomholoikg", "external_id": "emkkigmmpfbjmikfadmfeebomholoikg"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1bee2305-d7de-49e0-a80e-3d10869f80fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.534385Z", "modified": "2026-06-02T15:57:32.534385Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fekjbjbbdopogpamkmdjpjicapclgamj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fekjbjbbdopogpamkmdjpjicapclgamj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fekjbjbbdopogpamkmdjpjicapclgamj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fekjbjbbdopogpamkmdjpjicapclgamj", "external_id": "fekjbjbbdopogpamkmdjpjicapclgamj"}, {"source_name": "Original Research", "url": "https://duo.com/labs/research/crxcavator-malvertising-2020"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--564e6dc5-40ed-472b-9796-402eb3fc7386", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.535417Z", "modified": "2026-06-02T15:57:32.535417Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (afephhbbcdlgdehhddfnehfndnkfbgnm) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/afephhbbcdlgdehhddfnehfndnkfbgnm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:afephhbbcdlgdehhddfnehfndnkfbgnm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/afephhbbcdlgdehhddfnehfndnkfbgnm", "external_id": "afephhbbcdlgdehhddfnehfndnkfbgnm"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e2a4d4d0-6874-4c9c-beab-4cab3e031bdc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.536454Z", "modified": "2026-06-02T15:57:32.536454Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (agfjbfkpehcnceblmdahjaejpnnnkjdn) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/agfjbfkpehcnceblmdahjaejpnnnkjdn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:agfjbfkpehcnceblmdahjaejpnnnkjdn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/agfjbfkpehcnceblmdahjaejpnnnkjdn", "external_id": "agfjbfkpehcnceblmdahjaejpnnnkjdn"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--83596aed-b5e6-4440-881f-04299af9e301", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.537483Z", "modified": "2026-06-02T15:57:32.537483Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ahikdohkiedoomaklnohgdnmfcmbabcn) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ahikdohkiedoomaklnohgdnmfcmbabcn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ahikdohkiedoomaklnohgdnmfcmbabcn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ahikdohkiedoomaklnohgdnmfcmbabcn", "external_id": "ahikdohkiedoomaklnohgdnmfcmbabcn"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0456584d-4be2-428f-83df-bc619ea82e79", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.538497Z", "modified": "2026-06-02T15:57:32.538497Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ahlfiinafajfmciaajgophipcfholmeh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ahlfiinafajfmciaajgophipcfholmeh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ahlfiinafajfmciaajgophipcfholmeh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ahlfiinafajfmciaajgophipcfholmeh", "external_id": "ahlfiinafajfmciaajgophipcfholmeh"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--87bcc404-42d7-4bab-a4a9-4aa4d64dad17", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.53969Z", "modified": "2026-06-02T15:57:32.53969Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (akglkgdiggmkilkhejagginkngocbpbj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akglkgdiggmkilkhejagginkngocbpbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:akglkgdiggmkilkhejagginkngocbpbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akglkgdiggmkilkhejagginkngocbpbj", "external_id": "akglkgdiggmkilkhejagginkngocbpbj"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--60e1e100-dbee-4a65-b148-cda22acd6890", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.540709Z", "modified": "2026-06-02T15:57:32.540709Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (anihmmejabpaocacmeodiapbhpholaom) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/anihmmejabpaocacmeodiapbhpholaom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:anihmmejabpaocacmeodiapbhpholaom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/anihmmejabpaocacmeodiapbhpholaom", "external_id": "anihmmejabpaocacmeodiapbhpholaom"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ecb1fab8-179a-434d-8a52-626fb2765cfd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.541713Z", "modified": "2026-06-02T15:57:32.541713Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bhkcgfbaokmhglgipbppoobmoblcomhh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhkcgfbaokmhglgipbppoobmoblcomhh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bhkcgfbaokmhglgipbppoobmoblcomhh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhkcgfbaokmhglgipbppoobmoblcomhh", "external_id": "bhkcgfbaokmhglgipbppoobmoblcomhh"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fe4cfff6-2612-4032-ab54-12fcc40a7b05", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.542718Z", "modified": "2026-06-02T15:57:32.542718Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bkanfnnhokogflpnhnbfjdhbjdlgncdi) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bkanfnnhokogflpnhnbfjdhbjdlgncdi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bkanfnnhokogflpnhnbfjdhbjdlgncdi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bkanfnnhokogflpnhnbfjdhbjdlgncdi", "external_id": "bkanfnnhokogflpnhnbfjdhbjdlgncdi"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f675efe0-7e9b-4431-bcd4-4605674cbb55", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.543737Z", "modified": "2026-06-02T15:57:32.543737Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bpfdhglfmfepjhgnhnmclbfiknjnfblb) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bpfdhglfmfepjhgnhnmclbfiknjnfblb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bpfdhglfmfepjhgnhnmclbfiknjnfblb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bpfdhglfmfepjhgnhnmclbfiknjnfblb", "external_id": "bpfdhglfmfepjhgnhnmclbfiknjnfblb"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--df7cd161-42fc-4160-be20-f8bc367c16fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.544935Z", "modified": "2026-06-02T15:57:32.544935Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bpklfenmjhcjlocdicfadpfppcgojfjp) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bpklfenmjhcjlocdicfadpfppcgojfjp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bpklfenmjhcjlocdicfadpfppcgojfjp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bpklfenmjhcjlocdicfadpfppcgojfjp", "external_id": "bpklfenmjhcjlocdicfadpfppcgojfjp"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4a5b5d34-8e2c-4ec2-9139-c131bc5f3990", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.545967Z", "modified": "2026-06-02T15:57:32.545967Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ckelhijilmmlmnaljmjpigfopkmfkoeh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ckelhijilmmlmnaljmjpigfopkmfkoeh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ckelhijilmmlmnaljmjpigfopkmfkoeh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ckelhijilmmlmnaljmjpigfopkmfkoeh", "external_id": "ckelhijilmmlmnaljmjpigfopkmfkoeh"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e968edf2-d0c8-47bd-bdde-f38aa3c3ca9f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.547179Z", "modified": "2026-06-02T15:57:32.547179Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dbcfhcelmjepboabieglhjejeolaopdl) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dbcfhcelmjepboabieglhjejeolaopdl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dbcfhcelmjepboabieglhjejeolaopdl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dbcfhcelmjepboabieglhjejeolaopdl", "external_id": "dbcfhcelmjepboabieglhjejeolaopdl"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8043595d-5fa4-4365-9110-9c1b35419b07", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.548225Z", "modified": "2026-06-02T15:57:32.548225Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dbcfokmgampdedgcefjahloodbgakkpl) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dbcfokmgampdedgcefjahloodbgakkpl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dbcfokmgampdedgcefjahloodbgakkpl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dbcfokmgampdedgcefjahloodbgakkpl", "external_id": "dbcfokmgampdedgcefjahloodbgakkpl"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--54f423a5-9c3a-44a9-93f9-d231cb8be056", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.549242Z", "modified": "2026-06-02T15:57:32.549242Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ddohdfnenhipnhnbbfifknnhaomihcip) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ddohdfnenhipnhnbbfifknnhaomihcip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ddohdfnenhipnhnbbfifknnhaomihcip", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ddohdfnenhipnhnbbfifknnhaomihcip", "external_id": "ddohdfnenhipnhnbbfifknnhaomihcip"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0ae8c1c8-1d9e-4a8e-9826-9eb4b194a577", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.550251Z", "modified": "2026-06-02T15:57:32.550251Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dehindejipifeaikcgbkdijgkbjliojc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dehindejipifeaikcgbkdijgkbjliojc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dehindejipifeaikcgbkdijgkbjliojc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dehindejipifeaikcgbkdijgkbjliojc", "external_id": "dehindejipifeaikcgbkdijgkbjliojc"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f3e7bfaf-7887-46d5-82c6-d4e5b07f4351", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.55128Z", "modified": "2026-06-02T15:57:32.55128Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dkhcmjfipgoapjamnngolidbcakpdhgf) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkhcmjfipgoapjamnngolidbcakpdhgf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkhcmjfipgoapjamnngolidbcakpdhgf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkhcmjfipgoapjamnngolidbcakpdhgf", "external_id": "dkhcmjfipgoapjamnngolidbcakpdhgf"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b910ef08-4165-41b6-8827-79c00207bc24", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.552306Z", "modified": "2026-06-02T15:57:32.552306Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (effhjobodhmkbgfpgcdabfnjlnphakhb) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/effhjobodhmkbgfpgcdabfnjlnphakhb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:effhjobodhmkbgfpgcdabfnjlnphakhb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/effhjobodhmkbgfpgcdabfnjlnphakhb", "external_id": "effhjobodhmkbgfpgcdabfnjlnphakhb"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9ff6e5c1-9504-48c7-b560-3bec5149722c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.553361Z", "modified": "2026-06-02T15:57:32.553361Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (egpnofbhgafhbkapdhedimohmainbiio) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/egpnofbhgafhbkapdhedimohmainbiio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:egpnofbhgafhbkapdhedimohmainbiio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/egpnofbhgafhbkapdhedimohmainbiio", "external_id": "egpnofbhgafhbkapdhedimohmainbiio"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4dfd87e3-01be-45a3-a408-d968d5192545", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.554548Z", "modified": "2026-06-02T15:57:32.554548Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ehlgimmlmmcocemjadeafmohiplmgmei) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ehlgimmlmmcocemjadeafmohiplmgmei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ehlgimmlmmcocemjadeafmohiplmgmei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ehlgimmlmmcocemjadeafmohiplmgmei", "external_id": "ehlgimmlmmcocemjadeafmohiplmgmei"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b490049a-2cc8-4c89-be2a-01fb5b47eab7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.555589Z", "modified": "2026-06-02T15:57:32.555589Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (epphnioigompfjaknnaokghgcncnjfbe) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/epphnioigompfjaknnaokghgcncnjfbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:epphnioigompfjaknnaokghgcncnjfbe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/epphnioigompfjaknnaokghgcncnjfbe", "external_id": "epphnioigompfjaknnaokghgcncnjfbe"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e9b32950-7cb9-4b9c-a4cb-ed69aab41fc6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.556606Z", "modified": "2026-06-02T15:57:32.556606Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gbbpilgcdcmfppjkdociebhmcnbfbmod) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gbbpilgcdcmfppjkdociebhmcnbfbmod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gbbpilgcdcmfppjkdociebhmcnbfbmod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gbbpilgcdcmfppjkdociebhmcnbfbmod", "external_id": "gbbpilgcdcmfppjkdociebhmcnbfbmod"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b724c972-4212-4586-bec9-db61d2d99a28", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.557624Z", "modified": "2026-06-02T15:57:32.557624Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (glmbceclkhkaebcadgmbcjihllcnpmjh) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/glmbceclkhkaebcadgmbcjihllcnpmjh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:glmbceclkhkaebcadgmbcjihllcnpmjh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/glmbceclkhkaebcadgmbcjihllcnpmjh", "external_id": "glmbceclkhkaebcadgmbcjihllcnpmjh"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--523a571c-bd1c-46ad-a501-55de57498b5c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.558657Z", "modified": "2026-06-02T15:57:32.558657Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gpffceikmehgifkjjginoibpceadefih) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gpffceikmehgifkjjginoibpceadefih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gpffceikmehgifkjjginoibpceadefih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gpffceikmehgifkjjginoibpceadefih", "external_id": "gpffceikmehgifkjjginoibpceadefih"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b8974b93-e598-421a-a13c-857156c0a21c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.559702Z", "modified": "2026-06-02T15:57:32.559702Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (idnelecdpebmbpnmambnpcjogingdfco) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/idnelecdpebmbpnmambnpcjogingdfco']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:idnelecdpebmbpnmambnpcjogingdfco", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/idnelecdpebmbpnmambnpcjogingdfco", "external_id": "idnelecdpebmbpnmambnpcjogingdfco"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a8b04ff3-898a-4be5-9225-4a991eeda8bc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.560719Z", "modified": "2026-06-02T15:57:32.560719Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ifceimlckdanenfkfoomccpcpemphlbg) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ifceimlckdanenfkfoomccpcpemphlbg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ifceimlckdanenfkfoomccpcpemphlbg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ifceimlckdanenfkfoomccpcpemphlbg", "external_id": "ifceimlckdanenfkfoomccpcpemphlbg"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--24f4599b-66ed-4124-846f-a938aab8fe9a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.561886Z", "modified": "2026-06-02T15:57:32.561886Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ifmkfoeijeemajoodjfoagpbejmmnkhm) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ifmkfoeijeemajoodjfoagpbejmmnkhm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ifmkfoeijeemajoodjfoagpbejmmnkhm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ifmkfoeijeemajoodjfoagpbejmmnkhm", "external_id": "ifmkfoeijeemajoodjfoagpbejmmnkhm"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--83f563b6-eff2-4483-896b-19c4e7da2b59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.562906Z", "modified": "2026-06-02T15:57:32.562906Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (igkljanmhbnhedgkmgpkcgpjmociceim) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/igkljanmhbnhedgkmgpkcgpjmociceim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:igkljanmhbnhedgkmgpkcgpjmociceim", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/igkljanmhbnhedgkmgpkcgpjmociceim", "external_id": "igkljanmhbnhedgkmgpkcgpjmociceim"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b857a320-c774-4702-a3f3-f3ed4294b30f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.563926Z", "modified": "2026-06-02T15:57:32.563926Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ijhakgidfnlallpobldpbhandllbeobg) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ijhakgidfnlallpobldpbhandllbeobg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ijhakgidfnlallpobldpbhandllbeobg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ijhakgidfnlallpobldpbhandllbeobg", "external_id": "ijhakgidfnlallpobldpbhandllbeobg"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--363d6bb3-c4b8-49ed-80ef-e7f6ed65d293", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.564959Z", "modified": "2026-06-02T15:57:32.564959Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ijohicfhndicpnmkaldafhbecijhdikd) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ijohicfhndicpnmkaldafhbecijhdikd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ijohicfhndicpnmkaldafhbecijhdikd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ijohicfhndicpnmkaldafhbecijhdikd", "external_id": "ijohicfhndicpnmkaldafhbecijhdikd"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7d9c53ef-7820-4b3c-ab74-7cf5c0d35f81", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.56597Z", "modified": "2026-06-02T15:57:32.56597Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jbfponbaiamgjmfpfghcjjhddjdjdpna) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jbfponbaiamgjmfpfghcjjhddjdjdpna']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jbfponbaiamgjmfpfghcjjhddjdjdpna", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jbfponbaiamgjmfpfghcjjhddjdjdpna", "external_id": "jbfponbaiamgjmfpfghcjjhddjdjdpna"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--541648ae-1a56-48d3-b835-05c961a6b6a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.566974Z", "modified": "2026-06-02T15:57:32.566974Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jfamimfejiccpbnghhjfcibhkgblmiml) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jfamimfejiccpbnghhjfcibhkgblmiml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jfamimfejiccpbnghhjfcibhkgblmiml", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jfamimfejiccpbnghhjfcibhkgblmiml", "external_id": "jfamimfejiccpbnghhjfcibhkgblmiml"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--622620e5-fe36-47df-9238-cdb3fdeb6d89", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.568002Z", "modified": "2026-06-02T15:57:32.568002Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jlaaidmjgpgfkhehcljmeckhlaibgaol) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jlaaidmjgpgfkhehcljmeckhlaibgaol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jlaaidmjgpgfkhehcljmeckhlaibgaol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jlaaidmjgpgfkhehcljmeckhlaibgaol", "external_id": "jlaaidmjgpgfkhehcljmeckhlaibgaol"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ff63644c-63ca-4735-b3d6-46eb54191348", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.569156Z", "modified": "2026-06-02T15:57:32.569156Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kjnmimfgphmcppjhombdhhegpjphpiol) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjnmimfgphmcppjhombdhhegpjphpiol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjnmimfgphmcppjhombdhhegpjphpiol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjnmimfgphmcppjhombdhhegpjphpiol", "external_id": "kjnmimfgphmcppjhombdhhegpjphpiol"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9e617b22-8de6-47d7-b083-0612f5487548", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.570166Z", "modified": "2026-06-02T15:57:32.570166Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lfaahmcgahoalphllknbfcckggddoffj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lfaahmcgahoalphllknbfcckggddoffj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lfaahmcgahoalphllknbfcckggddoffj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lfaahmcgahoalphllknbfcckggddoffj", "external_id": "lfaahmcgahoalphllknbfcckggddoffj"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9f41ae35-e6af-4fe5-8ac4-3c3e5aea59eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.57119Z", "modified": "2026-06-02T15:57:32.57119Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mcbcknmlpfkbpogpnfcimfgdmchchmmg) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mcbcknmlpfkbpogpnfcimfgdmchchmmg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mcbcknmlpfkbpogpnfcimfgdmchchmmg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mcbcknmlpfkbpogpnfcimfgdmchchmmg", "external_id": "mcbcknmlpfkbpogpnfcimfgdmchchmmg"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b6b0259d-7dec-4a6f-b5a1-532ffc01ac58", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.572222Z", "modified": "2026-06-02T15:57:32.572222Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mciddpldhpdpibckghnaoidpolnmighk) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mciddpldhpdpibckghnaoidpolnmighk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mciddpldhpdpibckghnaoidpolnmighk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mciddpldhpdpibckghnaoidpolnmighk", "external_id": "mciddpldhpdpibckghnaoidpolnmighk"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8d39ee28-29a4-49b9-b44a-7d914c67a255", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.57328Z", "modified": "2026-06-02T15:57:32.57328Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mjbimaghobnkobfefccnnnjedoefbafl) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mjbimaghobnkobfefccnnnjedoefbafl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mjbimaghobnkobfefccnnnjedoefbafl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mjbimaghobnkobfefccnnnjedoefbafl", "external_id": "mjbimaghobnkobfefccnnnjedoefbafl"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f3e8fd84-805e-43bd-b063-1eb890d81804", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.574325Z", "modified": "2026-06-02T15:57:32.574325Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mnbhnjecaofgddbldmppbbdlokappkgk) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mnbhnjecaofgddbldmppbbdlokappkgk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mnbhnjecaofgddbldmppbbdlokappkgk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mnbhnjecaofgddbldmppbbdlokappkgk", "external_id": "mnbhnjecaofgddbldmppbbdlokappkgk"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1cdd8f7d-f322-4309-81ad-28d0e7e05660", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.575352Z", "modified": "2026-06-02T15:57:32.575352Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nicmhgecboifljcnbbjlajbpagmhcclp) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nicmhgecboifljcnbbjlajbpagmhcclp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nicmhgecboifljcnbbjlajbpagmhcclp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nicmhgecboifljcnbbjlajbpagmhcclp", "external_id": "nicmhgecboifljcnbbjlajbpagmhcclp"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bd5bf159-8a57-4892-9af2-3b91cf94524b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.576535Z", "modified": "2026-06-02T15:57:32.576535Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (njhfmnfcoffkdjbgpannpgifnbgdihkl) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njhfmnfcoffkdjbgpannpgifnbgdihkl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njhfmnfcoffkdjbgpannpgifnbgdihkl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njhfmnfcoffkdjbgpannpgifnbgdihkl", "external_id": "njhfmnfcoffkdjbgpannpgifnbgdihkl"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a0e8fee1-56ca-4d96-b399-dc4d00c45014", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.57757Z", "modified": "2026-06-02T15:57:32.57757Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (noilkpnilphojpjaimfcnldblelgllaa) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/noilkpnilphojpjaimfcnldblelgllaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:noilkpnilphojpjaimfcnldblelgllaa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/noilkpnilphojpjaimfcnldblelgllaa", "external_id": "noilkpnilphojpjaimfcnldblelgllaa"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--99b6cd29-aefa-4937-b1d6-da43d2b1757e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.578603Z", "modified": "2026-06-02T15:57:32.578603Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (obcfoaeoidokjbaokikamaljjlpebofe) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obcfoaeoidokjbaokikamaljjlpebofe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obcfoaeoidokjbaokikamaljjlpebofe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obcfoaeoidokjbaokikamaljjlpebofe", "external_id": "obcfoaeoidokjbaokikamaljjlpebofe"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--70ff7051-122f-4234-a4fa-65a2dc7e45cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.579633Z", "modified": "2026-06-02T15:57:32.579633Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oejafikjmfmejaafjjkoeejjpdfkdkpc) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oejafikjmfmejaafjjkoeejjpdfkdkpc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oejafikjmfmejaafjjkoeejjpdfkdkpc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oejafikjmfmejaafjjkoeejjpdfkdkpc", "external_id": "oejafikjmfmejaafjjkoeejjpdfkdkpc"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4b16d2b5-3e11-4cce-a2ab-64a4db744abe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.580638Z", "modified": "2026-06-02T15:57:32.580638Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ogaclpidpghafcnbchgpbigfegdbdikj) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ogaclpidpghafcnbchgpbigfegdbdikj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ogaclpidpghafcnbchgpbigfegdbdikj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ogaclpidpghafcnbchgpbigfegdbdikj", "external_id": "ogaclpidpghafcnbchgpbigfegdbdikj"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--14bf04bb-0516-4158-8588-4d4a3d179e60", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.581637Z", "modified": "2026-06-02T15:57:32.581637Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (opmelhjohnmenjibglddlpmbpbocohck) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opmelhjohnmenjibglddlpmbpbocohck']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opmelhjohnmenjibglddlpmbpbocohck", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opmelhjohnmenjibglddlpmbpbocohck", "external_id": "opmelhjohnmenjibglddlpmbpbocohck"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--97cd58c7-1da2-4b24-a96c-7943593652dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.582642Z", "modified": "2026-06-02T15:57:32.582642Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pbilbjpkfbfbackdcejdmhdfgeldakkn) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pbilbjpkfbfbackdcejdmhdfgeldakkn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pbilbjpkfbfbackdcejdmhdfgeldakkn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pbilbjpkfbfbackdcejdmhdfgeldakkn", "external_id": "pbilbjpkfbfbackdcejdmhdfgeldakkn"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b6c1210d-ba97-4b82-95cf-628090a4c7bd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.583836Z", "modified": "2026-06-02T15:57:32.583836Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pcmdfnnipgpilomfclbnjpbdnmbcgjaf) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pcmdfnnipgpilomfclbnjpbdnmbcgjaf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pcmdfnnipgpilomfclbnjpbdnmbcgjaf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pcmdfnnipgpilomfclbnjpbdnmbcgjaf", "external_id": "pcmdfnnipgpilomfclbnjpbdnmbcgjaf"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ddc5ff0c-c3c7-4e59-be1b-6fa8111abcbb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.584851Z", "modified": "2026-06-02T15:57:32.584851Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pedokobimilhjemibclahcelgedmkgei) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pedokobimilhjemibclahcelgedmkgei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pedokobimilhjemibclahcelgedmkgei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pedokobimilhjemibclahcelgedmkgei", "external_id": "pedokobimilhjemibclahcelgedmkgei"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--12af13e8-df7b-4156-8bc9-ea8824c25e18", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.585862Z", "modified": "2026-06-02T15:57:32.585862Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (plnlhldekkpgnngfdbdhocnjfplgnekg) \u201cThe reporter did not correlate the EXTID \u2192 EXTID-NAME.  Have to check their post to confirm EXTID-NAME\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/plnlhldekkpgnngfdbdhocnjfplgnekg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-04-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:plnlhldekkpgnngfdbdhocnjfplgnekg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/plnlhldekkpgnngfdbdhocnjfplgnekg", "external_id": "plnlhldekkpgnngfdbdhocnjfplgnekg"}, {"source_name": "Original Research", "url": "https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7bc6a366-0c82-41f9-acc7-2ca1e06826e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.587232Z", "modified": "2026-06-02T15:57:32.587232Z", "name": "Malicious Extension: \u201cHover Zoom\u201d", "description": "Malicious browser extension: \u201cHover Zoom\u201d (nonjdcjchghhkdoolnlbekcfllmednbl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nonjdcjchghhkdoolnlbekcfllmednbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nonjdcjchghhkdoolnlbekcfllmednbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nonjdcjchghhkdoolnlbekcfllmednbl", "external_id": "nonjdcjchghhkdoolnlbekcfllmednbl"}, {"source_name": "Original Research", "url": "https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/"}, {"source_name": "Article", "url": "https://www.salon.com/2019/07/22/malicious-browser-extensions-are-stealing-personal-information/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ed370d52-27fc-4e21-8e93-60146e8a210d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.588294Z", "modified": "2026-06-02T15:57:32.588294Z", "name": "Malicious Extension: \u201cSpeakIt!\u201d", "description": "Malicious browser extension: \u201cSpeakIt!\u201d (pgeolalilifpodheeocdmbhehgnkkbak)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgeolalilifpodheeocdmbhehgnkkbak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgeolalilifpodheeocdmbhehgnkkbak", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgeolalilifpodheeocdmbhehgnkkbak", "external_id": "pgeolalilifpodheeocdmbhehgnkkbak"}, {"source_name": "Original Research", "url": "https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/"}, {"source_name": "Article", "url": "https://www.salon.com/2019/07/22/malicious-browser-extensions-are-stealing-personal-information/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cc72c9f5-0e31-4808-bb8e-acda150caee3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.589348Z", "modified": "2026-06-02T15:57:32.589348Z", "name": "Malicious Extension: \u201cSuperZoom\u201d", "description": "Malicious browser extension: \u201cSuperZoom\u201d (gnamdgilanlgeeljfnckhboobddoahbl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gnamdgilanlgeeljfnckhboobddoahbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gnamdgilanlgeeljfnckhboobddoahbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gnamdgilanlgeeljfnckhboobddoahbl", "external_id": "gnamdgilanlgeeljfnckhboobddoahbl"}, {"source_name": "Original Research", "url": "https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/"}, {"source_name": "Article", "url": "https://www.salon.com/2019/07/22/malicious-browser-extensions-are-stealing-personal-information/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7b9a4536-829c-4c1e-9da1-34344b272368", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.590407Z", "modified": "2026-06-02T15:57:32.590407Z", "name": "Malicious Extension: \u201cFairShare Unlock\u201d", "description": "Malicious browser extension: \u201cFairShare Unlock\u201d (alecjlhgldihcjjcffgjalappiifdhae)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/alecjlhgldihcjjcffgjalappiifdhae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:alecjlhgldihcjjcffgjalappiifdhae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/alecjlhgldihcjjcffgjalappiifdhae", "external_id": "alecjlhgldihcjjcffgjalappiifdhae"}, {"source_name": "Original Research", "url": "https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/"}, {"source_name": "Article", "url": "https://www.salon.com/2019/07/22/malicious-browser-extensions-are-stealing-personal-information/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f10bcd32-7e7f-4a32-9734-efec8c912890", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.592599Z", "modified": "2026-06-02T15:57:32.592599Z", "name": "Malicious Extension: \u201cPanelMeasurement\u201d", "description": "Malicious browser extension: \u201cPanelMeasurement\u201d (kelbkhobcfhdcfhohdkjnaimmicmhcbo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kelbkhobcfhdcfhohdkjnaimmicmhcbo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kelbkhobcfhdcfhohdkjnaimmicmhcbo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kelbkhobcfhdcfhohdkjnaimmicmhcbo", "external_id": "kelbkhobcfhdcfhohdkjnaimmicmhcbo"}, {"source_name": "Original Research", "url": "https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/"}, {"source_name": "Article", "url": "https://www.salon.com/2019/07/22/malicious-browser-extensions-are-stealing-personal-information/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3e931bf4-41a4-4875-9c14-29eb3c388d73", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.593709Z", "modified": "2026-06-02T15:57:32.593709Z", "name": "Malicious Extension: \u201cBranded Surveys\u201d", "description": "Malicious browser extension: \u201cBranded Surveys\u201d (dpglnfbihebejclmfmdcbgjembbfjneo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dpglnfbihebejclmfmdcbgjembbfjneo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dpglnfbihebejclmfmdcbgjembbfjneo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dpglnfbihebejclmfmdcbgjembbfjneo", "external_id": "dpglnfbihebejclmfmdcbgjembbfjneo"}, {"source_name": "Original Research", "url": "https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/"}, {"source_name": "Article", "url": "https://www.salon.com/2019/07/22/malicious-browser-extensions-are-stealing-personal-information/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8fdacb92-e97f-4450-8128-8492386ff847", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.594785Z", "modified": "2026-06-02T15:57:32.594785Z", "name": "Malicious Extension: \u201cPanel Community Surveys\u201d", "description": "Malicious browser extension: \u201cPanel Community Surveys\u201d (lpjhpdcflkecpciaehfbpafflkeomcnb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lpjhpdcflkecpciaehfbpafflkeomcnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lpjhpdcflkecpciaehfbpafflkeomcnb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lpjhpdcflkecpciaehfbpafflkeomcnb", "external_id": "lpjhpdcflkecpciaehfbpafflkeomcnb"}, {"source_name": "Original Research", "url": "https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/"}, {"source_name": "Article", "url": "https://www.salon.com/2019/07/22/malicious-browser-extensions-are-stealing-personal-information/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a15a4af4-1b7b-4a51-9534-a9fc0beb63e7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.595836Z", "modified": "2026-06-02T15:57:32.595836Z", "name": "Malicious Extension: \u201cShitcoin Wallet\u201d", "description": "Malicious browser extension: \u201cShitcoin Wallet\u201d (ckkgmccefffnbbalkmbbgebbojjogffn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ckkgmccefffnbbalkmbbgebbojjogffn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ckkgmccefffnbbalkmbbgebbojjogffn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ckkgmccefffnbbalkmbbgebbojjogffn", "external_id": "ckkgmccefffnbbalkmbbgebbojjogffn"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/chrome-extension-caught-stealing-crypto-wallet-private-keys/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d948e6b6-36b9-402a-a676-3116b3d1f79b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.596845Z", "modified": "2026-06-02T15:57:32.596845Z", "name": "Malicious Extension: \u201cChange HTTP Request Header\u201d", "description": "Malicious browser extension: \u201cChange HTTP Request Header\u201d (ppmibgfeefcglejjlpeihfdimbkfbbnm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ppmibgfeefcglejjlpeihfdimbkfbbnm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ppmibgfeefcglejjlpeihfdimbkfbbnm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ppmibgfeefcglejjlpeihfdimbkfbbnm", "external_id": "ppmibgfeefcglejjlpeihfdimbkfbbnm"}, {"source_name": "Article", "url": "https://blog.gigamon.com/2018/01/18/malicious-chrome-extensions-enable-criminals-to-impact-half-a-million-users-and-global-businesses/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e010325c-9b35-4bc5-b072-24586ede89b8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.597842Z", "modified": "2026-06-02T15:57:32.597842Z", "name": "Malicious Extension: \u201cNyoogle \u2013 Custom Logo for Google\u201d", "description": "Malicious browser extension: \u201cNyoogle \u2013 Custom Logo for Google\u201d (ginfoagmgomhccdaclfbbbhfjgmphkph)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ginfoagmgomhccdaclfbbbhfjgmphkph']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ginfoagmgomhccdaclfbbbhfjgmphkph", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ginfoagmgomhccdaclfbbbhfjgmphkph", "external_id": "ginfoagmgomhccdaclfbbbhfjgmphkph"}, {"source_name": "Article", "url": "https://blog.gigamon.com/2018/01/18/malicious-chrome-extensions-enable-criminals-to-impact-half-a-million-users-and-global-businesses/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--898305cf-0372-47d1-b834-bee1f2959b9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.598844Z", "modified": "2026-06-02T15:57:32.598844Z", "name": "Malicious Extension: \u201cLite Bookmarks\u201d", "description": "Malicious browser extension: \u201cLite Bookmarks\u201d (mpneoicaochhlckfkackiigepakdgapj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mpneoicaochhlckfkackiigepakdgapj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mpneoicaochhlckfkackiigepakdgapj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mpneoicaochhlckfkackiigepakdgapj", "external_id": "mpneoicaochhlckfkackiigepakdgapj"}, {"source_name": "Article", "url": "https://blog.gigamon.com/2018/01/18/malicious-chrome-extensions-enable-criminals-to-impact-half-a-million-users-and-global-businesses/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--82ad2635-6b5f-40f4-bb4a-43165726f8c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.624309Z", "modified": "2026-06-02T15:57:32.624309Z", "name": "Malicious Extension: \u201cStickies \u2013 Chrome\u2019s Post-it Notes\u201d", "description": "Malicious browser extension: \u201cStickies \u2013 Chrome\u2019s Post-it Notes\u201d (djffibmpaakodnbmcdemmmjmeolcmbae)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/djffibmpaakodnbmcdemmmjmeolcmbae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:djffibmpaakodnbmcdemmmjmeolcmbae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/djffibmpaakodnbmcdemmmjmeolcmbae", "external_id": "djffibmpaakodnbmcdemmmjmeolcmbae"}, {"source_name": "Article", "url": "https://blog.gigamon.com/2018/01/18/malicious-chrome-extensions-enable-criminals-to-impact-half-a-million-users-and-global-businesses/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5101fa67-3574-46b4-b400-8d7374b995f4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.625725Z", "modified": "2026-06-02T15:57:32.625725Z", "name": "Malicious Extension: \u201ciCalc\u201d", "description": "Malicious browser extension: \u201ciCalc\u201d (pejkmgfabkeddfcfldloonjbikjddapb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pejkmgfabkeddfcfldloonjbikjddapb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-08-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pejkmgfabkeddfcfldloonjbikjddapb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pejkmgfabkeddfcfldloonjbikjddapb", "external_id": "pejkmgfabkeddfcfldloonjbikjddapb"}, {"source_name": "Original Research", "url": "https://blog.malwarebytes.com/threat-analysis/2016/01/rogue-google-chrome-extension-spies-on-you/"}, {"source_name": "Article", "url": "https://arstechnica.com/information-technology/2017/08/bank-fraud-malware-not-detected-by-any-av-hosted-in-chrome-web-store-twice/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a947e291-de42-44ee-a90d-d3fa8f8542cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.627002Z", "modified": "2026-06-02T15:57:32.627002Z", "name": "Malicious Extension: \u201cNigelfy\u201d", "description": "Malicious browser extension: \u201cNigelfy\u201d (gmddfjhfjgbmabkihepijkanhmlooajl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gmddfjhfjgbmabkihepijkanhmlooajl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-10T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gmddfjhfjgbmabkihepijkanhmlooajl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gmddfjhfjgbmabkihepijkanhmlooajl", "external_id": "gmddfjhfjgbmabkihepijkanhmlooajl"}, {"source_name": "Original Research", "url": "https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.radware.com/security/malware/nigelthorn-malware/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9661b333-8815-4504-ad81-7b9b170fe499", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.628227Z", "modified": "2026-06-02T15:57:32.628227Z", "name": "Malicious Extension: \u201cPwnerLike\u201d", "description": "Malicious browser extension: \u201cPwnerLike\u201d (kajjcgpohlkdcjfkcbkkbhapafcblaom)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kajjcgpohlkdcjfkcbkkbhapafcblaom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-10T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kajjcgpohlkdcjfkcbkkbhapafcblaom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kajjcgpohlkdcjfkcbkkbhapafcblaom", "external_id": "kajjcgpohlkdcjfkcbkkbhapafcblaom"}, {"source_name": "Original Research", "url": "https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.radware.com/security/malware/nigelthorn-malware/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--184b6e63-f9b9-4570-9870-d6f1e56a08e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.629377Z", "modified": "2026-06-02T15:57:32.629377Z", "name": "Malicious Extension: \u201cAlt-j\u201d", "description": "Malicious browser extension: \u201cAlt-j\u201d (anbnajjakpmfdofijejenaclbceejlll)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/anbnajjakpmfdofijejenaclbceejlll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-10T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:anbnajjakpmfdofijejenaclbceejlll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/anbnajjakpmfdofijejenaclbceejlll", "external_id": "anbnajjakpmfdofijejenaclbceejlll"}, {"source_name": "Original Research", "url": "https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.radware.com/security/malware/nigelthorn-malware/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b7d1a1ab-5e59-42a8-8435-1d80578adff8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.630492Z", "modified": "2026-06-02T15:57:32.630492Z", "name": "Malicious Extension: \u201cFix-case\u201d", "description": "Malicious browser extension: \u201cFix-case\u201d (jkkmcoihchcflfjnigngdegbemipdlnl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jkkmcoihchcflfjnigngdegbemipdlnl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-10T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jkkmcoihchcflfjnigngdegbemipdlnl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jkkmcoihchcflfjnigngdegbemipdlnl", "external_id": "jkkmcoihchcflfjnigngdegbemipdlnl"}, {"source_name": "Original Research", "url": "https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.radware.com/security/malware/nigelthorn-malware/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--400bab91-63ac-44f7-be4b-0c062f85a4a0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.631763Z", "modified": "2026-06-02T15:57:32.631763Z", "name": "Malicious Extension: \u201cDivinity 2 Original Sin:  Wiki Skill Popup\u201d", "description": "Malicious browser extension: \u201cDivinity 2 Original Sin:  Wiki Skill Popup\u201d (ajmchakbijebimbgcohecngliijaddin)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ajmchakbijebimbgcohecngliijaddin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-10T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ajmchakbijebimbgcohecngliijaddin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ajmchakbijebimbgcohecngliijaddin", "external_id": "ajmchakbijebimbgcohecngliijaddin"}, {"source_name": "Original Research", "url": "https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.radware.com/security/malware/nigelthorn-malware/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0b49224f-4fa4-4c95-a4c7-e4108cf59766", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.632855Z", "modified": "2026-06-02T15:57:32.632855Z", "name": "Malicious Extension: \u201ckeeprivate\u201d", "description": "Malicious browser extension: \u201ckeeprivate\u201d (edpoobbacbcmfpnfpjoambjbihhobooi)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edpoobbacbcmfpnfpjoambjbihhobooi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-10T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:edpoobbacbcmfpnfpjoambjbihhobooi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edpoobbacbcmfpnfpjoambjbihhobooi", "external_id": "edpoobbacbcmfpnfpjoambjbihhobooi"}, {"source_name": "Original Research", "url": "https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.radware.com/security/malware/nigelthorn-malware/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dcb476d1-b758-44bf-ac96-3d28286cc137", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.633938Z", "modified": "2026-06-02T15:57:32.633938Z", "name": "Malicious Extension: \u201cIhabno\u201d", "description": "Malicious browser extension: \u201cIhabno\u201d (opfogdennafhaoihhkocppaajlkpbfbn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opfogdennafhaoihhkocppaajlkpbfbn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-10T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opfogdennafhaoihhkocppaajlkpbfbn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opfogdennafhaoihhkocppaajlkpbfbn", "external_id": "opfogdennafhaoihhkocppaajlkpbfbn"}, {"source_name": "Original Research", "url": "https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.radware.com/security/malware/nigelthorn-malware/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--327997e8-0402-433c-92e7-eb095c434ab2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.63495Z", "modified": "2026-06-02T15:57:32.63495Z", "name": "Malicious Extension: \u201cDark theme suite\u201d", "description": "Malicious browser extension: \u201cDark theme suite\u201d (ikojddbdekpboemgplhbloojlncbpmdd)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ikojddbdekpboemgplhbloojlncbpmdd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ikojddbdekpboemgplhbloojlncbpmdd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ikojddbdekpboemgplhbloojlncbpmdd", "external_id": "ikojddbdekpboemgplhbloojlncbpmdd"}, {"source_name": "Original Research", "url": "https://www.reddit.com/r/chrome/comments/hbpi7z/found_a_extension_that_contains_malware/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e4e2f6b6-1c28-4f74-a237-d1a85a1a87ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.635973Z", "modified": "2026-06-02T15:57:32.635973Z", "name": "Malicious Extension: \u201cSlope unblocked game\u201d", "description": "Malicious browser extension: \u201cSlope unblocked game\u201d (chlpbdodahbpifpjbcoocpfadoffdbpb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/chlpbdodahbpifpjbcoocpfadoffdbpb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-06-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:chlpbdodahbpifpjbcoocpfadoffdbpb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/chlpbdodahbpifpjbcoocpfadoffdbpb", "external_id": "chlpbdodahbpifpjbcoocpfadoffdbpb"}, {"source_name": "Original Research", "url": "https://www.reddit.com/r/chrome/comments/hbpi7z/found_a_extension_that_contains_malware/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--87a2f0f7-e856-4151-b0de-ce3f211ef896", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.637029Z", "modified": "2026-06-02T15:57:32.637029Z", "name": "Malicious Extension: \"ScreenShot & Screen Capture Elite\"", "description": "Malicious browser extension: \"ScreenShot & Screen Capture Elite\" (flbcjbhgomclbhlchggbmnpekhfeacim)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flbcjbhgomclbhlchggbmnpekhfeacim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:flbcjbhgomclbhlchggbmnpekhfeacim", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flbcjbhgomclbhlchggbmnpekhfeacim", "external_id": "flbcjbhgomclbhlchggbmnpekhfeacim"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--94d2827d-2c32-489f-93ba-bd2b25818ae2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.638098Z", "modified": "2026-06-02T15:57:32.638098Z", "name": "Malicious Extension: \u201cKawaii Wallpaper HD Custom New Tab\u201d", "description": "Malicious browser extension: \u201cKawaii Wallpaper HD Custom New Tab\u201d (aadmpgppfacognoeobmheghfiibdplcf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aadmpgppfacognoeobmheghfiibdplcf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aadmpgppfacognoeobmheghfiibdplcf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aadmpgppfacognoeobmheghfiibdplcf", "external_id": "aadmpgppfacognoeobmheghfiibdplcf"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--21897d1f-f726-4636-8571-267d20f9fa59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.639331Z", "modified": "2026-06-02T15:57:32.639331Z", "name": "Malicious Extension: \"Shadow Of The Tomb Raider Wallpaper New Tab\"", "description": "Malicious browser extension: \"Shadow Of The Tomb Raider Wallpaper New Tab\" (abgfholnofpihncfdmombecmohpkojdb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/abgfholnofpihncfdmombecmohpkojdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:abgfholnofpihncfdmombecmohpkojdb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/abgfholnofpihncfdmombecmohpkojdb", "external_id": "abgfholnofpihncfdmombecmohpkojdb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--208ad613-fce0-46d0-864b-811d2b4c3ccf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.640395Z", "modified": "2026-06-02T15:57:32.640395Z", "name": "Malicious Extension: \"Kpop SHINee Wallpapers HD New Tab\"", "description": "Malicious browser extension: \"Kpop SHINee Wallpapers HD New Tab\" (aciloeifdphkogbpagikkpiecbjkmedn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aciloeifdphkogbpagikkpiecbjkmedn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aciloeifdphkogbpagikkpiecbjkmedn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aciloeifdphkogbpagikkpiecbjkmedn", "external_id": "aciloeifdphkogbpagikkpiecbjkmedn"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8219f108-6f02-4538-9315-3ab6fda6c16c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.641589Z", "modified": "2026-06-02T15:57:32.641589Z", "name": "Malicious Extension: \"Tokyo Ghoul Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Tokyo Ghoul Wallpaper HD Custom New Tab\" (acmgemnaochmalgkipbamjddcplkdmjm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acmgemnaochmalgkipbamjddcplkdmjm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:acmgemnaochmalgkipbamjddcplkdmjm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acmgemnaochmalgkipbamjddcplkdmjm", "external_id": "acmgemnaochmalgkipbamjddcplkdmjm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--09466bbe-e7b2-4c77-90fb-289d835ab311", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.642669Z", "modified": "2026-06-02T15:57:32.642669Z", "name": "Malicious Extension: \"Mega Man Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Mega Man Wallpaper HD Custom New Tab\" (addpbbembilhmnkjpenjgcgmihlcofja)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/addpbbembilhmnkjpenjgcgmihlcofja']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:addpbbembilhmnkjpenjgcgmihlcofja", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/addpbbembilhmnkjpenjgcgmihlcofja", "external_id": "addpbbembilhmnkjpenjgcgmihlcofja"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--75363d44-e011-4191-9f4b-cd33ca0b1bd2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.643749Z", "modified": "2026-06-02T15:57:32.643749Z", "name": "Malicious Extension: \"Weather forecast for Chrome\u2122\"", "description": "Malicious browser extension: \"Weather forecast for Chrome\u2122\" (adfjcmhegakkhojnallobfjbhenbkopj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/adfjcmhegakkhojnallobfjbhenbkopj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:adfjcmhegakkhojnallobfjbhenbkopj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/adfjcmhegakkhojnallobfjbhenbkopj", "external_id": "adfjcmhegakkhojnallobfjbhenbkopj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2e105df6-4d55-44f7-a187-9d93e8d248f5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.6458Z", "modified": "2026-06-02T15:57:32.6458Z", "name": "Malicious Extension: \"Kpop Blackpink Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Kpop Blackpink Wallpaper HD Custom New Tab\" (aeklcpmgaadjpglhjmcidlekijpnmdhc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aeklcpmgaadjpglhjmcidlekijpnmdhc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aeklcpmgaadjpglhjmcidlekijpnmdhc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aeklcpmgaadjpglhjmcidlekijpnmdhc", "external_id": "aeklcpmgaadjpglhjmcidlekijpnmdhc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6988bc4f-d13f-4d04-995f-56b9051a9666", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.646971Z", "modified": "2026-06-02T15:57:32.646971Z", "name": "Malicious Extension: \"Kpop Red Velvet HD NewTab Themes\"", "description": "Malicious browser extension: \"Kpop Red Velvet HD NewTab Themes\" (afifalglopajkmdkgnphpfkmgpgdngfj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/afifalglopajkmdkgnphpfkmgpgdngfj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:afifalglopajkmdkgnphpfkmgpgdngfj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/afifalglopajkmdkgnphpfkmgpgdngfj", "external_id": "afifalglopajkmdkgnphpfkmgpgdngfj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--695c2a4c-1446-4095-ab7f-e41915c863d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.648283Z", "modified": "2026-06-02T15:57:32.648283Z", "name": "Malicious Extension: \"Tumblr Wallpapers Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Tumblr Wallpapers Wallpaper HD Custom New Tab\" (agldjlpmeladgadoikdbndmeljpmnajl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/agldjlpmeladgadoikdbndmeljpmnajl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:agldjlpmeladgadoikdbndmeljpmnajl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/agldjlpmeladgadoikdbndmeljpmnajl", "external_id": "agldjlpmeladgadoikdbndmeljpmnajl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eb33d804-3b2a-4128-b351-4fee84574e7d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.649373Z", "modified": "2026-06-02T15:57:32.649373Z", "name": "Malicious Extension: \"season 6 fortnite HD Wallpapers NewTab\"", "description": "Malicious browser extension: \"season 6 fortnite HD Wallpapers NewTab\" (ahmmgfhcokekfofjdndgmkffifklogbo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ahmmgfhcokekfofjdndgmkffifklogbo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ahmmgfhcokekfofjdndgmkffifklogbo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ahmmgfhcokekfofjdndgmkffifklogbo", "external_id": "ahmmgfhcokekfofjdndgmkffifklogbo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b756bf21-6ad3-4e8e-b88f-afab6db4ad1f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.650439Z", "modified": "2026-06-02T15:57:32.650439Z", "name": "Malicious Extension: \"Unicorn Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Unicorn Wallpaper HD Custom New Tab\" (aippaajbmefpjeajhgaahmicdpgepnnm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aippaajbmefpjeajhgaahmicdpgepnnm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aippaajbmefpjeajhgaahmicdpgepnnm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aippaajbmefpjeajhgaahmicdpgepnnm", "external_id": "aippaajbmefpjeajhgaahmicdpgepnnm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f0fa7ad1-68c2-406c-bd09-537e57f4f5ec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.651524Z", "modified": "2026-06-02T15:57:32.651524Z", "name": "Malicious Extension: \"My Hero Academia Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"My Hero Academia Wallpaper HD Custom New Tab\" (akdpobnbjepjbnjklkkbdafemhnbfldj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akdpobnbjepjbnjklkkbdafemhnbfldj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:akdpobnbjepjbnjklkkbdafemhnbfldj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akdpobnbjepjbnjklkkbdafemhnbfldj", "external_id": "akdpobnbjepjbnjklkkbdafemhnbfldj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c8af3588-1138-496f-ba53-b952483a3fdd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.652591Z", "modified": "2026-06-02T15:57:32.652591Z", "name": "Malicious Extension: \"Cs Go Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Cs Go Wallpaper HD Custom New Tab\" (akhiflcfcbnheaofcaflofbmnkmjlnno)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akhiflcfcbnheaofcaflofbmnkmjlnno']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:akhiflcfcbnheaofcaflofbmnkmjlnno", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akhiflcfcbnheaofcaflofbmnkmjlnno", "external_id": "akhiflcfcbnheaofcaflofbmnkmjlnno"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7fb58637-abd1-426d-9585-9717300ea02a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.653652Z", "modified": "2026-06-02T15:57:32.653652Z", "name": "Malicious Extension: \"Super Junior Wallpapers Eunhyuk\"", "description": "Malicious browser extension: \"Super Junior Wallpapers Eunhyuk\" (aklklkifmplgnobmieahildcfbleamdb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aklklkifmplgnobmieahildcfbleamdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aklklkifmplgnobmieahildcfbleamdb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aklklkifmplgnobmieahildcfbleamdb", "external_id": "aklklkifmplgnobmieahildcfbleamdb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0c1e49d7-1f37-4797-9f0b-9fcb1fd9a9f8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.654702Z", "modified": "2026-06-02T15:57:32.654702Z", "name": "Malicious Extension: \"Boku No Hero Academia Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Boku No Hero Academia Wallpaper HD New Tab\" (alppaffmlaefpmopolgpkgmncopkbbep)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/alppaffmlaefpmopolgpkgmncopkbbep']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:alppaffmlaefpmopolgpkgmncopkbbep", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/alppaffmlaefpmopolgpkgmncopkbbep", "external_id": "alppaffmlaefpmopolgpkgmncopkbbep"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a2d6ffda-c80d-48ca-bdf2-adae2fd042be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.655949Z", "modified": "2026-06-02T15:57:32.655949Z", "name": "Malicious Extension: \"D.Gray-man Backgrounds New Tab\"", "description": "Malicious browser extension: \"D.Gray-man Backgrounds New Tab\" (amdnpfcpjglkdfcigaccfgmlmdepdpeo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/amdnpfcpjglkdfcigaccfgmlmdepdpeo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:amdnpfcpjglkdfcigaccfgmlmdepdpeo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/amdnpfcpjglkdfcigaccfgmlmdepdpeo", "external_id": "amdnpfcpjglkdfcigaccfgmlmdepdpeo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9346c1f0-3274-4f19-9c8a-b9bf1cac9d97", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.657002Z", "modified": "2026-06-02T15:57:32.657002Z", "name": "Malicious Extension: \"Super Cars - Sports Cars Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Super Cars - Sports Cars Wallpaper HD New Tab\" (aomepndmhbbklcjcknnhdabaaofahjcj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aomepndmhbbklcjcknnhdabaaofahjcj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aomepndmhbbklcjcknnhdabaaofahjcj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aomepndmhbbklcjcknnhdabaaofahjcj", "external_id": "aomepndmhbbklcjcknnhdabaaofahjcj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--53504a01-1041-4898-a19b-bcbb3cf22d9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.658069Z", "modified": "2026-06-02T15:57:32.658069Z", "name": "Malicious Extension: \"Lil Pump HD New Tab\"", "description": "Malicious browser extension: \"Lil Pump HD New Tab\" (badbchbijjjadlpjkkhmefaghggjjeha)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/badbchbijjjadlpjkkhmefaghggjjeha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:badbchbijjjadlpjkkhmefaghggjjeha", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/badbchbijjjadlpjkkhmefaghggjjeha", "external_id": "badbchbijjjadlpjkkhmefaghggjjeha"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--94543ae2-34a7-4b8c-acf2-d8344274309b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.659132Z", "modified": "2026-06-02T15:57:32.659132Z", "name": "Malicious Extension: \"3D Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"3D Wallpaper HD Custom New Tab\" (bbbdfjdplonnggfjjbjhggobffkggnkm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbbdfjdplonnggfjjbjhggobffkggnkm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bbbdfjdplonnggfjjbjhggobffkggnkm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbbdfjdplonnggfjjbjhggobffkggnkm", "external_id": "bbbdfjdplonnggfjjbjhggobffkggnkm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a111332c-8065-4e8f-a3de-75a01255758b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.660213Z", "modified": "2026-06-02T15:57:32.660213Z", "name": "Malicious Extension: \"Snowman & Gingerbread New Tab Constellations\"", "description": "Malicious browser extension: \"Snowman & Gingerbread New Tab Constellations\" (bbdldenhkjcoikalkfkgolomdpnncofc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbdldenhkjcoikalkfkgolomdpnncofc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bbdldenhkjcoikalkfkgolomdpnncofc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbdldenhkjcoikalkfkgolomdpnncofc", "external_id": "bbdldenhkjcoikalkfkgolomdpnncofc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c95dc94d-e2af-4b84-b780-692737eb2470", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.661272Z", "modified": "2026-06-02T15:57:32.661272Z", "name": "Malicious Extension: \"Gucci Tab Themes HD Bape\"", "description": "Malicious browser extension: \"Gucci Tab Themes HD Bape\" (bcdjcbgogdomoebdcbniaifnacjbglil)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bcdjcbgogdomoebdcbniaifnacjbglil']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bcdjcbgogdomoebdcbniaifnacjbglil", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bcdjcbgogdomoebdcbniaifnacjbglil", "external_id": "bcdjcbgogdomoebdcbniaifnacjbglil"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f361c87b-866b-4358-b281-b536ed86bdfd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.662332Z", "modified": "2026-06-02T15:57:32.662332Z", "name": "Malicious Extension: \"Bulldogs Tab\"", "description": "Malicious browser extension: \"Bulldogs Tab\" (bcepmajicjlaoleoljbpaemkfghohmib)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bcepmajicjlaoleoljbpaemkfghohmib']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bcepmajicjlaoleoljbpaemkfghohmib", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bcepmajicjlaoleoljbpaemkfghohmib", "external_id": "bcepmajicjlaoleoljbpaemkfghohmib"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--267c9a9b-8d20-4ece-b3ed-47241b8edc0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.663566Z", "modified": "2026-06-02T15:57:32.663566Z", "name": "Malicious Extension: \"Kobe Bryant - Black Mamba New Tab Themes HD\"", "description": "Malicious browser extension: \"Kobe Bryant - Black Mamba New Tab Themes HD\" (bdbablmeheiahecklheciomhmkplcoml)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bdbablmeheiahecklheciomhmkplcoml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bdbablmeheiahecklheciomhmkplcoml", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bdbablmeheiahecklheciomhmkplcoml", "external_id": "bdbablmeheiahecklheciomhmkplcoml"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--307bfbb3-2388-4911-ac2c-d271135a258a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.664628Z", "modified": "2026-06-02T15:57:32.664628Z", "name": "Malicious Extension: \"GTA 5 Grand Theft Auto\"", "description": "Malicious browser extension: \"GTA 5 Grand Theft Auto\" (bfeecodfffgkdedfhmgbfindokikafid)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bfeecodfffgkdedfhmgbfindokikafid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bfeecodfffgkdedfhmgbfindokikafid", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bfeecodfffgkdedfhmgbfindokikafid", "external_id": "bfeecodfffgkdedfhmgbfindokikafid"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f0196b53-c001-4de7-9476-7ce6f3d2a185", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.665683Z", "modified": "2026-06-02T15:57:32.665683Z", "name": "Malicious Extension: \"Bangtan Boys Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bangtan Boys Wallpaper HD Custom New Tab\" (bhifimmocncplbnikchffepggmofkake)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhifimmocncplbnikchffepggmofkake']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bhifimmocncplbnikchffepggmofkake", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhifimmocncplbnikchffepggmofkake", "external_id": "bhifimmocncplbnikchffepggmofkake"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--91afce42-ab39-4877-ab6f-d83cbcf113bd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.666735Z", "modified": "2026-06-02T15:57:32.666735Z", "name": "Malicious Extension: \"Aquarium Live Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Aquarium Live Wallpaper HD Custom New Tab\" (blipiofdiknkllpajgepiiigfmfgnfep)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/blipiofdiknkllpajgepiiigfmfgnfep']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:blipiofdiknkllpajgepiiigfmfgnfep", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/blipiofdiknkllpajgepiiigfmfgnfep", "external_id": "blipiofdiknkllpajgepiiigfmfgnfep"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a80ee5e6-7369-43cf-adc5-a593f8ff48fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.667802Z", "modified": "2026-06-02T15:57:32.667802Z", "name": "Malicious Extension: \"RM & Jin Tab Wallpapers\"", "description": "Malicious browser extension: \"RM & Jin Tab Wallpapers\" (bmagbmnmkaknlnoohbmobfmlgndijecb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bmagbmnmkaknlnoohbmobfmlgndijecb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bmagbmnmkaknlnoohbmobfmlgndijecb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bmagbmnmkaknlnoohbmobfmlgndijecb", "external_id": "bmagbmnmkaknlnoohbmobfmlgndijecb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ef14cfdc-ba37-4177-9d1e-fb140fb7e206", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.66886Z", "modified": "2026-06-02T15:57:32.66886Z", "name": "Malicious Extension: \"Akame Ga Kill Wallpapers HD\"", "description": "Malicious browser extension: \"Akame Ga Kill Wallpapers HD\" (bnecbeikepeloplclngelcgmgdnafhlp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bnecbeikepeloplclngelcgmgdnafhlp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bnecbeikepeloplclngelcgmgdnafhlp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bnecbeikepeloplclngelcgmgdnafhlp", "external_id": "bnecbeikepeloplclngelcgmgdnafhlp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--afebb3e3-fbb6-48ab-9d4e-0765be5f823a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.669915Z", "modified": "2026-06-02T15:57:32.669915Z", "name": "Malicious Extension: \"Sports Cars\"", "description": "Malicious browser extension: \"Sports Cars\" (bpnmalopmgpilaoikaeafokedkkonhea)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bpnmalopmgpilaoikaeafokedkkonhea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bpnmalopmgpilaoikaeafokedkkonhea", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bpnmalopmgpilaoikaeafokedkkonhea", "external_id": "bpnmalopmgpilaoikaeafokedkkonhea"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d6db0950-c7c2-4f04-a17a-2d272f7bc251", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.671147Z", "modified": "2026-06-02T15:57:32.671147Z", "name": "Malicious Extension: \"Moving Wallpapers Wallpapers\"", "description": "Malicious browser extension: \"Moving Wallpapers Wallpapers\" (cbncogjaakomibjcgdkpdjmlhfcjfojc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbncogjaakomibjcgdkpdjmlhfcjfojc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cbncogjaakomibjcgdkpdjmlhfcjfojc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbncogjaakomibjcgdkpdjmlhfcjfojc", "external_id": "cbncogjaakomibjcgdkpdjmlhfcjfojc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--08da37b3-2690-47cd-8b9d-ccbaf965511c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.672214Z", "modified": "2026-06-02T15:57:32.672214Z", "name": "Malicious Extension: \"Christmas Tree Lights NewTab Emoji\"", "description": "Malicious browser extension: \"Christmas Tree Lights NewTab Emoji\" (ccgmdfdcnpcfmpceggggmnhbolkhlffi)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ccgmdfdcnpcfmpceggggmnhbolkhlffi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ccgmdfdcnpcfmpceggggmnhbolkhlffi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ccgmdfdcnpcfmpceggggmnhbolkhlffi", "external_id": "ccgmdfdcnpcfmpceggggmnhbolkhlffi"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e5cfe91d-3bc1-45f3-be70-be681a7f8b91", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.673265Z", "modified": "2026-06-02T15:57:32.673265Z", "name": "Malicious Extension: \"Jungkook HD Tab Backgrounds\"", "description": "Malicious browser extension: \"Jungkook HD Tab Backgrounds\" (ccmnnlcciddhkdllgfmkojmmmpahdhlp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ccmnnlcciddhkdllgfmkojmmmpahdhlp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ccmnnlcciddhkdllgfmkojmmmpahdhlp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ccmnnlcciddhkdllgfmkojmmmpahdhlp", "external_id": "ccmnnlcciddhkdllgfmkojmmmpahdhlp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5f8349d6-246f-49d5-bc05-3bab7041ac3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.67431Z", "modified": "2026-06-02T15:57:32.67431Z", "name": "Malicious Extension: \"CS GO Themes NewTab\"", "description": "Malicious browser extension: \"CS GO Themes NewTab\" (cdpmhflbdaoifgkmlhpfkbfgcifchgpn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cdpmhflbdaoifgkmlhpfkbfgcifchgpn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cdpmhflbdaoifgkmlhpfkbfgcifchgpn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cdpmhflbdaoifgkmlhpfkbfgcifchgpn", "external_id": "cdpmhflbdaoifgkmlhpfkbfgcifchgpn"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ac8d05cd-83b7-4182-bd3d-51de4e920219", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.675378Z", "modified": "2026-06-02T15:57:32.675378Z", "name": "Malicious Extension: \"One Direction 1D HD NewTab\"", "description": "Malicious browser extension: \"One Direction 1D HD NewTab\" (cepgcjakdboolfkcbihdokfjjkeaddin)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cepgcjakdboolfkcbihdokfjjkeaddin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cepgcjakdboolfkcbihdokfjjkeaddin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cepgcjakdboolfkcbihdokfjjkeaddin", "external_id": "cepgcjakdboolfkcbihdokfjjkeaddin"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b16a993f-deef-451d-ab22-1f1c0f1f4372", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.67643Z", "modified": "2026-06-02T15:57:32.67643Z", "name": "Malicious Extension: \"My Hero Academia Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"My Hero Academia Wallpaper HD Custom New Tab\" (cfadfngejcdogjkkdohpkgeodjooogip)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cfadfngejcdogjkkdohpkgeodjooogip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cfadfngejcdogjkkdohpkgeodjooogip", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cfadfngejcdogjkkdohpkgeodjooogip", "external_id": "cfadfngejcdogjkkdohpkgeodjooogip"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ac80af90-624f-481f-808c-0e9efdca1507", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.677486Z", "modified": "2026-06-02T15:57:32.677486Z", "name": "Malicious Extension: \"Suga\"", "description": "Malicious browser extension: \"Suga\" (cgdmknakejoaompdmdeddpgmjffnniab)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cgdmknakejoaompdmdeddpgmjffnniab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cgdmknakejoaompdmdeddpgmjffnniab", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cgdmknakejoaompdmdeddpgmjffnniab", "external_id": "cgdmknakejoaompdmdeddpgmjffnniab"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dbaa6fcc-e4c0-4a63-914d-4d182de4579b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.678694Z", "modified": "2026-06-02T15:57:32.678694Z", "name": "Malicious Extension: \"Puppies Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Puppies Wallpaper HD Custom New Tab\" (cgodgjmdljiecnbcgdampafcmlgmfmid)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cgodgjmdljiecnbcgdampafcmlgmfmid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cgodgjmdljiecnbcgdampafcmlgmfmid", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cgodgjmdljiecnbcgdampafcmlgmfmid", "external_id": "cgodgjmdljiecnbcgdampafcmlgmfmid"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ae839d45-8ff1-438f-a8e6-37fdf707e3c1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.679761Z", "modified": "2026-06-02T15:57:32.679761Z", "name": "Malicious Extension: \"Gta V Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Gta V Wallpaper HD Custom New Tab\" (cibigjhoekijbagpgcgpgimebaiocdgm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cibigjhoekijbagpgcgpgimebaiocdgm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cibigjhoekijbagpgcgpgimebaiocdgm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cibigjhoekijbagpgcgpgimebaiocdgm", "external_id": "cibigjhoekijbagpgcgpgimebaiocdgm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f6ab1c82-209b-4a9b-85d1-42885789fc8f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.680821Z", "modified": "2026-06-02T15:57:32.680821Z", "name": "Malicious Extension: \"Lamborghini Live Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Lamborghini Live Wallpaper HD Custom New Tab\" (cjbdbomgdbdgdlainhobpjnfkoidcond)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cjbdbomgdbdgdlainhobpjnfkoidcond']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cjbdbomgdbdgdlainhobpjnfkoidcond", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cjbdbomgdbdgdlainhobpjnfkoidcond", "external_id": "cjbdbomgdbdgdlainhobpjnfkoidcond"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--040a3746-08cd-4464-91e0-7be853c9b793", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.681881Z", "modified": "2026-06-02T15:57:32.681881Z", "name": "Malicious Extension: \"Tokyo Ghoul Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Tokyo Ghoul Wallpaper HD Custom New Tab\" (clndgmolhlkchkbiinamamnbibkakiml)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/clndgmolhlkchkbiinamamnbibkakiml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:clndgmolhlkchkbiinamamnbibkakiml", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/clndgmolhlkchkbiinamamnbibkakiml", "external_id": "clndgmolhlkchkbiinamamnbibkakiml"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--db62ef8f-3af5-4e18-9389-e2837daad0a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.68294Z", "modified": "2026-06-02T15:57:32.68294Z", "name": "Malicious Extension: \"Galaxy Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Galaxy Wallpaper HD Custom New Tab\" (cmbfgkkjfkmmhalhebnhmanbenfghkcm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cmbfgkkjfkmmhalhebnhmanbenfghkcm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cmbfgkkjfkmmhalhebnhmanbenfghkcm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cmbfgkkjfkmmhalhebnhmanbenfghkcm", "external_id": "cmbfgkkjfkmmhalhebnhmanbenfghkcm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--93187731-a9ce-4231-a23d-314bc7932f4c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.684024Z", "modified": "2026-06-02T15:57:32.684024Z", "name": "Malicious Extension: \"Stargate SG-1 Tab Wallpapers HD\"", "description": "Malicious browser extension: \"Stargate SG-1 Tab Wallpapers HD\" (cncepimkmnhgbjmbcgoomegdkdhplihm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cncepimkmnhgbjmbcgoomegdkdhplihm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cncepimkmnhgbjmbcgoomegdkdhplihm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cncepimkmnhgbjmbcgoomegdkdhplihm", "external_id": "cncepimkmnhgbjmbcgoomegdkdhplihm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--49136c93-b3a5-4bd7-b31d-e204a4a70ee2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.685078Z", "modified": "2026-06-02T15:57:32.685078Z", "name": "Malicious Extension: \"Rogue One - Star Wars Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Rogue One - Star Wars Wallpaper HD New Tab\" (cnfbbaddndiehkmhdmmngecaofaojaeo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cnfbbaddndiehkmhdmmngecaofaojaeo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cnfbbaddndiehkmhdmmngecaofaojaeo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cnfbbaddndiehkmhdmmngecaofaojaeo", "external_id": "cnfbbaddndiehkmhdmmngecaofaojaeo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e0382bd0-fee3-48e2-800e-ab0d7950f730", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.686301Z", "modified": "2026-06-02T15:57:32.686301Z", "name": "Malicious Extension: \"Bugatti Vs Lamborghini Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Bugatti Vs Lamborghini Wallpaper HD New Tab\" (codilkcdacpeklilmgjknekfpminaieo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/codilkcdacpeklilmgjknekfpminaieo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:codilkcdacpeklilmgjknekfpminaieo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/codilkcdacpeklilmgjknekfpminaieo", "external_id": "codilkcdacpeklilmgjknekfpminaieo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e25097e6-9b47-4f0c-abca-d5d7a98a7e3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.687372Z", "modified": "2026-06-02T15:57:32.687372Z", "name": "Malicious Extension: \"Galaxy Space Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Galaxy Space Wallpaper HD Custom New Tab\" (dakenmmdlklnjdpdfmdjccpeapmijaad)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dakenmmdlklnjdpdfmdjccpeapmijaad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dakenmmdlklnjdpdfmdjccpeapmijaad", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dakenmmdlklnjdpdfmdjccpeapmijaad", "external_id": "dakenmmdlklnjdpdfmdjccpeapmijaad"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b7985c9a-6c57-4ed0-b51d-4d21662021a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.688447Z", "modified": "2026-06-02T15:57:32.688447Z", "name": "Malicious Extension: \"Avengers Endgame\"", "description": "Malicious browser extension: \"Avengers Endgame\" (dapecdhpbakbfcoijjpdfoffnajhifej)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dapecdhpbakbfcoijjpdfoffnajhifej']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dapecdhpbakbfcoijjpdfoffnajhifej", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dapecdhpbakbfcoijjpdfoffnajhifej", "external_id": "dapecdhpbakbfcoijjpdfoffnajhifej"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8ddbd267-98e9-4228-801b-0e35245557ec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.689505Z", "modified": "2026-06-02T15:57:32.689505Z", "name": "Malicious Extension: \"Spiderman HD NewTab Comics\"", "description": "Malicious browser extension: \"Spiderman HD NewTab Comics\" (dckadbanpeemhkphnnllamgolhbbbebi)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dckadbanpeemhkphnnllamgolhbbbebi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dckadbanpeemhkphnnllamgolhbbbebi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dckadbanpeemhkphnnllamgolhbbbebi", "external_id": "dckadbanpeemhkphnnllamgolhbbbebi"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d4cde65b-fd60-4e4b-8acf-19b655f1ad27", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.690563Z", "modified": "2026-06-02T15:57:32.690563Z", "name": "Malicious Extension: \"Glitter Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Glitter Wallpaper HD Custom New Tab\" (ddodaoihhhohncjalnjgmgnlfhgckgdj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ddodaoihhhohncjalnjgmgnlfhgckgdj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ddodaoihhhohncjalnjgmgnlfhgckgdj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ddodaoihhhohncjalnjgmgnlfhgckgdj", "external_id": "ddodaoihhhohncjalnjgmgnlfhgckgdj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--56fed766-8c3d-4fad-a3bf-f0bcdb59a2cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.691628Z", "modified": "2026-06-02T15:57:32.691628Z", "name": "Malicious Extension: \"Super Cars Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Super Cars Wallpaper HD Custom New Tab\" (dhbhgfiodedkhgocailljbhcfjhplibb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dhbhgfiodedkhgocailljbhcfjhplibb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dhbhgfiodedkhgocailljbhcfjhplibb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dhbhgfiodedkhgocailljbhcfjhplibb", "external_id": "dhbhgfiodedkhgocailljbhcfjhplibb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eca2c61d-88a6-45ea-ab0c-7e36956d276a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.692686Z", "modified": "2026-06-02T15:57:32.692686Z", "name": "Malicious Extension: \"Naruto Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Naruto Wallpaper HD Custom New Tab\" (dhcnonhheahlocjbbpkbammanpenpfop)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dhcnonhheahlocjbbpkbammanpenpfop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dhcnonhheahlocjbbpkbammanpenpfop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dhcnonhheahlocjbbpkbammanpenpfop", "external_id": "dhcnonhheahlocjbbpkbammanpenpfop"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f94a29e0-c055-489f-8ef6-673980ea4e47", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.693899Z", "modified": "2026-06-02T15:57:32.693899Z", "name": "Malicious Extension: \"Cats & Dogs Wallpapers & Cats & Dogs Games\"", "description": "Malicious browser extension: \"Cats & Dogs Wallpapers & Cats & Dogs Games\" (dhgmdjkeagnhamkedcejighocjkkijli)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dhgmdjkeagnhamkedcejighocjkkijli']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dhgmdjkeagnhamkedcejighocjkkijli", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dhgmdjkeagnhamkedcejighocjkkijli", "external_id": "dhgmdjkeagnhamkedcejighocjkkijli"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4fcddf81-306c-4a06-b23f-bfccfac29c3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.694964Z", "modified": "2026-06-02T15:57:32.694964Z", "name": "Malicious Extension: \"Riverdale Tab Themes\"", "description": "Malicious browser extension: \"Riverdale Tab Themes\" (dinlhhblgeikohhbfkcoeggglbjlanhg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dinlhhblgeikohhbfkcoeggglbjlanhg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dinlhhblgeikohhbfkcoeggglbjlanhg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dinlhhblgeikohhbfkcoeggglbjlanhg", "external_id": "dinlhhblgeikohhbfkcoeggglbjlanhg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--18145dc8-8921-481d-943f-4f89a6d48faa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.696026Z", "modified": "2026-06-02T15:57:32.696026Z", "name": "Malicious Extension: \"Kawaii Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Kawaii Wallpaper HD Custom New Tab\" (djjdjlbigcdjlghdioabbkjhdelmdhai)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/djjdjlbigcdjlghdioabbkjhdelmdhai']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:djjdjlbigcdjlghdioabbkjhdelmdhai", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/djjdjlbigcdjlghdioabbkjhdelmdhai", "external_id": "djjdjlbigcdjlghdioabbkjhdelmdhai"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--20a1adb5-c4cd-4b9d-913b-6959037b307e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.69709Z", "modified": "2026-06-02T15:57:32.69709Z", "name": "Malicious Extension: \"Stephen Curry NewTab Wallpapers\"", "description": "Malicious browser extension: \"Stephen Curry NewTab Wallpapers\" (dkcppkdodfegjkeefohjancleioblabi)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkcppkdodfegjkeefohjancleioblabi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkcppkdodfegjkeefohjancleioblabi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkcppkdodfegjkeefohjancleioblabi", "external_id": "dkcppkdodfegjkeefohjancleioblabi"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--59ed550d-878c-4fdb-8811-14246e7a2597", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.698142Z", "modified": "2026-06-02T15:57:32.698142Z", "name": "Malicious Extension: \"Naruto Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Naruto Wallpaper HD Custom New Tab\" (dkfbfgncahnfghoemhmmlfefhpolihom)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkfbfgncahnfghoemhmmlfefhpolihom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkfbfgncahnfghoemhmmlfefhpolihom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkfbfgncahnfghoemhmmlfefhpolihom", "external_id": "dkfbfgncahnfghoemhmmlfefhpolihom"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3e77a855-23b2-4dd5-a8f0-92e01ffb0c02", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.699215Z", "modified": "2026-06-02T15:57:32.699215Z", "name": "Malicious Extension: \"Witcher Backgrounds HD Tab\"", "description": "Malicious browser extension: \"Witcher Backgrounds HD Tab\" (dmklpmfpkokephcjdmocddkhilglgajl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dmklpmfpkokephcjdmocddkhilglgajl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dmklpmfpkokephcjdmocddkhilglgajl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dmklpmfpkokephcjdmocddkhilglgajl", "external_id": "dmklpmfpkokephcjdmocddkhilglgajl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--775a871c-dbbb-4e2c-b1ce-4eb63f15e95c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.700271Z", "modified": "2026-06-02T15:57:32.700271Z", "name": "Malicious Extension: \"Planet Earth Nature Space Art Wallpaper Tab\"", "description": "Malicious browser extension: \"Planet Earth Nature Space Art Wallpaper Tab\" (dnimnhhaiphlclcocakkfgnnekoggjpl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dnimnhhaiphlclcocakkfgnnekoggjpl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dnimnhhaiphlclcocakkfgnnekoggjpl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dnimnhhaiphlclcocakkfgnnekoggjpl", "external_id": "dnimnhhaiphlclcocakkfgnnekoggjpl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--efbf0246-9f8e-4314-a8c5-009a73bdc882", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.701486Z", "modified": "2026-06-02T15:57:32.701486Z", "name": "Malicious Extension: \"Galaxy Space Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Galaxy Space Wallpaper HD Custom New Tab\" (doecpeonnonddhfpabfgblijljennlcj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/doecpeonnonddhfpabfgblijljennlcj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:doecpeonnonddhfpabfgblijljennlcj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/doecpeonnonddhfpabfgblijljennlcj", "external_id": "doecpeonnonddhfpabfgblijljennlcj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--42bd5453-1835-4656-b7b2-93491f5ce479", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.702539Z", "modified": "2026-06-02T15:57:32.702539Z", "name": "Malicious Extension: \"Beagle Wallpapers New Tab\"", "description": "Malicious browser extension: \"Beagle Wallpapers New Tab\" (dofbgmolpdoknlknfjddecnahgjpinpb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dofbgmolpdoknlknfjddecnahgjpinpb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dofbgmolpdoknlknfjddecnahgjpinpb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dofbgmolpdoknlknfjddecnahgjpinpb", "external_id": "dofbgmolpdoknlknfjddecnahgjpinpb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--24b0b886-7d37-4496-8797-3c305ad01dab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.703649Z", "modified": "2026-06-02T15:57:32.703649Z", "name": "Malicious Extension: \"Blue Exorcist Wallpapers NewTab\"", "description": "Malicious browser extension: \"Blue Exorcist Wallpapers NewTab\" (dppogkehbpnikehcmadgkbimjnmhdnlo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dppogkehbpnikehcmadgkbimjnmhdnlo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dppogkehbpnikehcmadgkbimjnmhdnlo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dppogkehbpnikehcmadgkbimjnmhdnlo", "external_id": "dppogkehbpnikehcmadgkbimjnmhdnlo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3a10c65f-7cff-4bdc-93a1-9e4856e78005", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.704722Z", "modified": "2026-06-02T15:57:32.704722Z", "name": "Malicious Extension: \"Boku No Hero Academia Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Boku No Hero Academia Wallpaper HD New Tab\" (eapceolnilleaiiaapgionibccekkeom)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eapceolnilleaiiaapgionibccekkeom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eapceolnilleaiiaapgionibccekkeom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eapceolnilleaiiaapgionibccekkeom", "external_id": "eapceolnilleaiiaapgionibccekkeom"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--408d73e6-c75d-438c-95cf-49093ea772a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.70578Z", "modified": "2026-06-02T15:57:32.70578Z", "name": "Malicious Extension: \"Sicario Day Of The Soldado Themes NewTab\"", "description": "Malicious browser extension: \"Sicario Day Of The Soldado Themes NewTab\" (ecaejcfpngljeinjmahknbemhnddiioe)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ecaejcfpngljeinjmahknbemhnddiioe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ecaejcfpngljeinjmahknbemhnddiioe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ecaejcfpngljeinjmahknbemhnddiioe", "external_id": "ecaejcfpngljeinjmahknbemhnddiioe"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a58a3bc9-fd9d-466b-97c4-3ce8666381db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.706849Z", "modified": "2026-06-02T15:57:32.706849Z", "name": "Malicious Extension: \"StarCraft Themes NewTab\"", "description": "Malicious browser extension: \"StarCraft Themes NewTab\" (ecgafllkghmmbnhacnpcobibalonhkkj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ecgafllkghmmbnhacnpcobibalonhkkj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ecgafllkghmmbnhacnpcobibalonhkkj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ecgafllkghmmbnhacnpcobibalonhkkj", "external_id": "ecgafllkghmmbnhacnpcobibalonhkkj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--af3c72d5-20cb-48e8-9e2c-c9e47539906f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.707985Z", "modified": "2026-06-02T15:57:32.707985Z", "name": "Malicious Extension: \"Nike Themes\"", "description": "Malicious browser extension: \"Nike Themes\" (edfmeionipdoohiagoaefljjhififgnl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edfmeionipdoohiagoaefljjhififgnl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:edfmeionipdoohiagoaefljjhififgnl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edfmeionipdoohiagoaefljjhififgnl", "external_id": "edfmeionipdoohiagoaefljjhififgnl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cf01aad2-8eff-484b-9df0-169ef41fb73e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.709283Z", "modified": "2026-06-02T15:57:32.709283Z", "name": "Malicious Extension: \"Jesus New Tab\"", "description": "Malicious browser extension: \"Jesus New Tab\" (edgbooeklapanaclbchdiaekalebmfgb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edgbooeklapanaclbchdiaekalebmfgb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:edgbooeklapanaclbchdiaekalebmfgb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edgbooeklapanaclbchdiaekalebmfgb", "external_id": "edgbooeklapanaclbchdiaekalebmfgb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--95856fc1-18c7-4d96-bc71-4edd566d04a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.710365Z", "modified": "2026-06-02T15:57:32.710365Z", "name": "Malicious Extension: \"Sword Art Online Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Sword Art Online Wallpaper HD Custom New Tab\" (edohegfjelahakooigmnmkmjofcjgofe)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edohegfjelahakooigmnmkmjofcjgofe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:edohegfjelahakooigmnmkmjofcjgofe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edohegfjelahakooigmnmkmjofcjgofe", "external_id": "edohegfjelahakooigmnmkmjofcjgofe"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2f00f313-1213-44e8-a66c-03afa942f5ec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.71146Z", "modified": "2026-06-02T15:57:32.71146Z", "name": "Malicious Extension: \"Bts Suga\"", "description": "Malicious browser extension: \"Bts Suga\" (eeeiekjkpbneogggaajnjldadjmclhlo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eeeiekjkpbneogggaajnjldadjmclhlo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eeeiekjkpbneogggaajnjldadjmclhlo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eeeiekjkpbneogggaajnjldadjmclhlo", "external_id": "eeeiekjkpbneogggaajnjldadjmclhlo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ce1ec2b7-e7f9-4cbb-9c22-857e969965c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.712528Z", "modified": "2026-06-02T15:57:32.712528Z", "name": "Malicious Extension: \"Hot Rod Wallpapers - Classic Cars Themes\"", "description": "Malicious browser extension: \"Hot Rod Wallpapers - Classic Cars Themes\" (eejkpejdfojkbklnlnpgpojoidojbhnh)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eejkpejdfojkbklnlnpgpojoidojbhnh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eejkpejdfojkbklnlnpgpojoidojbhnh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eejkpejdfojkbklnlnpgpojoidojbhnh", "external_id": "eejkpejdfojkbklnlnpgpojoidojbhnh"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b5c49b25-314f-421e-a081-1a2446f8b96b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.71358Z", "modified": "2026-06-02T15:57:32.71358Z", "name": "Malicious Extension: \"Anime Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Anime Wallpaper HD Custom New Tab\" (efckalhlcogbdbfopffmbacghfoelaia)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/efckalhlcogbdbfopffmbacghfoelaia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:efckalhlcogbdbfopffmbacghfoelaia", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/efckalhlcogbdbfopffmbacghfoelaia", "external_id": "efckalhlcogbdbfopffmbacghfoelaia"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2813bb3b-4ab8-4478-bff2-494e65f6e669", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.714652Z", "modified": "2026-06-02T15:57:32.714652Z", "name": "Malicious Extension: \"Zelda Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Zelda Wallpaper HD Custom New Tab\" (efnaoofiidefjeefpnheopknaciohldg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/efnaoofiidefjeefpnheopknaciohldg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:efnaoofiidefjeefpnheopknaciohldg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/efnaoofiidefjeefpnheopknaciohldg", "external_id": "efnaoofiidefjeefpnheopknaciohldg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--19d9bd7b-1843-46bb-855f-4a6e9d647864", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.715732Z", "modified": "2026-06-02T15:57:32.715732Z", "name": "Malicious Extension: \"Anime Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Anime Wallpaper HD Custom New Tab\" (egdpmjnldpefdaiekiapjkanabfiaodp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/egdpmjnldpefdaiekiapjkanabfiaodp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:egdpmjnldpefdaiekiapjkanabfiaodp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/egdpmjnldpefdaiekiapjkanabfiaodp", "external_id": "egdpmjnldpefdaiekiapjkanabfiaodp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--484ece5e-1d82-4caf-a211-c93ea9509e30", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.718129Z", "modified": "2026-06-02T15:57:32.718129Z", "name": "Malicious Extension: \"Video Downloader and MP3 converter Pro\"", "description": "Malicious browser extension: \"Video Downloader and MP3 converter Pro\" (egicjjdcjhfdnejimnhngogjmoajffpm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/egicjjdcjhfdnejimnhngogjmoajffpm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:egicjjdcjhfdnejimnhngogjmoajffpm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/egicjjdcjhfdnejimnhngogjmoajffpm", "external_id": "egicjjdcjhfdnejimnhngogjmoajffpm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9fe5ba98-d5d4-44f4-aabb-eb9fbae2a1ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.719269Z", "modified": "2026-06-02T15:57:32.719269Z", "name": "Malicious Extension: \"Danganronpa Wallpapers\"", "description": "Malicious browser extension: \"Danganronpa Wallpapers\" (ejcefeinlmdmpnohebfckmodhdkhlgmk)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ejcefeinlmdmpnohebfckmodhdkhlgmk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ejcefeinlmdmpnohebfckmodhdkhlgmk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ejcefeinlmdmpnohebfckmodhdkhlgmk", "external_id": "ejcefeinlmdmpnohebfckmodhdkhlgmk"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a9445c64-ce13-4aa4-b24e-fe3a9a14e765", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.720364Z", "modified": "2026-06-02T15:57:32.720364Z", "name": "Malicious Extension: \"Adblocker for YouTube - Youtube Adblocker\"", "description": "Malicious browser extension: \"Adblocker for YouTube - Youtube Adblocker\" (ejighbgeedkpcambhfkohdalcgckdein)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ejighbgeedkpcambhfkohdalcgckdein']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ejighbgeedkpcambhfkohdalcgckdein", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ejighbgeedkpcambhfkohdalcgckdein", "external_id": "ejighbgeedkpcambhfkohdalcgckdein"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7169b249-a22e-4862-9d8a-d8672420cdb6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.721439Z", "modified": "2026-06-02T15:57:32.721439Z", "name": "Malicious Extension: \"Cristiano Ronaldo Wallpapers\"", "description": "Malicious browser extension: \"Cristiano Ronaldo Wallpapers\" (empoeejllbcgpkmghimibnapemegnihf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/empoeejllbcgpkmghimibnapemegnihf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:empoeejllbcgpkmghimibnapemegnihf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/empoeejllbcgpkmghimibnapemegnihf", "external_id": "empoeejllbcgpkmghimibnapemegnihf"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--45476812-4f9e-4fc1-9493-8b50a8f887ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.722515Z", "modified": "2026-06-02T15:57:32.722515Z", "name": "Malicious Extension: \"Auto Replay for YouTube\"", "description": "Malicious browser extension: \"Auto Replay for YouTube\" (enlaekiichndcbohopenblignipkjaoa)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/enlaekiichndcbohopenblignipkjaoa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:enlaekiichndcbohopenblignipkjaoa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/enlaekiichndcbohopenblignipkjaoa", "external_id": "enlaekiichndcbohopenblignipkjaoa"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--85527233-73ce-491e-b052-59f37d2c2092", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.723589Z", "modified": "2026-06-02T15:57:32.723589Z", "name": "Malicious Extension: \"Anime Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Anime Wallpaper HD Custom New Tab\" (enmomapaolnpbaenhilkjhmobpggjcpm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/enmomapaolnpbaenhilkjhmobpggjcpm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:enmomapaolnpbaenhilkjhmobpggjcpm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/enmomapaolnpbaenhilkjhmobpggjcpm", "external_id": "enmomapaolnpbaenhilkjhmobpggjcpm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9dc21a79-3d6b-40f2-92f9-96fe240ca22f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.72466Z", "modified": "2026-06-02T15:57:32.72466Z", "name": "Malicious Extension: \"Bangtan Boys Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bangtan Boys Wallpaper HD Custom New Tab\" (eohabjkmhajbeaejogdikpgapkeigdki)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eohabjkmhajbeaejogdikpgapkeigdki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eohabjkmhajbeaejogdikpgapkeigdki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eohabjkmhajbeaejogdikpgapkeigdki", "external_id": "eohabjkmhajbeaejogdikpgapkeigdki"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a9c1a39d-e0f9-459c-aff1-ff1955152c79", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.725894Z", "modified": "2026-06-02T15:57:32.725894Z", "name": "Malicious Extension: \"Minecraft Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Minecraft Wallpaper HD Custom New Tab\" (eoijplcnfnjgofchhdkkhpfcjkcefgkb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eoijplcnfnjgofchhdkkhpfcjkcefgkb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eoijplcnfnjgofchhdkkhpfcjkcefgkb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eoijplcnfnjgofchhdkkhpfcjkcefgkb", "external_id": "eoijplcnfnjgofchhdkkhpfcjkcefgkb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--96b66d5f-0527-4f94-92c0-5fe3da222df1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.726962Z", "modified": "2026-06-02T15:57:32.726962Z", "name": "Malicious Extension: \"Ferrari Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Ferrari Wallpaper HD Custom New Tab\" (facihnceaoboeoembnbmdlecmkpioacc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/facihnceaoboeoembnbmdlecmkpioacc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:facihnceaoboeoembnbmdlecmkpioacc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/facihnceaoboeoembnbmdlecmkpioacc", "external_id": "facihnceaoboeoembnbmdlecmkpioacc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8966418f-7d0f-45a0-a049-5641a9a29ca9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.728042Z", "modified": "2026-06-02T15:57:32.728042Z", "name": "Malicious Extension: \"Detective Pikachu Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Detective Pikachu Wallpaper HD Custom New Tab\" (fagaafjhdmoagacggplmbpganjfjjpcf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fagaafjhdmoagacggplmbpganjfjjpcf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fagaafjhdmoagacggplmbpganjfjjpcf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fagaafjhdmoagacggplmbpganjfjjpcf", "external_id": "fagaafjhdmoagacggplmbpganjfjjpcf"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d9b70b9f-49ae-4f7d-ab3e-3ab61d4c5878", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.729106Z", "modified": "2026-06-02T15:57:32.729106Z", "name": "Malicious Extension: \"Sword Art Online Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Sword Art Online Wallpaper HD Custom New Tab\" (fanonokndfeibplocpeipgfbopkigcce)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fanonokndfeibplocpeipgfbopkigcce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fanonokndfeibplocpeipgfbopkigcce", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fanonokndfeibplocpeipgfbopkigcce", "external_id": "fanonokndfeibplocpeipgfbopkigcce"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2a29ed31-47b6-4f12-88f7-0af2d905669f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.730176Z", "modified": "2026-06-02T15:57:32.730176Z", "name": "Malicious Extension: \"Japan NewTab\"", "description": "Malicious browser extension: \"Japan NewTab\" (faokbgedcfhnfecloigcihpplicdnann)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/faokbgedcfhnfecloigcihpplicdnann']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:faokbgedcfhnfecloigcihpplicdnann", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/faokbgedcfhnfecloigcihpplicdnann", "external_id": "faokbgedcfhnfecloigcihpplicdnann"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e36b413a-646e-4f85-81ee-efc3eeee4c0c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.731242Z", "modified": "2026-06-02T15:57:32.731242Z", "name": "Malicious Extension: \"Wreck It Ralph 2 New Tab Themes HD Moana\"", "description": "Malicious browser extension: \"Wreck It Ralph 2 New Tab Themes HD Moana\" (fcdopghpidfdeglcheccmehiaedgpmkm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fcdopghpidfdeglcheccmehiaedgpmkm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fcdopghpidfdeglcheccmehiaedgpmkm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fcdopghpidfdeglcheccmehiaedgpmkm", "external_id": "fcdopghpidfdeglcheccmehiaedgpmkm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e8c78390-e053-4ef2-91bd-05d32ad19c6e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.732302Z", "modified": "2026-06-02T15:57:32.732302Z", "name": "Malicious Extension: \"Neon Wolf NewTab\"", "description": "Malicious browser extension: \"Neon Wolf NewTab\" (fdacngbbemokpkmdkdefkoodndakgejc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fdacngbbemokpkmdkdefkoodndakgejc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fdacngbbemokpkmdkdefkoodndakgejc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fdacngbbemokpkmdkdefkoodndakgejc", "external_id": "fdacngbbemokpkmdkdefkoodndakgejc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bfcc5742-5ed3-408f-ba46-1f62c38fb59c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.733531Z", "modified": "2026-06-02T15:57:32.733531Z", "name": "Malicious Extension: \"Zombies Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Zombies Wallpaper HD Custom New Tab\" (fdfffeipjpofnkmdkadjcjohdfoeblhk)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fdfffeipjpofnkmdkadjcjohdfoeblhk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fdfffeipjpofnkmdkadjcjohdfoeblhk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fdfffeipjpofnkmdkadjcjohdfoeblhk", "external_id": "fdfffeipjpofnkmdkadjcjohdfoeblhk"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eae0b98f-ef37-42dd-8b02-122212e3112a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.734588Z", "modified": "2026-06-02T15:57:32.734588Z", "name": "Malicious Extension: \"Freddy fnaf New Tab Backgrounds\"", "description": "Malicious browser extension: \"Freddy fnaf New Tab Backgrounds\" (ffhamkjhfajcjlnobkogimnhiagohgfg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ffhamkjhfajcjlnobkogimnhiagohgfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ffhamkjhfajcjlnobkogimnhiagohgfg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ffhamkjhfajcjlnobkogimnhiagohgfg", "external_id": "ffhamkjhfajcjlnobkogimnhiagohgfg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f7e2aff6-d8c2-468d-97cb-9ddd73433c67", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.735665Z", "modified": "2026-06-02T15:57:32.735665Z", "name": "Malicious Extension: \"Boku No Hero Academia Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Boku No Hero Academia Wallpaper HD New Tab\" (fjnbjacfigdidgeeommhbdhnojamhpfg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fjnbjacfigdidgeeommhbdhnojamhpfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fjnbjacfigdidgeeommhbdhnojamhpfg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fjnbjacfigdidgeeommhbdhnojamhpfg", "external_id": "fjnbjacfigdidgeeommhbdhnojamhpfg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9d7ed8be-5b89-4ffd-9826-d10a0cd52ac0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.736728Z", "modified": "2026-06-02T15:57:32.736728Z", "name": "Malicious Extension: \"Portal Wallpapers & Portal Games\"", "description": "Malicious browser extension: \"Portal Wallpapers & Portal Games\" (fjohhelccbogecmolmjemopgackpnmpg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fjohhelccbogecmolmjemopgackpnmpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fjohhelccbogecmolmjemopgackpnmpg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fjohhelccbogecmolmjemopgackpnmpg", "external_id": "fjohhelccbogecmolmjemopgackpnmpg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--784d3f25-e3d4-49f0-9e70-0004b3e71888", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.737774Z", "modified": "2026-06-02T15:57:32.737774Z", "name": "Malicious Extension: \"Aquarium Live Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Aquarium Live Wallpaper HD Custom New Tab\" (flagaiaajbikpfnnkodcphdcmgefmbcl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flagaiaajbikpfnnkodcphdcmgefmbcl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:flagaiaajbikpfnnkodcphdcmgefmbcl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flagaiaajbikpfnnkodcphdcmgefmbcl", "external_id": "flagaiaajbikpfnnkodcphdcmgefmbcl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c7982f94-5325-412c-b5d6-efd8ef0629f7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.738828Z", "modified": "2026-06-02T15:57:32.738828Z", "name": "Malicious Extension: \"Chicago Cubs Wallpapers Cubs World\"", "description": "Malicious browser extension: \"Chicago Cubs Wallpapers Cubs World\" (flgfngbiaanimkhjkojnmilfalidpign)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flgfngbiaanimkhjkojnmilfalidpign']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:flgfngbiaanimkhjkojnmilfalidpign", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flgfngbiaanimkhjkojnmilfalidpign", "external_id": "flgfngbiaanimkhjkojnmilfalidpign"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b75601b7-4f34-432d-88ca-8bab710d7623", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.739893Z", "modified": "2026-06-02T15:57:32.739893Z", "name": "Malicious Extension: \"Spiderman - Into The Spider Verse Themes Man\"", "description": "Malicious browser extension: \"Spiderman - Into The Spider Verse Themes Man\" (fmngfipkcebejdconcibohjjgfmokhpa)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmngfipkcebejdconcibohjjgfmokhpa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmngfipkcebejdconcibohjjgfmokhpa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmngfipkcebejdconcibohjjgfmokhpa", "external_id": "fmngfipkcebejdconcibohjjgfmokhpa"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--268275e7-e81b-41bb-b354-456bd1e2a14e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.741107Z", "modified": "2026-06-02T15:57:32.741107Z", "name": "Malicious Extension: \"Motivational Quotes Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Motivational Quotes Wallpaper HD New Tab\" (fnblapfcdifokdbkpcbhpkajlkgmcjii)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fnblapfcdifokdbkpcbhpkajlkgmcjii']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fnblapfcdifokdbkpcbhpkajlkgmcjii", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fnblapfcdifokdbkpcbhpkajlkgmcjii", "external_id": "fnblapfcdifokdbkpcbhpkajlkgmcjii"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fc4b1737-e5f4-4809-b969-53ebd5691d55", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.742175Z", "modified": "2026-06-02T15:57:32.742175Z", "name": "Malicious Extension: \"Kimetsu No Yaiba Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Kimetsu No Yaiba Wallpaper HD Custom New Tab\" (fpdjcfokkeooncckcolkmmppebjnfhgh)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fpdjcfokkeooncckcolkmmppebjnfhgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fpdjcfokkeooncckcolkmmppebjnfhgh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fpdjcfokkeooncckcolkmmppebjnfhgh", "external_id": "fpdjcfokkeooncckcolkmmppebjnfhgh"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1e182d00-cc31-4146-ba13-f2b4248c4399", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.743238Z", "modified": "2026-06-02T15:57:32.743238Z", "name": "Malicious Extension: \"Galaxy Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Galaxy Wallpaper HD Custom New Tab\" (fphafkamioonlcelldogidajbcmmicco)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fphafkamioonlcelldogidajbcmmicco']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fphafkamioonlcelldogidajbcmmicco", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fphafkamioonlcelldogidajbcmmicco", "external_id": "fphafkamioonlcelldogidajbcmmicco"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e83badda-f935-4732-a5a0-766d3235cfb3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.744291Z", "modified": "2026-06-02T15:57:32.744291Z", "name": "Malicious Extension: \"Chevrolet Corvette Backgrounds\"", "description": "Malicious browser extension: \"Chevrolet Corvette Backgrounds\" (fpjbgjpkfcanmdgjpmnnmoekkaahmafg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fpjbgjpkfcanmdgjpmnnmoekkaahmafg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fpjbgjpkfcanmdgjpmnnmoekkaahmafg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fpjbgjpkfcanmdgjpmnnmoekkaahmafg", "external_id": "fpjbgjpkfcanmdgjpmnnmoekkaahmafg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b6410c99-e627-45e9-9b80-ca2bd9424a61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.745483Z", "modified": "2026-06-02T15:57:32.745483Z", "name": "Malicious Extension: \"Thanos Marvel Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Thanos Marvel Wallpaper HD Custom New Tab\" (fplmpcijomgjmfbjcidbgpjdmhmamlkf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fplmpcijomgjmfbjcidbgpjdmhmamlkf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fplmpcijomgjmfbjcidbgpjdmhmamlkf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fplmpcijomgjmfbjcidbgpjdmhmamlkf", "external_id": "fplmpcijomgjmfbjcidbgpjdmhmamlkf"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--64be4c70-a04b-47a7-b15d-851e2760f80b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.746584Z", "modified": "2026-06-02T15:57:32.746584Z", "name": "Malicious Extension: \"Tokyo Ghoul Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Tokyo Ghoul Wallpaper HD Custom New Tab\" (gdacidkmmbdpkedejaljplnfhjidomio)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gdacidkmmbdpkedejaljplnfhjidomio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gdacidkmmbdpkedejaljplnfhjidomio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gdacidkmmbdpkedejaljplnfhjidomio", "external_id": "gdacidkmmbdpkedejaljplnfhjidomio"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--71548859-541c-4289-a53d-14e9a5b53422", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.747713Z", "modified": "2026-06-02T15:57:32.747713Z", "name": "Malicious Extension: \"Roblox Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Roblox Wallpaper HD Custom New Tab\" (gdoomgeeelkgcmmoibloelbodkpggdle)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gdoomgeeelkgcmmoibloelbodkpggdle']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gdoomgeeelkgcmmoibloelbodkpggdle", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gdoomgeeelkgcmmoibloelbodkpggdle", "external_id": "gdoomgeeelkgcmmoibloelbodkpggdle"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d4a4f542-f2d5-466a-81cf-72dcd563cab0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.748985Z", "modified": "2026-06-02T15:57:32.748985Z", "name": "Malicious Extension: \"Pink Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Pink Wallpaper HD Custom New Tab\" (geoolholooeeblajdjffdmknpecbkmah)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/geoolholooeeblajdjffdmknpecbkmah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:geoolholooeeblajdjffdmknpecbkmah", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/geoolholooeeblajdjffdmknpecbkmah", "external_id": "geoolholooeeblajdjffdmknpecbkmah"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dd1ebad1-b0e4-4104-ab68-53158b862519", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.750057Z", "modified": "2026-06-02T15:57:32.750057Z", "name": "Malicious Extension: \"Despicable Me 3 Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Despicable Me 3 Wallpaper HD Custom New Tab\" (ghfgeefhkkoajgmnopaldgcagohakhmg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ghfgeefhkkoajgmnopaldgcagohakhmg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ghfgeefhkkoajgmnopaldgcagohakhmg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ghfgeefhkkoajgmnopaldgcagohakhmg", "external_id": "ghfgeefhkkoajgmnopaldgcagohakhmg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--81c7d1ef-a7bb-41f6-8763-ae4102acc8dc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.751125Z", "modified": "2026-06-02T15:57:32.751125Z", "name": "Malicious Extension: \"Supercars Mustang-Lambo-Bugatti-Nissan Tab\"", "description": "Malicious browser extension: \"Supercars Mustang-Lambo-Bugatti-Nissan Tab\" (ghhanhhegklhcoffmgkdbiekfhmbfbnc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ghhanhhegklhcoffmgkdbiekfhmbfbnc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ghhanhhegklhcoffmgkdbiekfhmbfbnc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ghhanhhegklhcoffmgkdbiekfhmbfbnc", "external_id": "ghhanhhegklhcoffmgkdbiekfhmbfbnc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--afcb3676-4f97-4a3f-a957-ba0cf53f2b5e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.752186Z", "modified": "2026-06-02T15:57:32.752186Z", "name": "Malicious Extension: \"Fortnite Live NewTab\"", "description": "Malicious browser extension: \"Fortnite Live NewTab\" (gjkigcdoljdojaaomnadffdhggoobdpc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gjkigcdoljdojaaomnadffdhggoobdpc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gjkigcdoljdojaaomnadffdhggoobdpc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gjkigcdoljdojaaomnadffdhggoobdpc", "external_id": "gjkigcdoljdojaaomnadffdhggoobdpc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--37a4eb8b-ea0f-45ad-8fec-932681ab31b8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.753242Z", "modified": "2026-06-02T15:57:32.753242Z", "name": "Malicious Extension: \"Swag HD Tab Wallpapers\"", "description": "Malicious browser extension: \"Swag HD Tab Wallpapers\" (gkjkhpbembbjogoiejpkehohclfoljbp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gkjkhpbembbjogoiejpkehohclfoljbp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gkjkhpbembbjogoiejpkehohclfoljbp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gkjkhpbembbjogoiejpkehohclfoljbp", "external_id": "gkjkhpbembbjogoiejpkehohclfoljbp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6cd57df8-b967-4c82-ac38-a4b915bc10a1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.754307Z", "modified": "2026-06-02T15:57:32.754307Z", "name": "Malicious Extension: \"Nba Youngboy Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Nba Youngboy Wallpaper HD Custom New Tab\" (glibnbcgclecomknccifdaglefljfoej)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/glibnbcgclecomknccifdaglefljfoej']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:glibnbcgclecomknccifdaglefljfoej", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/glibnbcgclecomknccifdaglefljfoej", "external_id": "glibnbcgclecomknccifdaglefljfoej"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a2bbbb24-e370-4924-9264-d659df7dce33", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.75537Z", "modified": "2026-06-02T15:57:32.75537Z", "name": "Malicious Extension: \"Horse Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Horse Wallpaper HD Custom New Tab\" (gllogphgdmclhfledlcgmdolngohamcl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gllogphgdmclhfledlcgmdolngohamcl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gllogphgdmclhfledlcgmdolngohamcl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gllogphgdmclhfledlcgmdolngohamcl", "external_id": "gllogphgdmclhfledlcgmdolngohamcl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f26d6b8e-342e-4db6-9b41-3afba6e8d81c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.756594Z", "modified": "2026-06-02T15:57:32.756594Z", "name": "Malicious Extension: \"Fire Horse Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Fire Horse Wallpaper HD Custom New Tab\" (haagbldencigkgikfekmoaaofambnafp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/haagbldencigkgikfekmoaaofambnafp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:haagbldencigkgikfekmoaaofambnafp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/haagbldencigkgikfekmoaaofambnafp", "external_id": "haagbldencigkgikfekmoaaofambnafp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--179d596b-21b9-471b-825b-9249ec0ffd88", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.757651Z", "modified": "2026-06-02T15:57:32.757651Z", "name": "Malicious Extension: \"Puppies Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Puppies Wallpaper HD Custom New Tab\" (haglbigaalkckkedjamjibfnklbbodck)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/haglbigaalkckkedjamjibfnklbbodck']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:haglbigaalkckkedjamjibfnklbbodck", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/haglbigaalkckkedjamjibfnklbbodck", "external_id": "haglbigaalkckkedjamjibfnklbbodck"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--45f3f810-41ef-4ac3-8043-1f8822b63b36", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.758697Z", "modified": "2026-06-02T15:57:32.758697Z", "name": "Malicious Extension: \"J Hope & V Bts Vhope HD NewTab\"", "description": "Malicious browser extension: \"J Hope & V Bts Vhope HD NewTab\" (hcgepcgbgnleafnfcepjbekchbdmekfa)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hcgepcgbgnleafnfcepjbekchbdmekfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hcgepcgbgnleafnfcepjbekchbdmekfa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hcgepcgbgnleafnfcepjbekchbdmekfa", "external_id": "hcgepcgbgnleafnfcepjbekchbdmekfa"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f5c5d66a-595c-442e-9632-57b8aa78b005", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.759787Z", "modified": "2026-06-02T15:57:32.759787Z", "name": "Malicious Extension: \"Pokemon Go Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Pokemon Go Wallpaper HD Custom New Tab\" (hdbchphkjjidcfidaelcpmonodhhaahp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdbchphkjjidcfidaelcpmonodhhaahp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdbchphkjjidcfidaelcpmonodhhaahp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdbchphkjjidcfidaelcpmonodhhaahp", "external_id": "hdbchphkjjidcfidaelcpmonodhhaahp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ac13cc14-4e9a-46de-972c-0de75ebdd33f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.76087Z", "modified": "2026-06-02T15:57:32.76087Z", "name": "Malicious Extension: \"Dark Souls Themes NewTab HD\"", "description": "Malicious browser extension: \"Dark Souls Themes NewTab HD\" (hdljgflalglmllbagpacjmkdiggliidk)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdljgflalglmllbagpacjmkdiggliidk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdljgflalglmllbagpacjmkdiggliidk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdljgflalglmllbagpacjmkdiggliidk", "external_id": "hdljgflalglmllbagpacjmkdiggliidk"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a2519f4d-ee95-4c7d-85e6-17dddb57a79b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.761938Z", "modified": "2026-06-02T15:57:32.761938Z", "name": "Malicious Extension: \"Fortnite Live Wallpapers New Tab\"", "description": "Malicious browser extension: \"Fortnite Live Wallpapers New Tab\" (hdpnlijiblkmokbjljbahhgkpokgpkli)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdpnlijiblkmokbjljbahhgkpokgpkli']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdpnlijiblkmokbjljbahhgkpokgpkli", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdpnlijiblkmokbjljbahhgkpokgpkli", "external_id": "hdpnlijiblkmokbjljbahhgkpokgpkli"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7131a8e6-fec0-4535-ad97-1274e82c3969", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.762999Z", "modified": "2026-06-02T15:57:32.762999Z", "name": "Malicious Extension: \"Blade Runner 2049 Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Blade Runner 2049 Wallpaper HD Custom New Tab\" (heaphjoejcpdagahbnkkloiaicpadomp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/heaphjoejcpdagahbnkkloiaicpadomp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:heaphjoejcpdagahbnkkloiaicpadomp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/heaphjoejcpdagahbnkkloiaicpadomp", "external_id": "heaphjoejcpdagahbnkkloiaicpadomp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1f8f34d1-2c22-4017-a900-b386a4907960", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.764253Z", "modified": "2026-06-02T15:57:32.764253Z", "name": "Malicious Extension: \"Christmas Tree - Rose Gold Themes Frozen\"", "description": "Malicious browser extension: \"Christmas Tree - Rose Gold Themes Frozen\" (hjfmdhbmpagpfheceengkakdmpncmlif)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hjfmdhbmpagpfheceengkakdmpncmlif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hjfmdhbmpagpfheceengkakdmpncmlif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hjfmdhbmpagpfheceengkakdmpncmlif", "external_id": "hjfmdhbmpagpfheceengkakdmpncmlif"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fb3af415-6297-40e0-8427-28f9354cc6fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.765316Z", "modified": "2026-06-02T15:57:32.765316Z", "name": "Malicious Extension: \"Unicorns Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Unicorns Wallpaper HD Custom New Tab\" (hjkjkmkoklbhjhlddialffkchddlncjb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hjkjkmkoklbhjhlddialffkchddlncjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hjkjkmkoklbhjhlddialffkchddlncjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hjkjkmkoklbhjhlddialffkchddlncjb", "external_id": "hjkjkmkoklbhjhlddialffkchddlncjb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dd2a8ae0-faba-40ef-b23f-5960eab6bd52", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.766385Z", "modified": "2026-06-02T15:57:32.766385Z", "name": "Malicious Extension: \"Harry Potter Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Harry Potter Wallpaper HD Custom New Tab\" (hjoihkjijjbkiglgeghbokincmidfped)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hjoihkjijjbkiglgeghbokincmidfped']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hjoihkjijjbkiglgeghbokincmidfped", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hjoihkjijjbkiglgeghbokincmidfped", "external_id": "hjoihkjijjbkiglgeghbokincmidfped"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f6dbbcf0-00a7-48c6-ab9c-3f850d121553", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.767451Z", "modified": "2026-06-02T15:57:32.767451Z", "name": "Malicious Extension: \"Star Wars Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Star Wars Wallpaper HD Custom New Tab\" (hncokbmdmbmmlkjhoagcpokehopdikhc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hncokbmdmbmmlkjhoagcpokehopdikhc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hncokbmdmbmmlkjhoagcpokehopdikhc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hncokbmdmbmmlkjhoagcpokehopdikhc", "external_id": "hncokbmdmbmmlkjhoagcpokehopdikhc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3a97063d-4a42-4b3f-a6b7-52f4e05b6ff1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.768503Z", "modified": "2026-06-02T15:57:32.768503Z", "name": "Malicious Extension: \"Sports Cars - Super Cars Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Sports Cars - Super Cars Wallpaper HD New Tab\" (hnhpnbajfmmopedidmiablkcdnlegkmd)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hnhpnbajfmmopedidmiablkcdnlegkmd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hnhpnbajfmmopedidmiablkcdnlegkmd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hnhpnbajfmmopedidmiablkcdnlegkmd", "external_id": "hnhpnbajfmmopedidmiablkcdnlegkmd"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--967a1c03-52ec-4e43-9d19-b9ecc6babba4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.769549Z", "modified": "2026-06-02T15:57:32.769549Z", "name": "Malicious Extension: \"Unicorns Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Unicorns Wallpaper HD Custom New Tab\" (homdfmaeflodjknffbnhagmlhmgmbjac)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/homdfmaeflodjknffbnhagmlhmgmbjac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:homdfmaeflodjknffbnhagmlhmgmbjac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/homdfmaeflodjknffbnhagmlhmgmbjac", "external_id": "homdfmaeflodjknffbnhagmlhmgmbjac"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0ec973e2-af17-4e5b-9d78-0bf491d57cf1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.770603Z", "modified": "2026-06-02T15:57:32.770603Z", "name": "Malicious Extension: \"Dragon Ball Z Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Dragon Ball Z Wallpaper HD Custom New Tab\" (iccagibmclklcmiejfddepgffgkhnnib)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iccagibmclklcmiejfddepgffgkhnnib']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iccagibmclklcmiejfddepgffgkhnnib", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iccagibmclklcmiejfddepgffgkhnnib", "external_id": "iccagibmclklcmiejfddepgffgkhnnib"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a6651f85-a027-4a48-bb8b-ced25e736321", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.77185Z", "modified": "2026-06-02T15:57:32.77185Z", "name": "Malicious Extension: \"Marble Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Marble Wallpaper HD Custom New Tab\" (idkllmolbaiailjfidkjcidapkddidbg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/idkllmolbaiailjfidkjcidapkddidbg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:idkllmolbaiailjfidkjcidapkddidbg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/idkllmolbaiailjfidkjcidapkddidbg", "external_id": "idkllmolbaiailjfidkjcidapkddidbg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8a204708-9bfe-4e84-9e0e-90b7d54cf767", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.772906Z", "modified": "2026-06-02T15:57:32.772906Z", "name": "Malicious Extension: \"Naruto Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Naruto Wallpaper HD Custom New Tab\" (ifbffcgakkboaffkidggpcjolehhhbfd)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ifbffcgakkboaffkidggpcjolehhhbfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ifbffcgakkboaffkidggpcjolehhhbfd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ifbffcgakkboaffkidggpcjolehhhbfd", "external_id": "ifbffcgakkboaffkidggpcjolehhhbfd"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c1d8d2f5-a7fe-46ff-940b-c118411f2f91", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.773961Z", "modified": "2026-06-02T15:57:32.773961Z", "name": "Malicious Extension: \"Roblox Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Roblox Wallpaper HD Custom New Tab\" (ifdebecchhapkfdbcbhpmjonmbpfpnck)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ifdebecchhapkfdbcbhpmjonmbpfpnck']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ifdebecchhapkfdbcbhpmjonmbpfpnck", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ifdebecchhapkfdbcbhpmjonmbpfpnck", "external_id": "ifdebecchhapkfdbcbhpmjonmbpfpnck"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--09ae6497-01b1-4c95-936c-9b2dac820494", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.775018Z", "modified": "2026-06-02T15:57:32.775018Z", "name": "Malicious Extension: \"Bts Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bts Wallpaper HD Custom New Tab\" (igbcfkjflkgamnoikcpiljglnmjnkjac)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/igbcfkjflkgamnoikcpiljglnmjnkjac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:igbcfkjflkgamnoikcpiljglnmjnkjac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/igbcfkjflkgamnoikcpiljglnmjnkjac", "external_id": "igbcfkjflkgamnoikcpiljglnmjnkjac"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--51b099f9-b49d-43ee-bd52-58e53323b897", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.776078Z", "modified": "2026-06-02T15:57:32.776078Z", "name": "Malicious Extension: \"Motivational Quotes Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Motivational Quotes Wallpaper HD New Tab\" (iiblgogamkmdfojoclpdhainbndfpcci)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iiblgogamkmdfojoclpdhainbndfpcci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iiblgogamkmdfojoclpdhainbndfpcci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iiblgogamkmdfojoclpdhainbndfpcci", "external_id": "iiblgogamkmdfojoclpdhainbndfpcci"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ec79193c-25f9-4263-8585-aeb0c10b9224", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.777122Z", "modified": "2026-06-02T15:57:32.777122Z", "name": "Malicious Extension: \"Fortnite Season 7 Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Fortnite Season 7 Wallpaper HD Custom New Tab\" (inkankpmoblmficechfgfinajifbfkdn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/inkankpmoblmficechfgfinajifbfkdn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:inkankpmoblmficechfgfinajifbfkdn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/inkankpmoblmficechfgfinajifbfkdn", "external_id": "inkankpmoblmficechfgfinajifbfkdn"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dba196f7-45f7-4e94-a93b-522c0945931a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.778178Z", "modified": "2026-06-02T15:57:32.778178Z", "name": "Malicious Extension: \"Lamborghini Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Lamborghini Wallpaper HD Custom New Tab\" (ioejcipbmdjinhfciojiacdjolkabkmn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ioejcipbmdjinhfciojiacdjolkabkmn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ioejcipbmdjinhfciojiacdjolkabkmn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ioejcipbmdjinhfciojiacdjolkabkmn", "external_id": "ioejcipbmdjinhfciojiacdjolkabkmn"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d26c46ce-6484-4ea8-8053-73c24c5787e5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.779403Z", "modified": "2026-06-02T15:57:32.779403Z", "name": "Malicious Extension: \"BTS Members Themes NewTab\"", "description": "Malicious browser extension: \"BTS Members Themes NewTab\" (iojhbljpppeociniiemjfelmdcgikmep)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iojhbljpppeociniiemjfelmdcgikmep']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iojhbljpppeociniiemjfelmdcgikmep", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iojhbljpppeociniiemjfelmdcgikmep", "external_id": "iojhbljpppeociniiemjfelmdcgikmep"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ddd20d9c-af2b-422e-8fa7-4c8989d7d103", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.780458Z", "modified": "2026-06-02T15:57:32.780458Z", "name": "Malicious Extension: \"Neon Genesis Evangelion NewTab\"", "description": "Malicious browser extension: \"Neon Genesis Evangelion NewTab\" (ipgnnndhgeaclopjgiihppbbfnmkmjcm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ipgnnndhgeaclopjgiihppbbfnmkmjcm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ipgnnndhgeaclopjgiihppbbfnmkmjcm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ipgnnndhgeaclopjgiihppbbfnmkmjcm", "external_id": "ipgnnndhgeaclopjgiihppbbfnmkmjcm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f86fc16c-5f69-4763-9650-86e8d5409208", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.781506Z", "modified": "2026-06-02T15:57:32.781506Z", "name": "Malicious Extension: \"Horse Backgrounds HD\"", "description": "Malicious browser extension: \"Horse Backgrounds HD\" (jckaglinbbflgcklfgacjdmgpnccmdng)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jckaglinbbflgcklfgacjdmgpnccmdng']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jckaglinbbflgcklfgacjdmgpnccmdng", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jckaglinbbflgcklfgacjdmgpnccmdng", "external_id": "jckaglinbbflgcklfgacjdmgpnccmdng"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1715d83c-638a-44eb-b3f2-9d239491f321", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.782561Z", "modified": "2026-06-02T15:57:32.782561Z", "name": "Malicious Extension: \"Fortnite Omega Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Fortnite Omega Wallpaper HD Custom New Tab\" (jfocahgaekfaemhfcfefcodphgpinnch)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jfocahgaekfaemhfcfefcodphgpinnch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jfocahgaekfaemhfcfefcodphgpinnch", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jfocahgaekfaemhfcfefcodphgpinnch", "external_id": "jfocahgaekfaemhfcfefcodphgpinnch"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c0d0d28c-ce07-424a-8452-396003cb72eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.783653Z", "modified": "2026-06-02T15:57:32.783653Z", "name": "Malicious Extension: \"Forntine Skin Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Forntine Skin Wallpaper HD Custom New Tab\" (jgbkgjepkeklblmlhnpjmnbinmifjenc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jgbkgjepkeklblmlhnpjmnbinmifjenc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jgbkgjepkeklblmlhnpjmnbinmifjenc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jgbkgjepkeklblmlhnpjmnbinmifjenc", "external_id": "jgbkgjepkeklblmlhnpjmnbinmifjenc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--76190b18-6205-4755-b825-dbda8bba5d31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.784728Z", "modified": "2026-06-02T15:57:32.784728Z", "name": "Malicious Extension: \"Marble Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Marble Wallpaper HD Custom New Tab\" (jlbebokeclkofhchdepbojfhmocdlhfl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jlbebokeclkofhchdepbojfhmocdlhfl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jlbebokeclkofhchdepbojfhmocdlhfl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jlbebokeclkofhchdepbojfhmocdlhfl", "external_id": "jlbebokeclkofhchdepbojfhmocdlhfl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d9d71a68-65b3-47b5-ba5c-4dcafeae235c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.785783Z", "modified": "2026-06-02T15:57:32.785783Z", "name": "Malicious Extension: \"Sports Cars - Super Cars Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Sports Cars - Super Cars Wallpaper HD New Tab\" (jlbhkoohfmnikpalgglhpadlbeiobkaa)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jlbhkoohfmnikpalgglhpadlbeiobkaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jlbhkoohfmnikpalgglhpadlbeiobkaa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jlbhkoohfmnikpalgglhpadlbeiobkaa", "external_id": "jlbhkoohfmnikpalgglhpadlbeiobkaa"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--562cb471-8019-492e-ada2-e3f93b5732f5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.787003Z", "modified": "2026-06-02T15:57:32.787003Z", "name": "Malicious Extension: \"Hetalia Backgrounds HD Tab\"", "description": "Malicious browser extension: \"Hetalia Backgrounds HD Tab\" (jmlbnlcodmikhdpbjjdemgaebjgmpooa)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jmlbnlcodmikhdpbjjdemgaebjgmpooa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jmlbnlcodmikhdpbjjdemgaebjgmpooa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jmlbnlcodmikhdpbjjdemgaebjgmpooa", "external_id": "jmlbnlcodmikhdpbjjdemgaebjgmpooa"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--94772068-56a7-47c9-a2f3-ff6bb13c6d4b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.788134Z", "modified": "2026-06-02T15:57:32.788134Z", "name": "Malicious Extension: \"Minecraft Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Minecraft Wallpaper HD Custom New Tab\" (jnmckphflgdpioinbjaeckdajkbgcfgg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jnmckphflgdpioinbjaeckdajkbgcfgg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jnmckphflgdpioinbjaeckdajkbgcfgg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jnmckphflgdpioinbjaeckdajkbgcfgg", "external_id": "jnmckphflgdpioinbjaeckdajkbgcfgg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ec2551bf-d5c1-46c8-ac96-2397d50aa23d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.789189Z", "modified": "2026-06-02T15:57:32.789189Z", "name": "Malicious Extension: \"Santa Claus Wallpapers & Santa Claus Games\"", "description": "Malicious browser extension: \"Santa Claus Wallpapers & Santa Claus Games\" (kcjahchbheejjpdpohgfkaoknhcdjjnh)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kcjahchbheejjpdpohgfkaoknhcdjjnh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kcjahchbheejjpdpohgfkaoknhcdjjnh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kcjahchbheejjpdpohgfkaoknhcdjjnh", "external_id": "kcjahchbheejjpdpohgfkaoknhcdjjnh"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a682ca0c-f8f0-4300-ade1-c5d5f6d3de9d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.790248Z", "modified": "2026-06-02T15:57:32.790248Z", "name": "Malicious Extension: \"Fortnite Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Fortnite Wallpaper HD Custom New Tab\" (kdihodbgfndblemlklkllhfjhiidbgih)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kdihodbgfndblemlklkllhfjhiidbgih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kdihodbgfndblemlklkllhfjhiidbgih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kdihodbgfndblemlklkllhfjhiidbgih", "external_id": "kdihodbgfndblemlklkllhfjhiidbgih"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a6886ac6-3ab4-497b-9e4c-d297d1ac7fc4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.791309Z", "modified": "2026-06-02T15:57:32.791309Z", "name": "Malicious Extension: \"Just Cause 4 Themes New Tab Avalanche\"", "description": "Malicious browser extension: \"Just Cause 4 Themes New Tab Avalanche\" (kefmhdhaebhmdeaabcgoaegmgodncebc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kefmhdhaebhmdeaabcgoaegmgodncebc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kefmhdhaebhmdeaabcgoaegmgodncebc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kefmhdhaebhmdeaabcgoaegmgodncebc", "external_id": "kefmhdhaebhmdeaabcgoaegmgodncebc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--47cac493-f598-41b1-b6be-d3b7d6522841", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.792375Z", "modified": "2026-06-02T15:57:32.792375Z", "name": "Malicious Extension: \"Galaxy Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Galaxy Wallpaper HD Custom New Tab\" (kicmnilchjfefpceoaiopdpbpkicgjjm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kicmnilchjfefpceoaiopdpbpkicgjjm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kicmnilchjfefpceoaiopdpbpkicgjjm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kicmnilchjfefpceoaiopdpbpkicgjjm", "external_id": "kicmnilchjfefpceoaiopdpbpkicgjjm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9a0819aa-60eb-4655-b0b6-43f196fe1d51", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.793429Z", "modified": "2026-06-02T15:57:32.793429Z", "name": "Malicious Extension: \"Pokemon Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Pokemon Wallpaper HD Custom New Tab\" (kigiheamdfmilbhkfdploghfnndcgkko)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kigiheamdfmilbhkfdploghfnndcgkko']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kigiheamdfmilbhkfdploghfnndcgkko", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kigiheamdfmilbhkfdploghfnndcgkko", "external_id": "kigiheamdfmilbhkfdploghfnndcgkko"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2659cdfc-6dc0-478f-9602-d88e63a917a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.794644Z", "modified": "2026-06-02T15:57:32.794644Z", "name": "Malicious Extension: \"Pokemon Backgrounds HD\"", "description": "Malicious browser extension: \"Pokemon Backgrounds HD\" (kjgceeikbnmddoaggelkkpljdabhghkc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjgceeikbnmddoaggelkkpljdabhghkc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjgceeikbnmddoaggelkkpljdabhghkc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjgceeikbnmddoaggelkkpljdabhghkc", "external_id": "kjgceeikbnmddoaggelkkpljdabhghkc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cbc66d2d-cafe-486e-bc7c-a9ef2dd7cfa9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.795715Z", "modified": "2026-06-02T15:57:32.795715Z", "name": "Malicious Extension: \"Hypebeast Wallpapers HD New Tab\"", "description": "Malicious browser extension: \"Hypebeast Wallpapers HD New Tab\" (kkeojhapoadcdlmkjlakdbhfkldbbmgi)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kkeojhapoadcdlmkjlakdbhfkldbbmgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kkeojhapoadcdlmkjlakdbhfkldbbmgi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kkeojhapoadcdlmkjlakdbhfkldbbmgi", "external_id": "kkeojhapoadcdlmkjlakdbhfkldbbmgi"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8cba291c-c117-4424-a7ac-3aba7ecf901f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.796766Z", "modified": "2026-06-02T15:57:32.796766Z", "name": "Malicious Extension: \"Photography Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Photography Wallpaper HD Custom New Tab\" (klblfmpeelmpnadjahhdakiomhaepogb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/klblfmpeelmpnadjahhdakiomhaepogb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:klblfmpeelmpnadjahhdakiomhaepogb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/klblfmpeelmpnadjahhdakiomhaepogb", "external_id": "klblfmpeelmpnadjahhdakiomhaepogb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f04780dc-1d33-4161-9107-9090ddcef343", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.797821Z", "modified": "2026-06-02T15:57:32.797821Z", "name": "Malicious Extension: \"Super Junior Wallpapers & Super Junior Games\"", "description": "Malicious browser extension: \"Super Junior Wallpapers & Super Junior Games\" (kmfiklhdkhidbmofjbgmpeaogglkndpe)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kmfiklhdkhidbmofjbgmpeaogglkndpe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kmfiklhdkhidbmofjbgmpeaogglkndpe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kmfiklhdkhidbmofjbgmpeaogglkndpe", "external_id": "kmfiklhdkhidbmofjbgmpeaogglkndpe"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7378f86a-63d0-402f-8ca0-d0a3cd1139d4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.7989Z", "modified": "2026-06-02T15:57:32.7989Z", "name": "Malicious Extension: \"Logan (Wolverine) Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Logan (Wolverine) Wallpaper HD Custom New Tab\" (knacgnmpceaffedmgegknkfcnejjhdpp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/knacgnmpceaffedmgegknkfcnejjhdpp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:knacgnmpceaffedmgegknkfcnejjhdpp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/knacgnmpceaffedmgegknkfcnejjhdpp", "external_id": "knacgnmpceaffedmgegknkfcnejjhdpp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c3a25f46-d9e7-474c-b620-cedf4e226ef3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.799993Z", "modified": "2026-06-02T15:57:32.799993Z", "name": "Malicious Extension: \"Darling In The Franxx New Tab HD\"", "description": "Malicious browser extension: \"Darling In The Franxx New Tab HD\" (kppjffaccdlhfeleafnohmfkgimdjmgg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kppjffaccdlhfeleafnohmfkgimdjmgg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kppjffaccdlhfeleafnohmfkgimdjmgg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kppjffaccdlhfeleafnohmfkgimdjmgg", "external_id": "kppjffaccdlhfeleafnohmfkgimdjmgg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c7e886f6-6cd8-4671-a18b-0e5cc77351b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.801056Z", "modified": "2026-06-02T15:57:32.801056Z", "name": "Malicious Extension: \"Snow Man Wallpapers & Snow Man Games\"", "description": "Malicious browser extension: \"Snow Man Wallpapers & Snow Man Games\" (lbbegfjhlhpikmhbdcfcoadegdldmaen)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lbbegfjhlhpikmhbdcfcoadegdldmaen']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lbbegfjhlhpikmhbdcfcoadegdldmaen", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lbbegfjhlhpikmhbdcfcoadegdldmaen", "external_id": "lbbegfjhlhpikmhbdcfcoadegdldmaen"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--33dd0a8f-37c3-4789-97fa-04033c07e160", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.80229Z", "modified": "2026-06-02T15:57:32.80229Z", "name": "Malicious Extension: \"Made In Abyss Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Made In Abyss Wallpaper HD Custom New Tab\" (lbjgbekokephmmfllmpglefmoaihklpn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lbjgbekokephmmfllmpglefmoaihklpn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lbjgbekokephmmfllmpglefmoaihklpn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lbjgbekokephmmfllmpglefmoaihklpn", "external_id": "lbjgbekokephmmfllmpglefmoaihklpn"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b1015265-8bb9-4b55-9ab3-22ce95e3e64c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.80337Z", "modified": "2026-06-02T15:57:32.80337Z", "name": "Malicious Extension: \"Athletes Motivational Quotes Backgrounds\"", "description": "Malicious browser extension: \"Athletes Motivational Quotes Backgrounds\" (lblnngjkgcpplmddebmefokmccpflhip)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lblnngjkgcpplmddebmefokmccpflhip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lblnngjkgcpplmddebmefokmccpflhip", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lblnngjkgcpplmddebmefokmccpflhip", "external_id": "lblnngjkgcpplmddebmefokmccpflhip"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2db34fe5-d97c-4188-a35f-c73b78107979", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.804434Z", "modified": "2026-06-02T15:57:32.804434Z", "name": "Malicious Extension: \"Naruto Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Naruto Wallpaper HD Custom New Tab\" (lcdabcbanafchdlcbdjgngcplnkijala)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lcdabcbanafchdlcbdjgngcplnkijala']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lcdabcbanafchdlcbdjgngcplnkijala", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lcdabcbanafchdlcbdjgngcplnkijala", "external_id": "lcdabcbanafchdlcbdjgngcplnkijala"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e4426dc1-54d9-4f8c-99d2-798d4cf307cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.80549Z", "modified": "2026-06-02T15:57:32.80549Z", "name": "Malicious Extension: \"Minecraft Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Minecraft Wallpaper HD Custom New Tab\" (lcgjhoonomcmjpbnijfohbdhhjmhjlal)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lcgjhoonomcmjpbnijfohbdhhjmhjlal']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lcgjhoonomcmjpbnijfohbdhhjmhjlal", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lcgjhoonomcmjpbnijfohbdhhjmhjlal", "external_id": "lcgjhoonomcmjpbnijfohbdhhjmhjlal"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7c036782-8918-4fbb-871c-0f4f1d27ae54", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.806545Z", "modified": "2026-06-02T15:57:32.806545Z", "name": "Malicious Extension: \"Bulldogs Themes\"", "description": "Malicious browser extension: \"Bulldogs Themes\" (ldkienofjncecbbnmhpngiiidekfcdoe)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldkienofjncecbbnmhpngiiidekfcdoe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ldkienofjncecbbnmhpngiiidekfcdoe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldkienofjncecbbnmhpngiiidekfcdoe", "external_id": "ldkienofjncecbbnmhpngiiidekfcdoe"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a5829a9b-ae27-4f26-a301-9ec497d2b2a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.807614Z", "modified": "2026-06-02T15:57:32.807614Z", "name": "Malicious Extension: \"Harry Potter Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Harry Potter Wallpaper HD Custom New Tab\" (lemhpidjofhodofghkakoglahdafpcbe)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lemhpidjofhodofghkakoglahdafpcbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lemhpidjofhodofghkakoglahdafpcbe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lemhpidjofhodofghkakoglahdafpcbe", "external_id": "lemhpidjofhodofghkakoglahdafpcbe"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5d65c466-690d-478d-8c2e-bd975c60d750", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.808668Z", "modified": "2026-06-02T15:57:32.808668Z", "name": "Malicious Extension: \"Pokemon Go Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Pokemon Go Wallpaper HD Custom New Tab\" (lgekbdjboenacbkiabfkkcpjgacmjcdg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lgekbdjboenacbkiabfkkcpjgacmjcdg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lgekbdjboenacbkiabfkkcpjgacmjcdg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lgekbdjboenacbkiabfkkcpjgacmjcdg", "external_id": "lgekbdjboenacbkiabfkkcpjgacmjcdg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--32be4793-3a9d-4440-964c-550d935e7d17", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.810986Z", "modified": "2026-06-02T15:57:32.810986Z", "name": "Malicious Extension: \"Neon wolf Backgrounds HD\"", "description": "Malicious browser extension: \"Neon wolf Backgrounds HD\" (lggmpibegkcnfogpophgnchognofcdgo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lggmpibegkcnfogpophgnchognofcdgo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lggmpibegkcnfogpophgnchognofcdgo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lggmpibegkcnfogpophgnchognofcdgo", "external_id": "lggmpibegkcnfogpophgnchognofcdgo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f032bde5-72af-401b-b83e-b483d3d55454", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.812139Z", "modified": "2026-06-02T15:57:32.812139Z", "name": "Malicious Extension: \"Roblox Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Roblox Wallpaper HD Custom New Tab\" (ljppknljdefmnkckkdjaokhlncbiehgo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljppknljdefmnkckkdjaokhlncbiehgo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljppknljdefmnkckkdjaokhlncbiehgo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljppknljdefmnkckkdjaokhlncbiehgo", "external_id": "ljppknljdefmnkckkdjaokhlncbiehgo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6d38e5d8-eb4b-4810-bde2-d8dcf5d51246", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.813236Z", "modified": "2026-06-02T15:57:32.813236Z", "name": "Malicious Extension: \"Space Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Space Wallpaper HD Custom New Tab\" (lkdahidfbdadmblpkopllegopldfbhge)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lkdahidfbdadmblpkopllegopldfbhge']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lkdahidfbdadmblpkopllegopldfbhge", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lkdahidfbdadmblpkopllegopldfbhge", "external_id": "lkdahidfbdadmblpkopllegopldfbhge"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0121baef-69b0-46fa-aabf-a168aeb690ec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.814319Z", "modified": "2026-06-02T15:57:32.814319Z", "name": "Malicious Extension: \"3D Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"3D Wallpaper HD Custom New Tab\" (llngndcpphncgeledehpklbeheadnoan)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/llngndcpphncgeledehpklbeheadnoan']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:llngndcpphncgeledehpklbeheadnoan", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/llngndcpphncgeledehpklbeheadnoan", "external_id": "llngndcpphncgeledehpklbeheadnoan"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dae3c818-20bd-4e3a-af99-72b737e41c4d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.815416Z", "modified": "2026-06-02T15:57:32.815416Z", "name": "Malicious Extension: \"Bangtan Boys Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bangtan Boys Wallpaper HD Custom New Tab\" (lmmdoemglmnjenhfcjkhgpkgiedcejmn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmmdoemglmnjenhfcjkhgpkgiedcejmn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmmdoemglmnjenhfcjkhgpkgiedcejmn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmmdoemglmnjenhfcjkhgpkgiedcejmn", "external_id": "lmmdoemglmnjenhfcjkhgpkgiedcejmn"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9b23c1c2-85eb-46ba-bfed-c472e9776826", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.816482Z", "modified": "2026-06-02T15:57:32.816482Z", "name": "Malicious Extension: \"Superheroes Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Superheroes Wallpaper HD Custom New Tab\" (lniooknjghghdjoehegcoinmbhdbhcck)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lniooknjghghdjoehegcoinmbhdbhcck']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lniooknjghghdjoehegcoinmbhdbhcck", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lniooknjghghdjoehegcoinmbhdbhcck", "external_id": "lniooknjghghdjoehegcoinmbhdbhcck"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0b49e687-216a-40b6-b96b-08d67610a261", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.817547Z", "modified": "2026-06-02T15:57:32.817547Z", "name": "Malicious Extension: \"3D Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"3D Wallpaper HD Custom New Tab\" (makliapgjjpdkkaikobcmdhkfbfcoafk)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/makliapgjjpdkkaikobcmdhkfbfcoafk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:makliapgjjpdkkaikobcmdhkfbfcoafk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/makliapgjjpdkkaikobcmdhkfbfcoafk", "external_id": "makliapgjjpdkkaikobcmdhkfbfcoafk"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fb849c1b-1277-4550-b847-78e2516b98a3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.818781Z", "modified": "2026-06-02T15:57:32.818781Z", "name": "Malicious Extension: \"Aquarium Live Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Aquarium Live Wallpaper HD Custom New Tab\" (maohnjppabopdhfkholcdkpehdojnpoc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/maohnjppabopdhfkholcdkpehdojnpoc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:maohnjppabopdhfkholcdkpehdojnpoc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/maohnjppabopdhfkholcdkpehdojnpoc", "external_id": "maohnjppabopdhfkholcdkpehdojnpoc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c3306632-51f5-42b9-bc19-6d121f926ac5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.819867Z", "modified": "2026-06-02T15:57:32.819867Z", "name": "Malicious Extension: \"Roblox And Minecraft Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Roblox And Minecraft Wallpaper HD New Tab\" (mcadalidfbmnponoamfdjlahdeheommb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mcadalidfbmnponoamfdjlahdeheommb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mcadalidfbmnponoamfdjlahdeheommb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mcadalidfbmnponoamfdjlahdeheommb", "external_id": "mcadalidfbmnponoamfdjlahdeheommb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c91a4212-5606-465f-9cbb-d50f35f9b5cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.820928Z", "modified": "2026-06-02T15:57:32.820928Z", "name": "Malicious Extension: \"Sword Art Online Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Sword Art Online Wallpaper HD Custom New Tab\" (mcafdholbcjhepgnpfdogaiagjmlfcon)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mcafdholbcjhepgnpfdogaiagjmlfcon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mcafdholbcjhepgnpfdogaiagjmlfcon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mcafdholbcjhepgnpfdogaiagjmlfcon", "external_id": "mcafdholbcjhepgnpfdogaiagjmlfcon"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e6555d0a-275c-458c-8bd7-2d4e35efc377", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.821979Z", "modified": "2026-06-02T15:57:32.821979Z", "name": "Malicious Extension: \"Bears Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bears Wallpaper HD Custom New Tab\" (meioomnaphfjchjidcfnbadkbaaoanok)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/meioomnaphfjchjidcfnbadkbaaoanok']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:meioomnaphfjchjidcfnbadkbaaoanok", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/meioomnaphfjchjidcfnbadkbaaoanok", "external_id": "meioomnaphfjchjidcfnbadkbaaoanok"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8a892dbd-52ba-42fe-a8e4-535cbbaa9a3d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.823024Z", "modified": "2026-06-02T15:57:32.823024Z", "name": "Malicious Extension: \"Fortnite Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Fortnite Wallpaper HD Custom New Tab\" (mjbmelinkhpkmbjnocdklkjpiilpikba)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mjbmelinkhpkmbjnocdklkjpiilpikba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mjbmelinkhpkmbjnocdklkjpiilpikba", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mjbmelinkhpkmbjnocdklkjpiilpikba", "external_id": "mjbmelinkhpkmbjnocdklkjpiilpikba"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--38178281-a0b2-4bdc-bc2d-7ca6f80b58aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.824119Z", "modified": "2026-06-02T15:57:32.824119Z", "name": "Malicious Extension: \"Black Clover Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Black Clover Wallpaper HD Custom New Tab\" (mkghdamdheccacmkmnchkaoljoflpoek)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mkghdamdheccacmkmnchkaoljoflpoek']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mkghdamdheccacmkmnchkaoljoflpoek", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mkghdamdheccacmkmnchkaoljoflpoek", "external_id": "mkghdamdheccacmkmnchkaoljoflpoek"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bfc991b1-7398-49a3-beae-2d18e56d810c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.825181Z", "modified": "2026-06-02T15:57:32.825181Z", "name": "Malicious Extension: \"Star Wars Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Star Wars Wallpaper HD Custom New Tab\" (mkjcnnfcmmniieaidfadidepdgfppfdj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mkjcnnfcmmniieaidfadidepdgfppfdj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mkjcnnfcmmniieaidfadidepdgfppfdj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mkjcnnfcmmniieaidfadidepdgfppfdj", "external_id": "mkjcnnfcmmniieaidfadidepdgfppfdj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--33e26aaf-1b2a-40b0-9cf9-764aefcc4f81", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.826421Z", "modified": "2026-06-02T15:57:32.826421Z", "name": "Malicious Extension: \"Doctor Who Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Doctor Who Wallpaper HD Custom New Tab\" (mmhaojkmpbmgbkojlagnhmjlfmnaglla)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmhaojkmpbmgbkojlagnhmjlfmnaglla']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmhaojkmpbmgbkojlagnhmjlfmnaglla", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmhaojkmpbmgbkojlagnhmjlfmnaglla", "external_id": "mmhaojkmpbmgbkojlagnhmjlfmnaglla"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bccd48b7-7f62-41b0-8631-0c6cbe27ec4c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.827496Z", "modified": "2026-06-02T15:57:32.827496Z", "name": "Malicious Extension: \"Namjin Bts Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Namjin Bts Wallpaper HD Custom New Tab\" (mmlhchoolkdnmnddgmoohigffekjnofo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmlhchoolkdnmnddgmoohigffekjnofo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmlhchoolkdnmnddgmoohigffekjnofo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmlhchoolkdnmnddgmoohigffekjnofo", "external_id": "mmlhchoolkdnmnddgmoohigffekjnofo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--57857f1e-b886-4e58-a544-92954dd8759d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.828558Z", "modified": "2026-06-02T15:57:32.828558Z", "name": "Malicious Extension: \"Hypebeast Dope Supreme Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Hypebeast Dope Supreme Wallpaper HD New Tab\" (mmmapklofkmbcahafjmiogdbmpagimlp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmmapklofkmbcahafjmiogdbmpagimlp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmmapklofkmbcahafjmiogdbmpagimlp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmmapklofkmbcahafjmiogdbmpagimlp", "external_id": "mmmapklofkmbcahafjmiogdbmpagimlp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1bcd8bc3-68d4-486f-9347-bf7e42540b0c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.829607Z", "modified": "2026-06-02T15:57:32.829607Z", "name": "Malicious Extension: \"Fireplace Live Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Fireplace Live Wallpaper HD Custom New Tab\" (mngcfgonjbdbdbifcbhmdiddloganbcc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mngcfgonjbdbdbifcbhmdiddloganbcc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mngcfgonjbdbdbifcbhmdiddloganbcc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mngcfgonjbdbdbifcbhmdiddloganbcc", "external_id": "mngcfgonjbdbdbifcbhmdiddloganbcc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--48912092-eb6d-4d91-b777-e89fc8c4e3d4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.830662Z", "modified": "2026-06-02T15:57:32.830662Z", "name": "Malicious Extension: \"Satsuriku No Tenshi Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Satsuriku No Tenshi Wallpaper HD New Tab\" (mnnpffgmgkbdllleeihdgfgleomdhacm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mnnpffgmgkbdllleeihdgfgleomdhacm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mnnpffgmgkbdllleeihdgfgleomdhacm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mnnpffgmgkbdllleeihdgfgleomdhacm", "external_id": "mnnpffgmgkbdllleeihdgfgleomdhacm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f1211d10-b88a-4553-b906-b7368158d06f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.831725Z", "modified": "2026-06-02T15:57:32.831725Z", "name": "Malicious Extension: \"Rocket League Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Rocket League Wallpaper HD Custom New Tab\" (moalaminambcgbljenplldelnhnaikke)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/moalaminambcgbljenplldelnhnaikke']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:moalaminambcgbljenplldelnhnaikke", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/moalaminambcgbljenplldelnhnaikke", "external_id": "moalaminambcgbljenplldelnhnaikke"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6ef11903-3e3d-4ac5-b955-6b5e9b52910c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.832781Z", "modified": "2026-06-02T15:57:32.832781Z", "name": "Malicious Extension: \"Moana Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Moana Wallpaper HD Custom New Tab\" (moljhdcbomchgdffhddpicbokacnbjoj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/moljhdcbomchgdffhddpicbokacnbjoj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:moljhdcbomchgdffhddpicbokacnbjoj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/moljhdcbomchgdffhddpicbokacnbjoj", "external_id": "moljhdcbomchgdffhddpicbokacnbjoj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--36183f68-f85e-4839-bbc0-e9937dc89387", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.833997Z", "modified": "2026-06-02T15:57:32.833997Z", "name": "Malicious Extension: \"Alfa Romeo Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Alfa Romeo Wallpaper HD Custom New Tab\" (mpdpjfobafahmgicjmpnfklbphhlacel)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mpdpjfobafahmgicjmpnfklbphhlacel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mpdpjfobafahmgicjmpnfklbphhlacel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mpdpjfobafahmgicjmpnfklbphhlacel", "external_id": "mpdpjfobafahmgicjmpnfklbphhlacel"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c3833841-c1c1-4213-8285-9d59ad882456", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.835049Z", "modified": "2026-06-02T15:57:32.835049Z", "name": "Malicious Extension: \"Lion Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Lion Wallpaper HD Custom New Tab\" (mpfleoaldoclbjhfkgbmnelkkbolbegl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mpfleoaldoclbjhfkgbmnelkkbolbegl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mpfleoaldoclbjhfkgbmnelkkbolbegl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mpfleoaldoclbjhfkgbmnelkkbolbegl", "external_id": "mpfleoaldoclbjhfkgbmnelkkbolbegl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e0944a8b-36d3-46d7-b8c8-097f1e6ee713", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.83611Z", "modified": "2026-06-02T15:57:32.83611Z", "name": "Malicious Extension: \"Super Cars - Sports Cars Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Super Cars - Sports Cars Wallpaper HD New Tab\" (nafbodmhgaabbfchodpkmpnibgjmeeei)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nafbodmhgaabbfchodpkmpnibgjmeeei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nafbodmhgaabbfchodpkmpnibgjmeeei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nafbodmhgaabbfchodpkmpnibgjmeeei", "external_id": "nafbodmhgaabbfchodpkmpnibgjmeeei"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d81eff91-f7a3-42cb-b33b-e1d29dce444e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.837164Z", "modified": "2026-06-02T15:57:32.837164Z", "name": "Malicious Extension: \"Red Dead Redemption Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Red Dead Redemption Wallpaper HD New Tab\" (naofchadlleomaipaienfedidkiodamo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/naofchadlleomaipaienfedidkiodamo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:naofchadlleomaipaienfedidkiodamo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/naofchadlleomaipaienfedidkiodamo", "external_id": "naofchadlleomaipaienfedidkiodamo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--36820538-8fc9-4931-ba55-f1d12dd7095d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.838219Z", "modified": "2026-06-02T15:57:32.838219Z", "name": "Malicious Extension: \"League Of Legends (Lol) Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"League Of Legends (Lol) Wallpaper HD New Tab\" (nbbeiofjfjmnicfhkfbjdggbclmbaioc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nbbeiofjfjmnicfhkfbjdggbclmbaioc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nbbeiofjfjmnicfhkfbjdggbclmbaioc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nbbeiofjfjmnicfhkfbjdggbclmbaioc", "external_id": "nbbeiofjfjmnicfhkfbjdggbclmbaioc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--67ec2977-54ec-48d9-9d4b-2ae284e23f4f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.839272Z", "modified": "2026-06-02T15:57:32.839272Z", "name": "Malicious Extension: \"Dinosaurs Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Dinosaurs Wallpaper HD Custom New Tab\" (nbblafbmmogmlhejjondcclcgbkdmjln)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nbblafbmmogmlhejjondcclcgbkdmjln']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nbblafbmmogmlhejjondcclcgbkdmjln", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nbblafbmmogmlhejjondcclcgbkdmjln", "external_id": "nbblafbmmogmlhejjondcclcgbkdmjln"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--15f79f6d-af66-461f-add4-cb343a5f1af5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.840329Z", "modified": "2026-06-02T15:57:32.840329Z", "name": "Malicious Extension: \"Lilo And Stitch Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Lilo And Stitch Wallpaper HD Custom New Tab\" (nbekcbebginchflfegofcjjmojpppnad)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nbekcbebginchflfegofcjjmojpppnad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nbekcbebginchflfegofcjjmojpppnad", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nbekcbebginchflfegofcjjmojpppnad", "external_id": "nbekcbebginchflfegofcjjmojpppnad"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--31700b78-7746-4c04-99d4-231895643ffd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.841569Z", "modified": "2026-06-02T15:57:32.841569Z", "name": "Malicious Extension: \"Ugandan Knuckles Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Ugandan Knuckles Wallpaper HD Custom New Tab\" (nbhjdcacphemibgeamjkmeknfeffgngk)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nbhjdcacphemibgeamjkmeknfeffgngk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nbhjdcacphemibgeamjkmeknfeffgngk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nbhjdcacphemibgeamjkmeknfeffgngk", "external_id": "nbhjdcacphemibgeamjkmeknfeffgngk"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--25a6061d-d4ac-46fe-a6d5-60b18772e034", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.842624Z", "modified": "2026-06-02T15:57:32.842624Z", "name": "Malicious Extension: \"Hedgehog Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Hedgehog Wallpaper HD Custom New Tab\" (nchffcpkbehklpbdodlakgdbnkdcnpbi)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nchffcpkbehklpbdodlakgdbnkdcnpbi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nchffcpkbehklpbdodlakgdbnkdcnpbi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nchffcpkbehklpbdodlakgdbnkdcnpbi", "external_id": "nchffcpkbehklpbdodlakgdbnkdcnpbi"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--19bc1e30-78a4-4992-87e7-e1eeeea2b5f5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.84369Z", "modified": "2026-06-02T15:57:32.84369Z", "name": "Malicious Extension: \"Blade Runner 2049 Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Blade Runner 2049 Wallpaper HD Custom New Tab\" (nckldhnoondmiheikhblobkgcfchcbld)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nckldhnoondmiheikhblobkgcfchcbld']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nckldhnoondmiheikhblobkgcfchcbld", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nckldhnoondmiheikhblobkgcfchcbld", "external_id": "nckldhnoondmiheikhblobkgcfchcbld"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1b5351d5-35aa-4a4a-aa90-5d446afb97cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.844744Z", "modified": "2026-06-02T15:57:32.844744Z", "name": "Malicious Extension: \"Vkook Kim Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Vkook Kim Wallpaper HD Custom New Tab\" (ncnonnloajjbpdpgnelmlbflmbhlilid)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ncnonnloajjbpdpgnelmlbflmbhlilid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ncnonnloajjbpdpgnelmlbflmbhlilid", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ncnonnloajjbpdpgnelmlbflmbhlilid", "external_id": "ncnonnloajjbpdpgnelmlbflmbhlilid"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7b3af59b-5fc3-4b89-bf61-141f491abd34", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.846747Z", "modified": "2026-06-02T15:57:32.846747Z", "name": "Malicious Extension: \"Bears Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bears Wallpaper HD Custom New Tab\" (ncpjlhellnlcjnjmablbaingipdemidh)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ncpjlhellnlcjnjmablbaingipdemidh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ncpjlhellnlcjnjmablbaingipdemidh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ncpjlhellnlcjnjmablbaingipdemidh", "external_id": "ncpjlhellnlcjnjmablbaingipdemidh"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--758c6634-10ae-45d4-804e-9068830d2d72", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.847966Z", "modified": "2026-06-02T15:57:32.847966Z", "name": "Malicious Extension: \"Death Note Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Death Note Wallpaper HD Custom New Tab\" (ndchgkeilnpiefnoagcbnlellpcfmjic)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ndchgkeilnpiefnoagcbnlellpcfmjic']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ndchgkeilnpiefnoagcbnlellpcfmjic", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ndchgkeilnpiefnoagcbnlellpcfmjic", "external_id": "ndchgkeilnpiefnoagcbnlellpcfmjic"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--662d2f1b-f581-4c41-b082-b3f7b18776d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.849106Z", "modified": "2026-06-02T15:57:32.849106Z", "name": "Malicious Extension: \"Daredevil Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Daredevil Wallpaper HD Custom New Tab\" (ndeejbgcbhehjpjmngniokeleedmjmap)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ndeejbgcbhehjpjmngniokeleedmjmap']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ndeejbgcbhehjpjmngniokeleedmjmap", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ndeejbgcbhehjpjmngniokeleedmjmap", "external_id": "ndeejbgcbhehjpjmngniokeleedmjmap"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e85357bd-e447-4604-9f4b-e1b47ecca65c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.850418Z", "modified": "2026-06-02T15:57:32.850418Z", "name": "Malicious Extension: \"Gucci Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Gucci Wallpaper HD Custom New Tab\" (ndihciopmidkbamcfgpdmojcpalolfgo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ndihciopmidkbamcfgpdmojcpalolfgo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ndihciopmidkbamcfgpdmojcpalolfgo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ndihciopmidkbamcfgpdmojcpalolfgo", "external_id": "ndihciopmidkbamcfgpdmojcpalolfgo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--573c8bc7-0c5f-4473-b343-285d593c88d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.851523Z", "modified": "2026-06-02T15:57:32.851523Z", "name": "Malicious Extension: \"Jisung Stray Kids Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Jisung Stray Kids Wallpaper HD Custom New Tab\" (neafafemicnbclhpojeoiemihogeejhl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/neafafemicnbclhpojeoiemihogeejhl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:neafafemicnbclhpojeoiemihogeejhl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/neafafemicnbclhpojeoiemihogeejhl", "external_id": "neafafemicnbclhpojeoiemihogeejhl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ba1522ab-1b8f-446b-90db-0f77103b375d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.852595Z", "modified": "2026-06-02T15:57:32.852595Z", "name": "Malicious Extension: \"Kill La Kill Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Kill La Kill Wallpaper HD Custom New Tab\" (nekimocmhfdimckbgchifahcgafhnagb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nekimocmhfdimckbgchifahcgafhnagb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nekimocmhfdimckbgchifahcgafhnagb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nekimocmhfdimckbgchifahcgafhnagb", "external_id": "nekimocmhfdimckbgchifahcgafhnagb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d0dd8b9f-6584-4f67-bce9-4565c7162bc9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.853654Z", "modified": "2026-06-02T15:57:32.853654Z", "name": "Malicious Extension: \"One Direction Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"One Direction Wallpaper HD Custom New Tab\" (nenaiblmmandfgaiifppcegejpinkebl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nenaiblmmandfgaiifppcegejpinkebl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nenaiblmmandfgaiifppcegejpinkebl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nenaiblmmandfgaiifppcegejpinkebl", "external_id": "nenaiblmmandfgaiifppcegejpinkebl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fabd324e-b701-42ef-809c-edf6f4752ff7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.854704Z", "modified": "2026-06-02T15:57:32.854704Z", "name": "Malicious Extension: \"Chicago Bulls Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Chicago Bulls Wallpaper HD Custom New Tab\" (neplbnhjlkmpekfcjibdidioejnhejfl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/neplbnhjlkmpekfcjibdidioejnhejfl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:neplbnhjlkmpekfcjibdidioejnhejfl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/neplbnhjlkmpekfcjibdidioejnhejfl", "external_id": "neplbnhjlkmpekfcjibdidioejnhejfl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b4edb4af-e54a-4d36-b2e6-842e61005f44", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.85579Z", "modified": "2026-06-02T15:57:32.85579Z", "name": "Malicious Extension: \"Ant Man & The Wasp Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Ant Man & The Wasp Wallpaper HD New Tab\" (nepnhilmahdmejhghfbjhhabaioioeel)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nepnhilmahdmejhghfbjhhabaioioeel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nepnhilmahdmejhghfbjhhabaioioeel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nepnhilmahdmejhghfbjhhabaioioeel", "external_id": "nepnhilmahdmejhghfbjhhabaioioeel"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--76a311ef-ddc0-4005-b871-5e3422140a11", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.856863Z", "modified": "2026-06-02T15:57:32.856863Z", "name": "Malicious Extension: \"Jimin & Jungkook Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Jimin & Jungkook Wallpaper HD Custom New Tab\" (nfanjklinojeimbhmfliomdihldjhfpm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nfanjklinojeimbhmfliomdihldjhfpm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nfanjklinojeimbhmfliomdihldjhfpm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nfanjklinojeimbhmfliomdihldjhfpm", "external_id": "nfanjklinojeimbhmfliomdihldjhfpm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b1462ceb-d17b-4d3a-b2f8-3e723ace8991", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.858101Z", "modified": "2026-06-02T15:57:32.858101Z", "name": "Malicious Extension: \"Danganronpa V3 Maki Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Danganronpa V3 Maki Wallpaper HD New Tab\" (nfebelgoldoapjgfkekcmbddpljakakp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nfebelgoldoapjgfkekcmbddpljakakp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nfebelgoldoapjgfkekcmbddpljakakp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nfebelgoldoapjgfkekcmbddpljakakp", "external_id": "nfebelgoldoapjgfkekcmbddpljakakp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--51332037-4f43-4edb-9c92-c87716d82661", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.859175Z", "modified": "2026-06-02T15:57:32.859175Z", "name": "Malicious Extension: \"Ad-block for YouTube - Youtube Ad-blocker Pro\"", "description": "Malicious browser extension: \"Ad-block for YouTube - Youtube Ad-blocker Pro\" (nfhbpopnbgigkljgmelpfncnghjpdopf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nfhbpopnbgigkljgmelpfncnghjpdopf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nfhbpopnbgigkljgmelpfncnghjpdopf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nfhbpopnbgigkljgmelpfncnghjpdopf", "external_id": "nfhbpopnbgigkljgmelpfncnghjpdopf"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8cb8f392-e6e3-49a1-9443-1b621addcc2d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.860239Z", "modified": "2026-06-02T15:57:32.860239Z", "name": "Malicious Extension: \"Seattle Seahawks Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Seattle Seahawks Wallpaper HD Custom New Tab\" (nfpnclghflfcgkgdjcbpoljlafndbomk)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nfpnclghflfcgkgdjcbpoljlafndbomk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nfpnclghflfcgkgdjcbpoljlafndbomk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nfpnclghflfcgkgdjcbpoljlafndbomk", "external_id": "nfpnclghflfcgkgdjcbpoljlafndbomk"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--985af272-b7b3-4808-8d54-d2cd43d45fa2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.861294Z", "modified": "2026-06-02T15:57:32.861294Z", "name": "Malicious Extension: \"Adidas Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Adidas Wallpaper HD Custom New Tab\" (ngaccohdjpkgnghichikgcpfagnoeeim)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ngaccohdjpkgnghichikgcpfagnoeeim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ngaccohdjpkgnghichikgcpfagnoeeim", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ngaccohdjpkgnghichikgcpfagnoeeim", "external_id": "ngaccohdjpkgnghichikgcpfagnoeeim"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f23ef83f-7c8a-4ba2-bcad-f4319a2d6ed3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.862343Z", "modified": "2026-06-02T15:57:32.862343Z", "name": "Malicious Extension: \"Real Madrid Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Real Madrid Wallpaper HD Custom New Tab\" (ngajighkghnbfnleddljedblnjaggebo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ngajighkghnbfnleddljedblnjaggebo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ngajighkghnbfnleddljedblnjaggebo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ngajighkghnbfnleddljedblnjaggebo", "external_id": "ngajighkghnbfnleddljedblnjaggebo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--68392d83-2b08-4e0c-84ec-f7f02071d2e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.863415Z", "modified": "2026-06-02T15:57:32.863415Z", "name": "Malicious Extension: \"Kpop Nu Est Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Kpop Nu Est Wallpaper HD Custom New Tab\" (ngchnhjdpgpkapghgpncmommhelegfbh)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ngchnhjdpgpkapghgpncmommhelegfbh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ngchnhjdpgpkapghgpncmommhelegfbh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ngchnhjdpgpkapghgpncmommhelegfbh", "external_id": "ngchnhjdpgpkapghgpncmommhelegfbh"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--51641745-8203-4039-b004-6da9e365681c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.864468Z", "modified": "2026-06-02T15:57:32.864468Z", "name": "Malicious Extension: \"Satsuriku No Tenshi Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Satsuriku No Tenshi Wallpaper HD New Tab\" (ngeofnobniohmdmdkliflkeppfgbjpgn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ngeofnobniohmdmdkliflkeppfgbjpgn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ngeofnobniohmdmdkliflkeppfgbjpgn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ngeofnobniohmdmdkliflkeppfgbjpgn", "external_id": "ngeofnobniohmdmdkliflkeppfgbjpgn"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a6a457dd-8203-46b0-b95a-7811c871d602", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.865687Z", "modified": "2026-06-02T15:57:32.865687Z", "name": "Malicious Extension: \"Kingdom Hearts 3 Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Kingdom Hearts 3 Wallpaper HD Custom New Tab\" (nglggaejaflihehbajhppedepephbfae)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nglggaejaflihehbajhppedepephbfae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nglggaejaflihehbajhppedepephbfae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nglggaejaflihehbajhppedepephbfae", "external_id": "nglggaejaflihehbajhppedepephbfae"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e5179aa4-201d-47ed-aa1e-4b6cf6c3696a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.866741Z", "modified": "2026-06-02T15:57:32.866741Z", "name": "Malicious Extension: \"Voltron Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Voltron Wallpaper HD Custom New Tab\" (nhnemamgicdjigoedllaicngcfihkmhf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nhnemamgicdjigoedllaicngcfihkmhf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nhnemamgicdjigoedllaicngcfihkmhf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nhnemamgicdjigoedllaicngcfihkmhf", "external_id": "nhnemamgicdjigoedllaicngcfihkmhf"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4293724f-c70f-4cd3-8aff-7ccced06a49e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.867804Z", "modified": "2026-06-02T15:57:32.867804Z", "name": "Malicious Extension: \"One Piece Anime Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"One Piece Anime Wallpaper HD Custom New Tab\" (nhneoegahiihkkgdindfdnobhhhlpfnm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nhneoegahiihkkgdindfdnobhhhlpfnm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nhneoegahiihkkgdindfdnobhhhlpfnm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nhneoegahiihkkgdindfdnobhhhlpfnm", "external_id": "nhneoegahiihkkgdindfdnobhhhlpfnm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ab141320-12d5-4100-ad07-b38144253a67", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.86886Z", "modified": "2026-06-02T15:57:32.86886Z", "name": "Malicious Extension: \"Fruits Basket Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Fruits Basket Wallpaper HD Custom New Tab\" (njablodeioakdgahodegclphmnbaphin)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njablodeioakdgahodegclphmnbaphin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njablodeioakdgahodegclphmnbaphin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njablodeioakdgahodegclphmnbaphin", "external_id": "njablodeioakdgahodegclphmnbaphin"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b5433276-554f-4238-88c7-b3dde27eed90", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.869921Z", "modified": "2026-06-02T15:57:32.869921Z", "name": "Malicious Extension: \"Godzilla Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Godzilla Wallpaper HD Custom New Tab\" (njdegihoinoiplfpbcckmjahlnpeipii)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njdegihoinoiplfpbcckmjahlnpeipii']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njdegihoinoiplfpbcckmjahlnpeipii", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njdegihoinoiplfpbcckmjahlnpeipii", "external_id": "njdegihoinoiplfpbcckmjahlnpeipii"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--323b6e64-b289-4c37-aca6-a9dc76e54701", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.870978Z", "modified": "2026-06-02T15:57:32.870978Z", "name": "Malicious Extension: \"Dope Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Dope Wallpaper HD Custom New Tab\" (njliieipbkencklladfemkkipmfcjiom)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njliieipbkencklladfemkkipmfcjiom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njliieipbkencklladfemkkipmfcjiom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njliieipbkencklladfemkkipmfcjiom", "external_id": "njliieipbkencklladfemkkipmfcjiom"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2b22f715-fb24-49ed-9dda-cdaf6dc21d0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.872053Z", "modified": "2026-06-02T15:57:32.872053Z", "name": "Malicious Extension: \"Ikon Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Ikon Wallpaper HD Custom New Tab\" (nklckhbegicdajpehmmpbnpelkdjmdoc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nklckhbegicdajpehmmpbnpelkdjmdoc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nklckhbegicdajpehmmpbnpelkdjmdoc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nklckhbegicdajpehmmpbnpelkdjmdoc", "external_id": "nklckhbegicdajpehmmpbnpelkdjmdoc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9eed86d0-ea9e-4787-9e5a-01093eebf44c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.873274Z", "modified": "2026-06-02T15:57:32.873274Z", "name": "Malicious Extension: \"Devil May Cry Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Devil May Cry Wallpaper HD Custom New Tab\" (nkopnpaipcceikcmfcjlacgkjoglodag)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nkopnpaipcceikcmfcjlacgkjoglodag']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nkopnpaipcceikcmfcjlacgkjoglodag", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nkopnpaipcceikcmfcjlacgkjoglodag", "external_id": "nkopnpaipcceikcmfcjlacgkjoglodag"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7034dc38-de1d-4476-803a-e0070b51f8f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.874325Z", "modified": "2026-06-02T15:57:32.874325Z", "name": "Malicious Extension: \"Final Fantasy Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Final Fantasy Wallpaper HD Custom New Tab\" (nldffbaphciaaophmdnikgkengbmigli)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nldffbaphciaaophmdnikgkengbmigli']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nldffbaphciaaophmdnikgkengbmigli", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nldffbaphciaaophmdnikgkengbmigli", "external_id": "nldffbaphciaaophmdnikgkengbmigli"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--775c4796-57ce-4a5b-beb6-1b66676acb0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.875391Z", "modified": "2026-06-02T15:57:32.875391Z", "name": "Malicious Extension: \"Heart Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Heart Wallpaper HD Custom New Tab\" (nmkfcjaghjoedelgkomoifnpdejjpcbj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nmkfcjaghjoedelgkomoifnpdejjpcbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nmkfcjaghjoedelgkomoifnpdejjpcbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nmkfcjaghjoedelgkomoifnpdejjpcbj", "external_id": "nmkfcjaghjoedelgkomoifnpdejjpcbj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e51c2ba0-7f21-4881-b0a7-61e216fb7c9f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.87646Z", "modified": "2026-06-02T15:57:32.87646Z", "name": "Malicious Extension: \"Hawaii Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Hawaii Wallpaper HD Custom New Tab\" (nmlmdkblidkckbhidgfgghajlkgjijkp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nmlmdkblidkckbhidgfgghajlkgjijkp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nmlmdkblidkckbhidgfgghajlkgjijkp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nmlmdkblidkckbhidgfgghajlkgjijkp", "external_id": "nmlmdkblidkckbhidgfgghajlkgjijkp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--089e0cc8-f2f0-4a60-b4fa-470719a20f95", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.877509Z", "modified": "2026-06-02T15:57:32.877509Z", "name": "Malicious Extension: \"Puppies Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Puppies Wallpaper HD Custom New Tab\" (nnceiipjfkdobpenbmnajbkdfiklajgl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nnceiipjfkdobpenbmnajbkdfiklajgl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nnceiipjfkdobpenbmnajbkdfiklajgl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nnceiipjfkdobpenbmnajbkdfiklajgl", "external_id": "nnceiipjfkdobpenbmnajbkdfiklajgl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--33a70aa3-7308-4e3d-b436-fec2c6faa73e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.878555Z", "modified": "2026-06-02T15:57:32.878555Z", "name": "Malicious Extension: \"One Direction - 1D Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"One Direction - 1D Wallpaper HD New Tab\" (noiinnecebffnjggilfhailhhgdilbld)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/noiinnecebffnjggilfhailhhgdilbld']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:noiinnecebffnjggilfhailhhgdilbld", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/noiinnecebffnjggilfhailhhgdilbld", "external_id": "noiinnecebffnjggilfhailhhgdilbld"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--706197d7-6eff-4337-bcdc-ceff595f7c09", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.879616Z", "modified": "2026-06-02T15:57:32.879616Z", "name": "Malicious Extension: \"Vmin Bts Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Vmin Bts Wallpaper HD Custom New Tab\" (nojmjafalbmmoohpmjphalepmfnmhfao)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nojmjafalbmmoohpmjphalepmfnmhfao']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nojmjafalbmmoohpmjphalepmfnmhfao", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nojmjafalbmmoohpmjphalepmfnmhfao", "external_id": "nojmjafalbmmoohpmjphalepmfnmhfao"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de5b615f-521e-4e48-84d6-f6c419111d46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.880852Z", "modified": "2026-06-02T15:57:32.880852Z", "name": "Malicious Extension: \"Kill La Kill Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Kill La Kill Wallpaper HD Custom New Tab\" (npcndkopgafkjggoledlgfblodppnckj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/npcndkopgafkjggoledlgfblodppnckj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:npcndkopgafkjggoledlgfblodppnckj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/npcndkopgafkjggoledlgfblodppnckj", "external_id": "npcndkopgafkjggoledlgfblodppnckj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e171f5e0-a065-4e5b-b368-e4ae0be6b92d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.881917Z", "modified": "2026-06-02T15:57:32.881917Z", "name": "Malicious Extension: \"Red Dead Redemption Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Red Dead Redemption Wallpaper HD New Tab\" (nphiadicgehlpbniemnkhinphngoeaeg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nphiadicgehlpbniemnkhinphngoeaeg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nphiadicgehlpbniemnkhinphngoeaeg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nphiadicgehlpbniemnkhinphngoeaeg", "external_id": "nphiadicgehlpbniemnkhinphngoeaeg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9b7ffea2-b851-4d6d-9d13-75aab18dd2f9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.882975Z", "modified": "2026-06-02T15:57:32.882975Z", "name": "Malicious Extension: \"Attack On Titan Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Attack On Titan Wallpaper HD Custom New Tab\" (oaihijkoodmmaibfhojdinffpinmhdji)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oaihijkoodmmaibfhojdinffpinmhdji']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oaihijkoodmmaibfhojdinffpinmhdji", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oaihijkoodmmaibfhojdinffpinmhdji", "external_id": "oaihijkoodmmaibfhojdinffpinmhdji"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de3d1a3c-9ac8-4b5c-8f8a-f53cc7d984fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.884048Z", "modified": "2026-06-02T15:57:32.884048Z", "name": "Malicious Extension: \"Chicago Bulls Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Chicago Bulls Wallpaper HD Custom New Tab\" (oanlnaeipdakcmafockfiekhdklfidjb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oanlnaeipdakcmafockfiekhdklfidjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oanlnaeipdakcmafockfiekhdklfidjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oanlnaeipdakcmafockfiekhdklfidjb", "external_id": "oanlnaeipdakcmafockfiekhdklfidjb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--622b4c7a-1abf-4143-a68e-eef380f5fed5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.885101Z", "modified": "2026-06-02T15:57:32.885101Z", "name": "Malicious Extension: \"Destiny 2 Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Destiny 2 Wallpaper HD Custom New Tab\" (oanplobhgngkpkpeihcdojkongpiheci)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oanplobhgngkpkpeihcdojkongpiheci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oanplobhgngkpkpeihcdojkongpiheci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oanplobhgngkpkpeihcdojkongpiheci", "external_id": "oanplobhgngkpkpeihcdojkongpiheci"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c3d7e580-f1cc-427a-9685-4fa750a6db01", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.886156Z", "modified": "2026-06-02T15:57:32.886156Z", "name": "Malicious Extension: \"Clash Royale Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Clash Royale Wallpaper HD Custom New Tab\" (obahibdkmhmnenkcdpakilchcppihopl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obahibdkmhmnenkcdpakilchcppihopl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obahibdkmhmnenkcdpakilchcppihopl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obahibdkmhmnenkcdpakilchcppihopl", "external_id": "obahibdkmhmnenkcdpakilchcppihopl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--29122263-594a-489f-8658-de2674f020dc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.88723Z", "modified": "2026-06-02T15:57:32.88723Z", "name": "Malicious Extension: \"Deadpool Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Deadpool Wallpaper HD Custom New Tab\" (obgdpcjbebcaphmigjhogcikejnlbjgl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obgdpcjbebcaphmigjhogcikejnlbjgl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obgdpcjbebcaphmigjhogcikejnlbjgl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obgdpcjbebcaphmigjhogcikejnlbjgl", "external_id": "obgdpcjbebcaphmigjhogcikejnlbjgl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--42532380-1dd1-4d2c-a85f-66ea3190e813", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.888459Z", "modified": "2026-06-02T15:57:32.888459Z", "name": "Malicious Extension: \"Dank Memes Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Dank Memes Wallpaper HD Custom New Tab\" (ocfpmgbbkjeblbhdehminjdjffhcidbi)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ocfpmgbbkjeblbhdehminjdjffhcidbi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ocfpmgbbkjeblbhdehminjdjffhcidbi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ocfpmgbbkjeblbhdehminjdjffhcidbi", "external_id": "ocfpmgbbkjeblbhdehminjdjffhcidbi"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c82b4a76-2ac5-4d98-b6e7-ecad61329df6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.88952Z", "modified": "2026-06-02T15:57:32.88952Z", "name": "Malicious Extension: \"Bts Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bts Wallpaper HD Custom New Tab\" (ocgfhclcahimdhfjgmakmfdnhomofljo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ocgfhclcahimdhfjgmakmfdnhomofljo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ocgfhclcahimdhfjgmakmfdnhomofljo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ocgfhclcahimdhfjgmakmfdnhomofljo", "external_id": "ocgfhclcahimdhfjgmakmfdnhomofljo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6c1197d8-1ded-4f4b-80c3-b8b80316951a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.890571Z", "modified": "2026-06-02T15:57:32.890571Z", "name": "Malicious Extension: \"Chevrolet Corvette Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Chevrolet Corvette Wallpaper HD New Tab\" (ocponkhpfikgnggeflddgkfcmhjejedo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ocponkhpfikgnggeflddgkfcmhjejedo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ocponkhpfikgnggeflddgkfcmhjejedo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ocponkhpfikgnggeflddgkfcmhjejedo", "external_id": "ocponkhpfikgnggeflddgkfcmhjejedo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--75ddb114-2ece-40f9-a2fd-543e33b56a42", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.891632Z", "modified": "2026-06-02T15:57:32.891632Z", "name": "Malicious Extension: \"Lamborghini Super Cars Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Lamborghini Super Cars Wallpaper HD New Tab\" (odoenahafpbigcelejhbkkhnjfleanok)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/odoenahafpbigcelejhbkkhnjfleanok']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:odoenahafpbigcelejhbkkhnjfleanok", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/odoenahafpbigcelejhbkkhnjfleanok", "external_id": "odoenahafpbigcelejhbkkhnjfleanok"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--74766d8e-f02d-4d41-87ba-635c6befbc4a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.892699Z", "modified": "2026-06-02T15:57:32.892699Z", "name": "Malicious Extension: \"Fortnite Drift Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Fortnite Drift Wallpaper HD Custom New Tab\" (oehamnhnpejphgpkgnenefolepinadjj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oehamnhnpejphgpkgnenefolepinadjj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oehamnhnpejphgpkgnenefolepinadjj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oehamnhnpejphgpkgnenefolepinadjj", "external_id": "oehamnhnpejphgpkgnenefolepinadjj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7c36d922-3911-49d4-ae96-a9a2a472f07a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.893759Z", "modified": "2026-06-02T15:57:32.893759Z", "name": "Malicious Extension: \"Rocky Paw Mighty Pups Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Rocky Paw Mighty Pups Wallpaper HD New Tab\" (oejbnchocabaoicconfnbjghebmbfemc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oejbnchocabaoicconfnbjghebmbfemc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oejbnchocabaoicconfnbjghebmbfemc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oejbnchocabaoicconfnbjghebmbfemc", "external_id": "oejbnchocabaoicconfnbjghebmbfemc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--15cfab30-30c9-4c4b-93e4-31364c7aed90", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.894815Z", "modified": "2026-06-02T15:57:32.894815Z", "name": "Malicious Extension: \"Yeezy Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Yeezy Wallpaper HD Custom New Tab\" (oejmcobpfiiladgbfpknibppfnekbolo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oejmcobpfiiladgbfpknibppfnekbolo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oejmcobpfiiladgbfpknibppfnekbolo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oejmcobpfiiladgbfpknibppfnekbolo", "external_id": "oejmcobpfiiladgbfpknibppfnekbolo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6416bf26-6b3f-4234-8e8a-6fef81380a2b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.896053Z", "modified": "2026-06-02T15:57:32.896053Z", "name": "Malicious Extension: \"Wild Animals 3D Neon Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Wild Animals 3D Neon Wallpaper HD New Tab\" (oemkcngaaomgokaclafmkcgcpbfelmnb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oemkcngaaomgokaclafmkcgcpbfelmnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oemkcngaaomgokaclafmkcgcpbfelmnb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oemkcngaaomgokaclafmkcgcpbfelmnb", "external_id": "oemkcngaaomgokaclafmkcgcpbfelmnb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dfd20601-9be7-4e9d-84fe-e400a02e1eea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.897114Z", "modified": "2026-06-02T15:57:32.897114Z", "name": "Malicious Extension: \"Cherry Blossom Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Cherry Blossom Wallpaper HD Custom New Tab\" (ofbfieekadnmifbaoigkcffobkkjblep)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofbfieekadnmifbaoigkcffobkkjblep']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ofbfieekadnmifbaoigkcffobkkjblep", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofbfieekadnmifbaoigkcffobkkjblep", "external_id": "ofbfieekadnmifbaoigkcffobkkjblep"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3a75aa55-641b-4d24-9140-c20cd4168251", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.898162Z", "modified": "2026-06-02T15:57:32.898162Z", "name": "Malicious Extension: \"Audi R8 Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Audi R8 Wallpaper HD Custom New Tab\" (ofgihclaiecmjbfjnajjimdbjnbiimkk)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofgihclaiecmjbfjnajjimdbjnbiimkk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ofgihclaiecmjbfjnajjimdbjnbiimkk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofgihclaiecmjbfjnajjimdbjnbiimkk", "external_id": "ofgihclaiecmjbfjnajjimdbjnbiimkk"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e0b98c3c-71e1-44f9-a1c6-1426483d9d05", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.899228Z", "modified": "2026-06-02T15:57:32.899228Z", "name": "Malicious Extension: \"Art Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Art Wallpaper HD Custom New Tab\" (ofkjndegefemablfmefngnpchlhapdmi)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofkjndegefemablfmefngnpchlhapdmi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ofkjndegefemablfmefngnpchlhapdmi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofkjndegefemablfmefngnpchlhapdmi", "external_id": "ofkjndegefemablfmefngnpchlhapdmi"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--82ce5a61-b2d2-456e-ac51-88602ba85142", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.900288Z", "modified": "2026-06-02T15:57:32.900288Z", "name": "Malicious Extension: \"Custom Super Cars Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Custom Super Cars Wallpaper HD Custom New Tab\" (ofockibbbgfclddbpbhhohdldgkomhgm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofockibbbgfclddbpbhhohdldgkomhgm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ofockibbbgfclddbpbhhohdldgkomhgm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofockibbbgfclddbpbhhohdldgkomhgm", "external_id": "ofockibbbgfclddbpbhhohdldgkomhgm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e964916a-28a6-4a59-b7ed-08f8224e0bb1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.901338Z", "modified": "2026-06-02T15:57:32.901338Z", "name": "Malicious Extension: \"Louis Vuitton Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Louis Vuitton Wallpaper HD Custom New Tab\" (ogegpnamjdpcadpldhijjlhkicgbnkjj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ogegpnamjdpcadpldhijjlhkicgbnkjj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ogegpnamjdpcadpldhijjlhkicgbnkjj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ogegpnamjdpcadpldhijjlhkicgbnkjj", "external_id": "ogegpnamjdpcadpldhijjlhkicgbnkjj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1d369592-bde7-435f-a2dd-96b2cc291b46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.90239Z", "modified": "2026-06-02T15:57:32.90239Z", "name": "Malicious Extension: \"Japan Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Japan Wallpaper HD Custom New Tab\" (ogiaghccmoklogdlbchapejmjnnlichn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ogiaghccmoklogdlbchapejmjnnlichn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ogiaghccmoklogdlbchapejmjnnlichn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ogiaghccmoklogdlbchapejmjnnlichn", "external_id": "ogiaghccmoklogdlbchapejmjnnlichn"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--562d3262-b442-4ba6-9885-ea3bad8d30fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.90474Z", "modified": "2026-06-02T15:57:32.90474Z", "name": "Malicious Extension: \"One Direction Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"One Direction Wallpaper HD Custom New Tab\" (ohjoklkmollkbcibgddolpmpgaoophfl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ohjoklkmollkbcibgddolpmpgaoophfl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ohjoklkmollkbcibgddolpmpgaoophfl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ohjoklkmollkbcibgddolpmpgaoophfl", "external_id": "ohjoklkmollkbcibgddolpmpgaoophfl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3e580037-4c85-44a2-ae78-d6a8a3df652d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.905883Z", "modified": "2026-06-02T15:57:32.905883Z", "name": "Malicious Extension: \"Deathstroke Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Deathstroke Wallpaper HD Custom New Tab\" (ohobkendnpiijpeiaimjbannfcmhaogi)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ohobkendnpiijpeiaimjbannfcmhaogi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ohobkendnpiijpeiaimjbannfcmhaogi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ohobkendnpiijpeiaimjbannfcmhaogi", "external_id": "ohobkendnpiijpeiaimjbannfcmhaogi"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1c9072a3-086c-4a22-90fd-72f589d47933", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.906982Z", "modified": "2026-06-02T15:57:32.906982Z", "name": "Malicious Extension: \"Dachshund Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Dachshund Wallpaper HD Custom New Tab\" (ohoingjkmkkoffkdmbpipdncbkhaaefd)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ohoingjkmkkoffkdmbpipdncbkhaaefd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ohoingjkmkkoffkdmbpipdncbkhaaefd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ohoingjkmkkoffkdmbpipdncbkhaaefd", "external_id": "ohoingjkmkkoffkdmbpipdncbkhaaefd"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--20ea5ab4-c81f-4282-a388-e790aa631f6f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.908084Z", "modified": "2026-06-02T15:57:32.908084Z", "name": "Malicious Extension: \"Dc Comics Shazam Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Dc Comics Shazam Wallpaper HD Custom New Tab\" (oihecidjnjpjfeefkambkjgebbmpahgn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oihecidjnjpjfeefkambkjgebbmpahgn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oihecidjnjpjfeefkambkjgebbmpahgn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oihecidjnjpjfeefkambkjgebbmpahgn", "external_id": "oihecidjnjpjfeefkambkjgebbmpahgn"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b49e2d47-04e0-476d-88d3-0e4faf34f9cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.909154Z", "modified": "2026-06-02T15:57:32.909154Z", "name": "Malicious Extension: \"Santa Claus Christmas Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Santa Claus Christmas Wallpaper HD New Tab\" (oilikkahlcnchaipbojfgejapechblbl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oilikkahlcnchaipbojfgejapechblbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oilikkahlcnchaipbojfgejapechblbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oilikkahlcnchaipbojfgejapechblbl", "external_id": "oilikkahlcnchaipbojfgejapechblbl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4696bf7f-6b41-4d2b-a4ea-c16fc715b464", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.910229Z", "modified": "2026-06-02T15:57:32.910229Z", "name": "Malicious Extension: \"Halloween Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Halloween Wallpaper HD Custom New Tab\" (ojfjgkolegfhneacbgcjaoajfgcfoapf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojfjgkolegfhneacbgcjaoajfgcfoapf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ojfjgkolegfhneacbgcjaoajfgcfoapf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojfjgkolegfhneacbgcjaoajfgcfoapf", "external_id": "ojfjgkolegfhneacbgcjaoajfgcfoapf"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8ff5506a-b18e-487a-9a8f-1c232016c1dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.911326Z", "modified": "2026-06-02T15:57:32.911326Z", "name": "Malicious Extension: \"Cars\"", "description": "Malicious browser extension: \"Cars\" (ojhlagjgjbjfgllocdhlpnkbdlcipnmo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojhlagjgjbjfgllocdhlpnkbdlcipnmo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ojhlagjgjbjfgllocdhlpnkbdlcipnmo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojhlagjgjbjfgllocdhlpnkbdlcipnmo", "external_id": "ojhlagjgjbjfgllocdhlpnkbdlcipnmo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--373e4b6f-2620-4d37-96d9-1bb9f38198f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.912586Z", "modified": "2026-06-02T15:57:32.912586Z", "name": "Malicious Extension: \"God Of War 2018 Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"God Of War 2018 Wallpaper HD Custom New Tab\" (ojmpgbcmiimbkmjfgmcneplkneleehcc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojmpgbcmiimbkmjfgmcneplkneleehcc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ojmpgbcmiimbkmjfgmcneplkneleehcc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojmpgbcmiimbkmjfgmcneplkneleehcc", "external_id": "ojmpgbcmiimbkmjfgmcneplkneleehcc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--607ada71-c582-4a9d-96e2-a6716900180b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.913656Z", "modified": "2026-06-02T15:57:32.913656Z", "name": "Malicious Extension: \"The Incredibles 2 Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"The Incredibles 2 Wallpaper HD Custom New Tab\" (ojnlggfhmoioajgmnelfdpjojaeknjog)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojnlggfhmoioajgmnelfdpjojaeknjog']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ojnlggfhmoioajgmnelfdpjojaeknjog", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojnlggfhmoioajgmnelfdpjojaeknjog", "external_id": "ojnlggfhmoioajgmnelfdpjojaeknjog"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b841b528-8ca5-46e6-a611-9c67add59e43", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.914719Z", "modified": "2026-06-02T15:57:32.914719Z", "name": "Malicious Extension: \"Yeezy Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Yeezy Wallpaper HD Custom New Tab\" (okgnpdnekilbcgcfeheanbpbhnhmopfc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okgnpdnekilbcgcfeheanbpbhnhmopfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:okgnpdnekilbcgcfeheanbpbhnhmopfc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okgnpdnekilbcgcfeheanbpbhnhmopfc", "external_id": "okgnpdnekilbcgcfeheanbpbhnhmopfc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--91530366-a833-4491-b28c-cf3bce58e2d0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.915794Z", "modified": "2026-06-02T15:57:32.915794Z", "name": "Malicious Extension: \"Sao Alicization Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Sao Alicization Wallpaper HD Custom New Tab\" (okjdiicjoeloipmgdopdmhpebnnfadih)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okjdiicjoeloipmgdopdmhpebnnfadih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:okjdiicjoeloipmgdopdmhpebnnfadih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okjdiicjoeloipmgdopdmhpebnnfadih", "external_id": "okjdiicjoeloipmgdopdmhpebnnfadih"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--659e8723-b3d1-4554-afba-3c6b801479ec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.916845Z", "modified": "2026-06-02T15:57:32.916845Z", "name": "Malicious Extension: \"Los Angeles Lakers Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Los Angeles Lakers Wallpaper HD New Tab\" (okphhehkikoonipdjmhglcmlgccjcblp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okphhehkikoonipdjmhglcmlgccjcblp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:okphhehkikoonipdjmhglcmlgccjcblp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okphhehkikoonipdjmhglcmlgccjcblp", "external_id": "okphhehkikoonipdjmhglcmlgccjcblp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a97e14da-3aa4-466d-8f7f-8480027c97a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.917899Z", "modified": "2026-06-02T15:57:32.917899Z", "name": "Malicious Extension: \"Dragon Ball Super Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Dragon Ball Super Wallpaper HD Custom New Tab\" (olochidfgadpdbdmdfbhgimiffnllaij)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/olochidfgadpdbdmdfbhgimiffnllaij']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:olochidfgadpdbdmdfbhgimiffnllaij", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/olochidfgadpdbdmdfbhgimiffnllaij", "external_id": "olochidfgadpdbdmdfbhgimiffnllaij"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e29eac15-9311-4539-ac5c-7cf1d067b72b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.918951Z", "modified": "2026-06-02T15:57:32.918951Z", "name": "Malicious Extension: \"Panda Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Panda Wallpaper HD Custom New Tab\" (ombenndgcnmcnfohnbbjcmbmfmpefojc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ombenndgcnmcnfohnbbjcmbmfmpefojc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ombenndgcnmcnfohnbbjcmbmfmpefojc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ombenndgcnmcnfohnbbjcmbmfmpefojc", "external_id": "ombenndgcnmcnfohnbbjcmbmfmpefojc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e49970c9-641b-46cd-b6f9-bf86b30e6391", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.920189Z", "modified": "2026-06-02T15:57:32.920189Z", "name": "Malicious Extension: \"Fallout 76 Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Fallout 76 Wallpaper HD Custom New Tab\" (omclahaofiigfggelbcleagcphjhabmp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/omclahaofiigfggelbcleagcphjhabmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:omclahaofiigfggelbcleagcphjhabmp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/omclahaofiigfggelbcleagcphjhabmp", "external_id": "omclahaofiigfggelbcleagcphjhabmp"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3a576b61-889e-4bb1-90f4-c0fca9251600", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.921254Z", "modified": "2026-06-02T15:57:32.921254Z", "name": "Malicious Extension: \"Lego Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Lego Wallpaper HD Custom New Tab\" (onjjlcdmafgcjdbhmlnpmheobbfeilah)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/onjjlcdmafgcjdbhmlnpmheobbfeilah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:onjjlcdmafgcjdbhmlnpmheobbfeilah", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/onjjlcdmafgcjdbhmlnpmheobbfeilah", "external_id": "onjjlcdmafgcjdbhmlnpmheobbfeilah"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--27599358-361f-4f7f-bdca-0f21078f0079", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.922302Z", "modified": "2026-06-02T15:57:32.922302Z", "name": "Malicious Extension: \"Daredevil Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Daredevil Wallpaper HD Custom New Tab\" (onnmfhejbikffoenamcfglpjnmmbkdeg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/onnmfhejbikffoenamcfglpjnmmbkdeg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:onnmfhejbikffoenamcfglpjnmmbkdeg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/onnmfhejbikffoenamcfglpjnmmbkdeg", "external_id": "onnmfhejbikffoenamcfglpjnmmbkdeg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--07910348-066b-4f1d-b497-7a215917da7a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.923371Z", "modified": "2026-06-02T15:57:32.923371Z", "name": "Malicious Extension: \"The Vampire Diaries Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"The Vampire Diaries Wallpaper HD New Tab\" (oonheecobachpkogdjjnemiipogpgnmg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oonheecobachpkogdjjnemiipogpgnmg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oonheecobachpkogdjjnemiipogpgnmg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oonheecobachpkogdjjnemiipogpgnmg", "external_id": "oonheecobachpkogdjjnemiipogpgnmg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fa7d3b15-d2c4-46a9-992b-983adc6f3e56", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.924441Z", "modified": "2026-06-02T15:57:32.924441Z", "name": "Malicious Extension: \"Hulk Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Hulk Wallpaper HD Custom New Tab\" (opbobdfddmiemhekjiglckcenhpfdbjm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opbobdfddmiemhekjiglckcenhpfdbjm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opbobdfddmiemhekjiglckcenhpfdbjm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opbobdfddmiemhekjiglckcenhpfdbjm", "external_id": "opbobdfddmiemhekjiglckcenhpfdbjm"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b9858e8b-d0ff-4ce3-a03e-b01f8c4e865f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.925496Z", "modified": "2026-06-02T15:57:32.925496Z", "name": "Malicious Extension: \"Bap Kpop Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bap Kpop Wallpaper HD Custom New Tab\" (opjpfngjbdmgkilopbnapbkbngedcpmj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opjpfngjbdmgkilopbnapbkbngedcpmj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opjpfngjbdmgkilopbnapbkbngedcpmj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opjpfngjbdmgkilopbnapbkbngedcpmj", "external_id": "opjpfngjbdmgkilopbnapbkbngedcpmj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8e013465-b5dd-4cf9-91de-0292066d8435", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.926549Z", "modified": "2026-06-02T15:57:32.926549Z", "name": "Malicious Extension: \"Rwby Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Rwby Wallpaper HD Custom New Tab\" (oplhjpchbbngmpgcpjcbijhfehbhodgi)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oplhjpchbbngmpgcpjcbijhfehbhodgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oplhjpchbbngmpgcpjcbijhfehbhodgi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oplhjpchbbngmpgcpjcbijhfehbhodgi", "external_id": "oplhjpchbbngmpgcpjcbijhfehbhodgi"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--79a31a4c-4652-4fd9-ab96-41a307eb20ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.927779Z", "modified": "2026-06-02T15:57:32.927779Z", "name": "Malicious Extension: \"Live Christmas Snowfall Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Live Christmas Snowfall Wallpaper HD New Tab\" (oppbpkjmehgijcpeddkpbadoidfpcblg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oppbpkjmehgijcpeddkpbadoidfpcblg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oppbpkjmehgijcpeddkpbadoidfpcblg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oppbpkjmehgijcpeddkpbadoidfpcblg", "external_id": "oppbpkjmehgijcpeddkpbadoidfpcblg"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7d6ec043-896d-4012-b143-b69604ccbf91", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.928841Z", "modified": "2026-06-02T15:57:32.928841Z", "name": "Malicious Extension: \"Tesla Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Tesla Wallpaper HD Custom New Tab\" (paddichbcfehpelokpidnagccddbpkin)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/paddichbcfehpelokpidnagccddbpkin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:paddichbcfehpelokpidnagccddbpkin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/paddichbcfehpelokpidnagccddbpkin", "external_id": "paddichbcfehpelokpidnagccddbpkin"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c19a0976-e66d-4df6-a636-e94d7f10039d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.929895Z", "modified": "2026-06-02T15:57:32.929895Z", "name": "Malicious Extension: \"Bts Bangtan Boys Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bts Bangtan Boys Wallpaper HD Custom New Tab\" (pajbempmgmalnfpbnpclkelnhfccikal)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pajbempmgmalnfpbnpclkelnhfccikal']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pajbempmgmalnfpbnpclkelnhfccikal", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pajbempmgmalnfpbnpclkelnhfccikal", "external_id": "pajbempmgmalnfpbnpclkelnhfccikal"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dd42878d-9e1f-4c89-99ac-26afa6980ded", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.93094Z", "modified": "2026-06-02T15:57:32.93094Z", "name": "Malicious Extension: \"Kawaii Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Kawaii Wallpaper HD Custom New Tab\" (pboddlnfegdnifbhepjegnokocjpadpd)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pboddlnfegdnifbhepjegnokocjpadpd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pboddlnfegdnifbhepjegnokocjpadpd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pboddlnfegdnifbhepjegnokocjpadpd", "external_id": "pboddlnfegdnifbhepjegnokocjpadpd"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--04382ad5-dd2c-4a7a-ba05-879f1c87e169", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.931997Z", "modified": "2026-06-02T15:57:32.931997Z", "name": "Malicious Extension: \"Boston Terrier Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Boston Terrier Wallpaper HD Custom New Tab\" (pcbpmbmpjjibcmodpaomahiokikjomgc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pcbpmbmpjjibcmodpaomahiokikjomgc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pcbpmbmpjjibcmodpaomahiokikjomgc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pcbpmbmpjjibcmodpaomahiokikjomgc", "external_id": "pcbpmbmpjjibcmodpaomahiokikjomgc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bbc98abf-cdd2-4ab9-a4fe-9c8efecdb854", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.93305Z", "modified": "2026-06-02T15:57:32.93305Z", "name": "Malicious Extension: \"Ultra Instinct Goku Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Ultra Instinct Goku Wallpaper HD New Tab\" (pcembleiffdccjkcebaodmhgkopipdan)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pcembleiffdccjkcebaodmhgkopipdan']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pcembleiffdccjkcebaodmhgkopipdan", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pcembleiffdccjkcebaodmhgkopipdan", "external_id": "pcembleiffdccjkcebaodmhgkopipdan"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--04496a83-a0ff-4545-836c-fb000fe3a9fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.934106Z", "modified": "2026-06-02T15:57:32.934106Z", "name": "Malicious Extension: \"DBS and Dragon Ball Super\"", "description": "Malicious browser extension: \"DBS and Dragon Ball Super\" (pcgcmplcfdfkkkmaggghdghnlddkpbbo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pcgcmplcfdfkkkmaggghdghnlddkpbbo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pcgcmplcfdfkkkmaggghdghnlddkpbbo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pcgcmplcfdfkkkmaggghdghnlddkpbbo", "external_id": "pcgcmplcfdfkkkmaggghdghnlddkpbbo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--822a4a15-7460-4f10-aa0d-204d8915b02a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.935343Z", "modified": "2026-06-02T15:57:32.935343Z", "name": "Malicious Extension: \"Bmw Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bmw Wallpaper HD Custom New Tab\" (pdhibfagbndnidgfjkhdhlfibdoofbji)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdhibfagbndnidgfjkhdhlfibdoofbji']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdhibfagbndnidgfjkhdhlfibdoofbji", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdhibfagbndnidgfjkhdhlfibdoofbji", "external_id": "pdhibfagbndnidgfjkhdhlfibdoofbji"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--10a535ae-9428-4f52-84c2-a53b2b2d9f66", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.936419Z", "modified": "2026-06-02T15:57:32.936419Z", "name": "Malicious Extension: \"Bentley Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bentley Wallpaper HD Custom New Tab\" (pdloaiifhmlbhhppajjmfpijopfeenoo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdloaiifhmlbhhppajjmfpijopfeenoo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdloaiifhmlbhhppajjmfpijopfeenoo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdloaiifhmlbhhppajjmfpijopfeenoo", "external_id": "pdloaiifhmlbhhppajjmfpijopfeenoo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f2961f20-f006-4564-a739-dcf547e73119", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.937481Z", "modified": "2026-06-02T15:57:32.937481Z", "name": "Malicious Extension: \"Gothic Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Gothic Wallpaper HD Custom New Tab\" (pehnljkefahmlhifockljagcfcpljclc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pehnljkefahmlhifockljagcfcpljclc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pehnljkefahmlhifockljagcfcpljclc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pehnljkefahmlhifockljagcfcpljclc", "external_id": "pehnljkefahmlhifockljagcfcpljclc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--77eecd68-209c-42f2-910b-df342ff7c8b6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.938528Z", "modified": "2026-06-02T15:57:32.938528Z", "name": "Malicious Extension: \"V & Jimin Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"V & Jimin Wallpaper HD Custom New Tab\" (pelnnoacfeaanpmnmacjjnnpgfggekig)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pelnnoacfeaanpmnmacjjnnpgfggekig']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pelnnoacfeaanpmnmacjjnnpgfggekig", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pelnnoacfeaanpmnmacjjnnpgfggekig", "external_id": "pelnnoacfeaanpmnmacjjnnpgfggekig"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c3be3fa6-cad1-40b0-b299-21304b04112d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.940023Z", "modified": "2026-06-02T15:57:32.940023Z", "name": "Malicious Extension: \"Tiger Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Tiger Wallpaper HD Custom New Tab\" (pfekelemlpmelhipncgddloaflehglmb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfekelemlpmelhipncgddloaflehglmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfekelemlpmelhipncgddloaflehglmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfekelemlpmelhipncgddloaflehglmb", "external_id": "pfekelemlpmelhipncgddloaflehglmb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fc4af01a-1afd-4134-93ac-3e879f938416", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.94114Z", "modified": "2026-06-02T15:57:32.94114Z", "name": "Malicious Extension: \"Momo Twice Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Momo Twice Wallpaper HD Custom New Tab\" (pfepcffcdodcancalckiencamnonoebl)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfepcffcdodcancalckiencamnonoebl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfepcffcdodcancalckiencamnonoebl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfepcffcdodcancalckiencamnonoebl", "external_id": "pfepcffcdodcancalckiencamnonoebl"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a5c90964-5e10-4acc-bd3d-22da089ce437", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.942219Z", "modified": "2026-06-02T15:57:32.942219Z", "name": "Malicious Extension: \"Lilo And Stitch Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Lilo And Stitch Wallpaper HD Custom New Tab\" (pfpgpbfndacjjjdlgefggndhionakfmb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfpgpbfndacjjjdlgefggndhionakfmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfpgpbfndacjjjdlgefggndhionakfmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfpgpbfndacjjjdlgefggndhionakfmb", "external_id": "pfpgpbfndacjjjdlgefggndhionakfmb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--79c2b6d8-88f2-4d2f-99d6-499edb2ebb93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.943472Z", "modified": "2026-06-02T15:57:32.943472Z", "name": "Malicious Extension: \"Kpop Big Bang Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Kpop Big Bang Wallpaper HD Custom New Tab\" (pghkmhmjldklacabcgkaaboikfaaogmi)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pghkmhmjldklacabcgkaaboikfaaogmi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pghkmhmjldklacabcgkaaboikfaaogmi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pghkmhmjldklacabcgkaaboikfaaogmi", "external_id": "pghkmhmjldklacabcgkaaboikfaaogmi"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5fb478e5-c3a6-4d6b-90e3-525c95f3665e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.944544Z", "modified": "2026-06-02T15:57:32.944544Z", "name": "Malicious Extension: \"Clash Of Clans Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Clash Of Clans Wallpaper HD Custom New Tab\" (pgilbgknfcnjjblfnjojmcpkggipblci)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgilbgknfcnjjblfnjojmcpkggipblci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgilbgknfcnjjblfnjojmcpkggipblci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgilbgknfcnjjblfnjojmcpkggipblci", "external_id": "pgilbgknfcnjjblfnjojmcpkggipblci"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--32375995-74b9-4cce-9fb3-26dbebce363c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.945595Z", "modified": "2026-06-02T15:57:32.945595Z", "name": "Malicious Extension: \"Bmw Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bmw Wallpaper HD Custom New Tab\" (pgleokbigapafgjodffamlhdkhiagdgb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgleokbigapafgjodffamlhdkhiagdgb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgleokbigapafgjodffamlhdkhiagdgb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgleokbigapafgjodffamlhdkhiagdgb", "external_id": "pgleokbigapafgjodffamlhdkhiagdgb"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ff80c6f6-fe07-4c56-9adb-f8a46a659e4b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.946811Z", "modified": "2026-06-02T15:57:32.946811Z", "name": "Malicious Extension: \"Hulk Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Hulk Wallpaper HD Custom New Tab\" (phkafpikdokjpogdhjpkcgfjpfgnlgeo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/phkafpikdokjpogdhjpkcgfjpfgnlgeo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:phkafpikdokjpogdhjpkcgfjpfgnlgeo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/phkafpikdokjpogdhjpkcgfjpfgnlgeo", "external_id": "phkafpikdokjpogdhjpkcgfjpfgnlgeo"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4116177b-a68e-419e-a6d5-b71ebfdbb098", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.947951Z", "modified": "2026-06-02T15:57:32.947951Z", "name": "Malicious Extension: \"Carolina Panthers Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Carolina Panthers Wallpaper HD Custom New Tab\" (phmogllmicehmpglfobbihoelfidjnpd)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/phmogllmicehmpglfobbihoelfidjnpd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:phmogllmicehmpglfobbihoelfidjnpd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/phmogllmicehmpglfobbihoelfidjnpd", "external_id": "phmogllmicehmpglfobbihoelfidjnpd"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--25859f9c-0559-4207-b890-6815e3a7bf54", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.949059Z", "modified": "2026-06-02T15:57:32.949059Z", "name": "Malicious Extension: \"J-Hope Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"J-Hope Wallpaper HD Custom New Tab\" (pihogmfmhefemijkgmbimkngninbkkce)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pihogmfmhefemijkgmbimkngninbkkce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pihogmfmhefemijkgmbimkngninbkkce", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pihogmfmhefemijkgmbimkngninbkkce", "external_id": "pihogmfmhefemijkgmbimkngninbkkce"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--627b86ca-217b-4c51-a689-80b0dbcc6626", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.950126Z", "modified": "2026-06-02T15:57:32.950126Z", "name": "Malicious Extension: \"Emoji Unicorn Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Emoji Unicorn Wallpaper HD Custom New Tab\" (pilmbpeapchjcnldfomimmcfoigoenoc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pilmbpeapchjcnldfomimmcfoigoenoc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pilmbpeapchjcnldfomimmcfoigoenoc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pilmbpeapchjcnldfomimmcfoigoenoc", "external_id": "pilmbpeapchjcnldfomimmcfoigoenoc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2973d248-c767-4e87-a74b-66dbf614cba1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.951384Z", "modified": "2026-06-02T15:57:32.951384Z", "name": "Malicious Extension: \"Assassination Classroom Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Assassination Classroom Wallpaper HD New Tab\" (pinfndnjmdocmimbeonilpahdaldopjc)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pinfndnjmdocmimbeonilpahdaldopjc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pinfndnjmdocmimbeonilpahdaldopjc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pinfndnjmdocmimbeonilpahdaldopjc", "external_id": "pinfndnjmdocmimbeonilpahdaldopjc"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3355c692-09e9-4fc3-8c21-f8465d4067ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.95246Z", "modified": "2026-06-02T15:57:32.95246Z", "name": "Malicious Extension: \"Forest Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Forest Wallpaper HD Custom New Tab\" (pinkcaefpkjpljfflabpkcgbkpbomdfk)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pinkcaefpkjpljfflabpkcgbkpbomdfk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pinkcaefpkjpljfflabpkcgbkpbomdfk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pinkcaefpkjpljfflabpkcgbkpbomdfk", "external_id": "pinkcaefpkjpljfflabpkcgbkpbomdfk"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--15a12c72-29fc-449e-b068-6ffb61833153", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.953528Z", "modified": "2026-06-02T15:57:32.953528Z", "name": "Malicious Extension: \"Cool Fortnite Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Cool Fortnite Wallpaper HD Custom New Tab\" (pjabdohmcokffcednbgpeoifpdbfgfbj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pjabdohmcokffcednbgpeoifpdbfgfbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pjabdohmcokffcednbgpeoifpdbfgfbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pjabdohmcokffcednbgpeoifpdbfgfbj", "external_id": "pjabdohmcokffcednbgpeoifpdbfgfbj"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--09aaceaf-d5c5-4a7f-aec1-88a684f3fba2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.954588Z", "modified": "2026-06-02T15:57:32.954588Z", "name": "Malicious Extension: \"Harry Potter Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Harry Potter Wallpaper HD Custom New Tab\" (pjjmcpmjocebmjmhdclbiheoideefiad)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pjjmcpmjocebmjmhdclbiheoideefiad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pjjmcpmjocebmjmhdclbiheoideefiad", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pjjmcpmjocebmjmhdclbiheoideefiad", "external_id": "pjjmcpmjocebmjmhdclbiheoideefiad"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bc287f57-a97c-4f2d-b542-6f8ed979cade", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.955655Z", "modified": "2026-06-02T15:57:32.955655Z", "name": "Malicious Extension: \"Code Geass Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Code Geass Wallpaper HD Custom New Tab\" (plcdglhlbmlnfoghfhmbhehapfadedod)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/plcdglhlbmlnfoghfhmbhehapfadedod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:plcdglhlbmlnfoghfhmbhehapfadedod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/plcdglhlbmlnfoghfhmbhehapfadedod", "external_id": "plcdglhlbmlnfoghfhmbhehapfadedod"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b2fce5b5-33b4-4314-8a99-c47d4a838f63", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.956734Z", "modified": "2026-06-02T15:57:32.956734Z", "name": "Malicious Extension: \"Kpop Red Velvet Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Kpop Red Velvet Wallpaper HD Custom New Tab\" (pmdakkjbaeioodmomlmnklahihodjcjk)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmdakkjbaeioodmomlmnklahihodjcjk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmdakkjbaeioodmomlmnklahihodjcjk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmdakkjbaeioodmomlmnklahihodjcjk", "external_id": "pmdakkjbaeioodmomlmnklahihodjcjk"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ff02c203-c7c4-4a4a-8bfb-1451abd5fe65", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.957811Z", "modified": "2026-06-02T15:57:32.957811Z", "name": "Malicious Extension: \"Mac Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Mac Wallpaper HD Custom New Tab\" (pmnpldnflfopbhndkjndecojdpgecckf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmnpldnflfopbhndkjndecojdpgecckf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmnpldnflfopbhndkjndecojdpgecckf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmnpldnflfopbhndkjndecojdpgecckf", "external_id": "pmnpldnflfopbhndkjndecojdpgecckf"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--08411408-c12b-480d-a6f0-b992c953a657", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.95907Z", "modified": "2026-06-02T15:57:32.95907Z", "name": "Malicious Extension: \"Fortnite Skull Trooper Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Fortnite Skull Trooper Wallpaper HD New Tab\" (pnamonkagicmlnalnlcdaoeenhlgdklf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pnamonkagicmlnalnlcdaoeenhlgdklf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pnamonkagicmlnalnlcdaoeenhlgdklf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pnamonkagicmlnalnlcdaoeenhlgdklf", "external_id": "pnamonkagicmlnalnlcdaoeenhlgdklf"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c5ee92fd-30f8-4dae-88c8-6091bba63de8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.960162Z", "modified": "2026-06-02T15:57:32.960162Z", "name": "Malicious Extension: \"Kakashi Hatake Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Kakashi Hatake Wallpaper HD Custom New Tab\" (poeokidblnamjkagggonidcigafaobki)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/poeokidblnamjkagggonidcigafaobki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:poeokidblnamjkagggonidcigafaobki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/poeokidblnamjkagggonidcigafaobki", "external_id": "poeokidblnamjkagggonidcigafaobki"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1c5071fa-7b0f-43df-8b4e-37d16ec163cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.961218Z", "modified": "2026-06-02T15:57:32.961218Z", "name": "Malicious Extension: \"Bts Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Bts Wallpaper HD Custom New Tab\" (pofffhlknjbjolmfoeagdmbbdbjjmeki)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pofffhlknjbjolmfoeagdmbbdbjjmeki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pofffhlknjbjolmfoeagdmbbdbjjmeki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pofffhlknjbjolmfoeagdmbbdbjjmeki", "external_id": "pofffhlknjbjolmfoeagdmbbdbjjmeki"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2dd06cd5-5022-40e8-8577-738d0c12d144", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.962279Z", "modified": "2026-06-02T15:57:32.962279Z", "name": "Malicious Extension: \"James Harden Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"James Harden Wallpaper HD Custom New Tab\" (polgnkadhhhmlahkhhbicledbpklnake)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/polgnkadhhhmlahkhhbicledbpklnake']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:polgnkadhhhmlahkhhbicledbpklnake", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/polgnkadhhhmlahkhhbicledbpklnake", "external_id": "polgnkadhhhmlahkhhbicledbpklnake"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3640a231-4547-4c8b-8ac0-6f3cd00a9a62", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.963353Z", "modified": "2026-06-02T15:57:32.963353Z", "name": "Malicious Extension: \"Muscle Cars Wallpaper HD Custom New Tab\"", "description": "Malicious browser extension: \"Muscle Cars Wallpaper HD Custom New Tab\" (ppicajcmopaimnnikbafgknffbdmomfk)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ppicajcmopaimnnikbafgknffbdmomfk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ppicajcmopaimnnikbafgknffbdmomfk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ppicajcmopaimnnikbafgknffbdmomfk", "external_id": "ppicajcmopaimnnikbafgknffbdmomfk"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a9864065-8285-407d-846b-0f464f9b3054", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.964421Z", "modified": "2026-06-02T15:57:32.964421Z", "name": "Malicious Extension: \"Forntine Battle Ground Wallpaper HD New Tab\"", "description": "Malicious browser extension: \"Forntine Battle Ground Wallpaper HD New Tab\" (ppmbiomgjfenipmnjiiaemcaboaeljil)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ppmbiomgjfenipmnjiiaemcaboaeljil']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-08-04T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ppmbiomgjfenipmnjiiaemcaboaeljil", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ppmbiomgjfenipmnjiiaemcaboaeljil", "external_id": "ppmbiomgjfenipmnjiiaemcaboaeljil"}, {"source_name": "Original Research", "url": "https://adguard.com/en/blog/fake-ad-blockers-part-3.html"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--63e1214e-91b6-4fff-ac9a-d1bdd9fb8b02", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.965449Z", "modified": "2026-06-02T15:57:32.965449Z", "name": "Malicious Extension: \u201cUpVoice\u201d", "description": "Malicious browser extension: \u201cUpVoice\u201d (bmngkajcejghcgafbobemkpjboikmgfi)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bmngkajcejghcgafbobemkpjboikmgfi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bmngkajcejghcgafbobemkpjboikmgfi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bmngkajcejghcgafbobemkpjboikmgfi", "external_id": "bmngkajcejghcgafbobemkpjboikmgfi"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/facebook-sues-two-chrome-extension-makers-for-scraping-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2107b0a0-96f2-456a-9a75-3e7909d5b45a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.96664Z", "modified": "2026-06-02T15:57:32.96664Z", "name": "Malicious Extension: \u201cAds Feed\u201d", "description": "Malicious browser extension: \u201cAds Feed\u201d (deciloopcooglpjhomblbbjeeenohbpg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/deciloopcooglpjhomblbbjeeenohbpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:deciloopcooglpjhomblbbjeeenohbpg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/deciloopcooglpjhomblbbjeeenohbpg", "external_id": "deciloopcooglpjhomblbbjeeenohbpg"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/facebook-sues-two-chrome-extension-makers-for-scraping-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4e9c53ee-755e-4977-a918-5e98ee9709e9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.967669Z", "modified": "2026-06-02T15:57:32.967669Z", "name": "Malicious Extension: \u201cNano Adblocker\u201d", "description": "Malicious browser extension: \u201cNano Adblocker\u201d (gabbbocakeomblphkmmnoamkioajlkfo)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gabbbocakeomblphkmmnoamkioajlkfo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gabbbocakeomblphkmmnoamkioajlkfo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gabbbocakeomblphkmmnoamkioajlkfo", "external_id": "gabbbocakeomblphkmmnoamkioajlkfo"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-two-chrome-ad-blockers-caught-collecting-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8716310a-53dd-4706-aee1-115ca6cd4266", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.968674Z", "modified": "2026-06-02T15:57:32.968674Z", "name": "Malicious Extension: \u201cnano Defender\u201d", "description": "Malicious browser extension: \u201cnano Defender\u201d (ggolfgbegefeeoocgjbmkembbncoadlb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ggolfgbegefeeoocgjbmkembbncoadlb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ggolfgbegefeeoocgjbmkembbncoadlb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ggolfgbegefeeoocgjbmkembbncoadlb", "external_id": "ggolfgbegefeeoocgjbmkembbncoadlb"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/google-removes-two-chrome-ad-blockers-caught-collecting-user-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--35650938-b07a-489c-9aad-83001d093950", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.969732Z", "modified": "2026-06-02T15:57:32.969732Z", "name": "Malicious Extension: \u201cDirect Message for Instagram\u201d", "description": "Malicious browser extension: \u201cDirect Message for Instagram\u201d (mdpgppkombninhkfhaggckdmencplhmg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mdpgppkombninhkfhaggckdmencplhmg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mdpgppkombninhkfhaggckdmencplhmg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mdpgppkombninhkfhaggckdmencplhmg", "external_id": "mdpgppkombninhkfhaggckdmencplhmg"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9361e072-b89b-4779-80a9-aa0a393be894", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.970784Z", "modified": "2026-06-02T15:57:32.970784Z", "name": "Malicious Extension: \u201cDM for Instagram\u201d", "description": "Malicious browser extension: \u201cDM for Instagram\u201d (fgaapohcdolaiaijobecfleiohcfhdfb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fgaapohcdolaiaijobecfleiohcfhdfb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fgaapohcdolaiaijobecfleiohcfhdfb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fgaapohcdolaiaijobecfleiohcfhdfb", "external_id": "fgaapohcdolaiaijobecfleiohcfhdfb"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--82688b9e-8a07-4e7c-82d9-3c298b9016f5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.971854Z", "modified": "2026-06-02T15:57:32.971854Z", "name": "Malicious Extension: \u201cInvisible Mode for Instagram Direct Message\u201d", "description": "Malicious browser extension: \u201cInvisible Mode for Instagram Direct Message\u201d (iibnodnghffmdcebaglfgnfkgemcbchf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iibnodnghffmdcebaglfgnfkgemcbchf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iibnodnghffmdcebaglfgnfkgemcbchf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iibnodnghffmdcebaglfgnfkgemcbchf", "external_id": "iibnodnghffmdcebaglfgnfkgemcbchf"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--100b78eb-fd6e-4d72-98f8-8615733c6dbd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.972916Z", "modified": "2026-06-02T15:57:32.972916Z", "name": "Malicious Extension: \u201cDownloader for Instagram\u201d", "description": "Malicious browser extension: \u201cDownloader for Instagram\u201d (olkpikmlhoaojbbmmpejnimiglejmboe)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/olkpikmlhoaojbbmmpejnimiglejmboe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:olkpikmlhoaojbbmmpejnimiglejmboe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/olkpikmlhoaojbbmmpejnimiglejmboe", "external_id": "olkpikmlhoaojbbmmpejnimiglejmboe"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0fe6ac25-40fa-4a2d-9ff9-d44b1fd2fc0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.974133Z", "modified": "2026-06-02T15:57:32.974133Z", "name": "Malicious Extension: \u201cApp Phone for Instagram\u201d", "description": "Malicious browser extension: \u201cApp Phone for Instagram\u201d (bhfoemlllidnfefgkeaeocnageepbael)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhfoemlllidnfefgkeaeocnageepbael']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bhfoemlllidnfefgkeaeocnageepbael", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhfoemlllidnfefgkeaeocnageepbael", "external_id": "bhfoemlllidnfefgkeaeocnageepbael"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bcb15912-63c4-4167-af8a-877f6046aca5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.975207Z", "modified": "2026-06-02T15:57:32.975207Z", "name": "Malicious Extension: \u201cStories for Instagram\u201d", "description": "Malicious browser extension: \u201cStories for Instagram\u201d (nilbfjdbacfdodpbdondbbkmoigehodg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nilbfjdbacfdodpbdondbbkmoigehodg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nilbfjdbacfdodpbdondbbkmoigehodg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nilbfjdbacfdodpbdondbbkmoigehodg", "external_id": "nilbfjdbacfdodpbdondbbkmoigehodg"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3f9cd545-7d1c-4a76-8566-e68b74b25ac9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.976272Z", "modified": "2026-06-02T15:57:32.976272Z", "name": "Malicious Extension: \u201cUniversal Video Downloader\u201d", "description": "Malicious browser extension: \u201cUniversal Video Downloader\u201d (eikbfklcjampfnmclhjeifbmfkpkfpbn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eikbfklcjampfnmclhjeifbmfkpkfpbn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eikbfklcjampfnmclhjeifbmfkpkfpbn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eikbfklcjampfnmclhjeifbmfkpkfpbn", "external_id": "eikbfklcjampfnmclhjeifbmfkpkfpbn"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c2c8a6a8-0b53-4369-b5ae-b71800156420", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.977324Z", "modified": "2026-06-02T15:57:32.977324Z", "name": "Malicious Extension: \u201cVideo Downloader for FaceBook\u201d", "description": "Malicious browser extension: \u201cVideo Downloader for FaceBook\u201d (pfnmibjifkhhblmdmaocfohebdpfppkf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfnmibjifkhhblmdmaocfohebdpfppkf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfnmibjifkhhblmdmaocfohebdpfppkf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfnmibjifkhhblmdmaocfohebdpfppkf", "external_id": "pfnmibjifkhhblmdmaocfohebdpfppkf"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8dc78e61-f2bd-4933-a7d7-ec82970eeaec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.978387Z", "modified": "2026-06-02T15:57:32.978387Z", "name": "Malicious Extension: \u201cVimeo Video Downloader\u201d", "description": "Malicious browser extension: \u201cVimeo Video Downloader\u201d (cgpbghdbejagejmciefmekcklikpoeel)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cgpbghdbejagejmciefmekcklikpoeel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cgpbghdbejagejmciefmekcklikpoeel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cgpbghdbejagejmciefmekcklikpoeel", "external_id": "cgpbghdbejagejmciefmekcklikpoeel"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--83c10554-3e5f-406f-bc2e-18e4318876ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.979447Z", "modified": "2026-06-02T15:57:32.979447Z", "name": "Malicious Extension: \u201cZoomer for Instagram and FaceBook\u201d", "description": "Malicious browser extension: \u201cZoomer for Instagram and FaceBook\u201d (klejifgmmnkgejbhgmpgajemhlnijlib)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/klejifgmmnkgejbhgmpgajemhlnijlib']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:klejifgmmnkgejbhgmpgajemhlnijlib", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/klejifgmmnkgejbhgmpgajemhlnijlib", "external_id": "klejifgmmnkgejbhgmpgajemhlnijlib"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--74f1e838-e354-45d5-8c39-ef2915f373ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.980508Z", "modified": "2026-06-02T15:57:32.980508Z", "name": "Malicious Extension: \u201cVK Unblock.  Works Fast.\u201d", "description": "Malicious browser extension: \u201cVK Unblock.  Works Fast.\u201d (ceoldlgkhdbnnmojajjgfapagjccblib)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ceoldlgkhdbnnmojajjgfapagjccblib']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ceoldlgkhdbnnmojajjgfapagjccblib", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ceoldlgkhdbnnmojajjgfapagjccblib", "external_id": "ceoldlgkhdbnnmojajjgfapagjccblib"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--10edb76d-9fb8-40d3-97c5-f776aaf1bd1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.981732Z", "modified": "2026-06-02T15:57:32.981732Z", "name": "Malicious Extension: \u201cOdnoklassniki UnBlock.  Works quickly.\u201d", "description": "Malicious browser extension: \u201cOdnoklassniki UnBlock.  Works quickly.\u201d (mnafnfdagggclnaggnjajohakfbppaih)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mnafnfdagggclnaggnjajohakfbppaih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mnafnfdagggclnaggnjajohakfbppaih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mnafnfdagggclnaggnjajohakfbppaih", "external_id": "mnafnfdagggclnaggnjajohakfbppaih"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b269c445-354f-4574-9b63-179d6ec80424", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.98281Z", "modified": "2026-06-02T15:57:32.98281Z", "name": "Malicious Extension: \u201cUploade photo to Instagram\u201d", "description": "Malicious browser extension: \u201cUploade photo to Instagram\u201d (oknpgmaeedlbdichgaghebhiknmghffa)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oknpgmaeedlbdichgaghebhiknmghffa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oknpgmaeedlbdichgaghebhiknmghffa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oknpgmaeedlbdichgaghebhiknmghffa", "external_id": "oknpgmaeedlbdichgaghebhiknmghffa"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8013be3b-b48f-4c9e-9379-b39849a34cdd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.983919Z", "modified": "2026-06-02T15:57:32.983919Z", "name": "Malicious Extension: \u201cSpotify Music Downloader\u201d", "description": "Malicious browser extension: \u201cSpotify Music Downloader\u201d (pcaaejaejpolbbchlmbdjfiggojefllp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pcaaejaejpolbbchlmbdjfiggojefllp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pcaaejaejpolbbchlmbdjfiggojefllp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pcaaejaejpolbbchlmbdjfiggojefllp", "external_id": "pcaaejaejpolbbchlmbdjfiggojefllp"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bd39f6eb-07c2-442b-a8d9-aaa8b74a5d3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.985Z", "modified": "2026-06-02T15:57:32.985Z", "name": "Malicious Extension: \u201cThe New York Times News\u201d", "description": "Malicious browser extension: \u201cThe New York Times News\u201d (lmcajpniijhhhpcnhleibgiehhicjlnk)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmcajpniijhhhpcnhleibgiehhicjlnk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmcajpniijhhhpcnhleibgiehhicjlnk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmcajpniijhhhpcnhleibgiehhicjlnk", "external_id": "lmcajpniijhhhpcnhleibgiehhicjlnk"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1006d4c3-0a59-4177-9049-2bd440a6d7d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.986058Z", "modified": "2026-06-02T15:57:32.986058Z", "name": "Malicious Extension: \u201cDirect Message for Instagram\u201d", "description": "Malicious browser extension: \u201cDirect Message for Instagram\u201d (lnocaphbapmclliacmbbggnfnjojbjgf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lnocaphbapmclliacmbbggnfnjojbjgf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lnocaphbapmclliacmbbggnfnjojbjgf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lnocaphbapmclliacmbbggnfnjojbjgf", "external_id": "lnocaphbapmclliacmbbggnfnjojbjgf"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1524f93a-cd74-4125-b47a-070b71d60397", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.987118Z", "modified": "2026-06-02T15:57:32.987118Z", "name": "Malicious Extension: \u201cInstagram Download Video & Image\u201d", "description": "Malicious browser extension: \u201cInstagram Download Video & Image\u201d (bhcpgfhiobcpokfpdahijhnipenkplji)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhcpgfhiobcpokfpdahijhnipenkplji']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bhcpgfhiobcpokfpdahijhnipenkplji", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhcpgfhiobcpokfpdahijhnipenkplji", "external_id": "bhcpgfhiobcpokfpdahijhnipenkplji"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6ad4273d-807c-4221-914b-9ab34681897a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.988177Z", "modified": "2026-06-02T15:57:32.988177Z", "name": "Malicious Extension: \u201cApp Phone for Instagram\u201d", "description": "Malicious browser extension: \u201cApp Phone for Instagram\u201d (dambkkeeabmnhelekdekfmabnckghdih)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dambkkeeabmnhelekdekfmabnckghdih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dambkkeeabmnhelekdekfmabnckghdih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dambkkeeabmnhelekdekfmabnckghdih", "external_id": "dambkkeeabmnhelekdekfmabnckghdih"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5008fa61-4872-4473-846a-3f75929c4ef3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.98941Z", "modified": "2026-06-02T15:57:32.98941Z", "name": "Malicious Extension: \u201cUniversal Video Downloader\u201d", "description": "Malicious browser extension: \u201cUniversal Video Downloader\u201d (dgjmdlifhbljhmgkjbojeejmeeplapej)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dgjmdlifhbljhmgkjbojeejmeeplapej']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dgjmdlifhbljhmgkjbojeejmeeplapej", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dgjmdlifhbljhmgkjbojeejmeeplapej", "external_id": "dgjmdlifhbljhmgkjbojeejmeeplapej"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--48a10458-885c-42b9-98da-9bd941bd08b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.990474Z", "modified": "2026-06-02T15:57:32.990474Z", "name": "Malicious Extension: \u201cVideo Downloader for FaceBook\u201d", "description": "Malicious browser extension: \u201cVideo Downloader for FaceBook\u201d (emechknidkghbpiodihlodkhnljplpjm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/emechknidkghbpiodihlodkhnljplpjm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:emechknidkghbpiodihlodkhnljplpjm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/emechknidkghbpiodihlodkhnljplpjm", "external_id": "emechknidkghbpiodihlodkhnljplpjm"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--597bd74c-6d41-449a-8e09-d353af75cace", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.99155Z", "modified": "2026-06-02T15:57:32.99155Z", "name": "Malicious Extension: \u201cVimeo Video Downloader\u201d", "description": "Malicious browser extension: \u201cVimeo Video Downloader\u201d (hajlccgbgjdcjaommiffaphjdndpjcio)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hajlccgbgjdcjaommiffaphjdndpjcio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hajlccgbgjdcjaommiffaphjdndpjcio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hajlccgbgjdcjaommiffaphjdndpjcio", "external_id": "hajlccgbgjdcjaommiffaphjdndpjcio"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2775d4ea-837b-4a8a-adb5-79bc9268af46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.992615Z", "modified": "2026-06-02T15:57:32.992615Z", "name": "Malicious Extension: \u201cVolume Controller\u201d", "description": "Malicious browser extension: \u201cVolume Controller\u201d (dljdbmkffjijepjnkonndbdiakjfdcic)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dljdbmkffjijepjnkonndbdiakjfdcic']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dljdbmkffjijepjnkonndbdiakjfdcic", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dljdbmkffjijepjnkonndbdiakjfdcic", "external_id": "dljdbmkffjijepjnkonndbdiakjfdcic"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6c6b3ca6-4cc8-435e-b084-c3545f1ae079", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.993675Z", "modified": "2026-06-02T15:57:32.993675Z", "name": "Malicious Extension: \u201cStories for Instagram\u201d", "description": "Malicious browser extension: \u201cStories for Instagram\u201d (cjmpdadldchjmljhkigoeejegmghaabp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cjmpdadldchjmljhkigoeejegmghaabp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cjmpdadldchjmljhkigoeejegmghaabp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cjmpdadldchjmljhkigoeejegmghaabp", "external_id": "cjmpdadldchjmljhkigoeejegmghaabp"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--323526dc-bf4e-4125-96f8-862df07d7839", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.994721Z", "modified": "2026-06-02T15:57:32.994721Z", "name": "Malicious Extension: \u201cUpload photo to Instagram\u201d", "description": "Malicious browser extension: \u201cUpload photo to Instagram\u201d (jlkfgpiicpnlbmmmpkpdjkkdolgomhmb)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jlkfgpiicpnlbmmmpkpdjkkdolgomhmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jlkfgpiicpnlbmmmpkpdjkkdolgomhmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jlkfgpiicpnlbmmmpkpdjkkdolgomhmb", "external_id": "jlkfgpiicpnlbmmmpkpdjkkdolgomhmb"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e47043b0-52f5-47ec-addc-5522f56e1c38", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.995814Z", "modified": "2026-06-02T15:57:32.995814Z", "name": "Malicious Extension: \u201cPretty Kitty, The Cat Pet\u201d", "description": "Malicious browser extension: \u201cPretty Kitty, The Cat Pet\u201d (njdkgjbjmdceaibhngelkkloceihelle)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njdkgjbjmdceaibhngelkkloceihelle']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njdkgjbjmdceaibhngelkkloceihelle", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njdkgjbjmdceaibhngelkkloceihelle", "external_id": "njdkgjbjmdceaibhngelkkloceihelle"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5a69593f-3ec0-4802-bdf9-546dabb2488e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.998133Z", "modified": "2026-06-02T15:57:32.998133Z", "name": "Malicious Extension: \u201cVideo Downloader for YouTube\u201d", "description": "Malicious browser extension: \u201cVideo Downloader for YouTube\u201d (phoehhafolaebdpimmbmlofmeibdkckp)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/phoehhafolaebdpimmbmlofmeibdkckp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:phoehhafolaebdpimmbmlofmeibdkckp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/phoehhafolaebdpimmbmlofmeibdkckp", "external_id": "phoehhafolaebdpimmbmlofmeibdkckp"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--372a3e42-58b6-422a-89d5-8831ea8d9078", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.999273Z", "modified": "2026-06-02T15:57:32.999273Z", "name": "Malicious Extension: \u201cSoundCloud Music Downloader\u201d", "description": "Malicious browser extension: \u201cSoundCloud Music Downloader\u201d (pccfaccnfkjmdlkollpiaialndbieibj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pccfaccnfkjmdlkollpiaialndbieibj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pccfaccnfkjmdlkollpiaialndbieibj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pccfaccnfkjmdlkollpiaialndbieibj", "external_id": "pccfaccnfkjmdlkollpiaialndbieibj"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4d9ad368-a90d-43af-8303-7e4e7cd879a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.000449Z", "modified": "2026-06-02T15:57:33.000449Z", "name": "Malicious Extension: \u201cInstagram App with Direct Message DM\u201d", "description": "Malicious browser extension: \u201cInstagram App with Direct Message DM\u201d (fbhbpnjkpcdmcgcpfilooccjgemlkinn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbhbpnjkpcdmcgcpfilooccjgemlkinn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-17T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fbhbpnjkpcdmcgcpfilooccjgemlkinn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbhbpnjkpcdmcgcpfilooccjgemlkinn", "external_id": "fbhbpnjkpcdmcgcpfilooccjgemlkinn"}, {"source_name": "Original Research", "url": "https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware"}, {"source_name": "Article", "url": "https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--31efa162-85be-4821-aeff-52b6b1d8bc66", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.004224Z", "modified": "2026-06-02T15:57:33.004224Z", "name": "Malicious Extension: \u201cWeb for Instagram plus DM\u201d", "description": "Malicious browser extension: \u201cWeb for Instagram plus DM\u201d (dppilebghcniomddkpphiminideiajff)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dppilebghcniomddkpphiminideiajff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dppilebghcniomddkpphiminideiajff", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dppilebghcniomddkpphiminideiajff", "external_id": "dppilebghcniomddkpphiminideiajff"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/facebook-sues-makers-of-malicious-chrome-extensions-for-scraping-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--318df890-f9ce-40d3-a72f-19c742737b61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.007581Z", "modified": "2026-06-02T15:57:33.007581Z", "name": "Malicious Extension: \u201cBlue Messenger\u201d", "description": "Malicious browser extension: \u201cBlue Messenger\u201d (ojmbbkdflpfjdceflikpkbbmmbfagglg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojmbbkdflpfjdceflikpkbbmmbfagglg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ojmbbkdflpfjdceflikpkbbmmbfagglg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojmbbkdflpfjdceflikpkbbmmbfagglg", "external_id": "ojmbbkdflpfjdceflikpkbbmmbfagglg"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/facebook-sues-makers-of-malicious-chrome-extensions-for-scraping-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--71ee6364-6ff7-48fa-9576-733fdb987933", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.0091Z", "modified": "2026-06-02T15:57:33.0091Z", "name": "Malicious Extension: \u201cEmoji keyboard\u201d", "description": "Malicious browser extension: \u201cEmoji keyboard\u201d (chmaijbnjdnkjknoigffoohjhpejjppd)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/chmaijbnjdnkjknoigffoohjhpejjppd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:chmaijbnjdnkjknoigffoohjhpejjppd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/chmaijbnjdnkjknoigffoohjhpejjppd", "external_id": "chmaijbnjdnkjknoigffoohjhpejjppd"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/facebook-sues-makers-of-malicious-chrome-extensions-for-scraping-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2a83ce24-ec79-4996-973e-80dca8b801ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.011468Z", "modified": "2026-06-02T15:57:33.011468Z", "name": "Malicious Extension: \u201cGreen Messenger\u201d", "description": "Malicious browser extension: \u201cGreen Messenger\u201d (jhcfnojahmdghhebdaoijngclknfkbjn)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jhcfnojahmdghhebdaoijngclknfkbjn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jhcfnojahmdghhebdaoijngclknfkbjn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jhcfnojahmdghhebdaoijngclknfkbjn", "external_id": "jhcfnojahmdghhebdaoijngclknfkbjn"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/facebook-sues-makers-of-malicious-chrome-extensions-for-scraping-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fd8e3318-c983-44f3-b887-6bf67d87677e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.013602Z", "modified": "2026-06-02T15:57:33.013602Z", "name": "Malicious Extension: \u201c\u0421\u043a\u0430\u0447\u0430\u0442\u044c \u0444\u043e\u0442\u043e \u0438 \u0432\u0438\u0434\u0435\u043e \u0438\u0437 Instagram\u201d", "description": "Malicious browser extension: \u201c\u0421\u043a\u0430\u0447\u0430\u0442\u044c \u0444\u043e\u0442\u043e \u0438 \u0432\u0438\u0434\u0435\u043e \u0438\u0437 Instagram\u201d (akdbogfpgohikflhccclloneidjkogog)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akdbogfpgohikflhccclloneidjkogog']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:akdbogfpgohikflhccclloneidjkogog", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akdbogfpgohikflhccclloneidjkogog", "external_id": "akdbogfpgohikflhccclloneidjkogog"}, {"source_name": "Original Research", "url": "https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a4927a7d-d467-47c6-bb41-8131f0ebdaff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.014967Z", "modified": "2026-06-02T15:57:33.014967Z", "name": "Malicious Extension: \u201cFORBES\u201d", "description": "Malicious browser extension: \u201cFORBES\u201d (lgjogljbnbfjcaigalbhiagkboajmkkj)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lgjogljbnbfjcaigalbhiagkboajmkkj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lgjogljbnbfjcaigalbhiagkboajmkkj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lgjogljbnbfjcaigalbhiagkboajmkkj", "external_id": "lgjogljbnbfjcaigalbhiagkboajmkkj"}, {"source_name": "Original Research", "url": "https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d50236a3-89a2-45e0-9604-51553eb1cec3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.016247Z", "modified": "2026-06-02T15:57:33.016247Z", "name": "Malicious Extension: \u201cDownloader for Instagram\u201d", "description": "Malicious browser extension: \u201cDownloader for Instagram\u201d (aemaecahdckfllfldhgimjhdgiaahean)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aemaecahdckfllfldhgimjhdgiaahean']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aemaecahdckfllfldhgimjhdgiaahean", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aemaecahdckfllfldhgimjhdgiaahean", "external_id": "aemaecahdckfllfldhgimjhdgiaahean"}, {"source_name": "Original Research", "url": "https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--586079ed-fe99-4e4b-94a7-59ce33535626", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.017455Z", "modified": "2026-06-02T15:57:33.017455Z", "name": "Malicious Extension: \u201cThe Great Suspender\u201d", "description": "Malicious browser extension: \u201cThe Great Suspender\u201d (klbibkeccnjlkjkiokjodocebajanakg)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/klbibkeccnjlkjkiokjodocebajanakg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-05T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:klbibkeccnjlkjkiokjodocebajanakg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/klbibkeccnjlkjkiokjodocebajanakg", "external_id": "klbibkeccnjlkjkiokjodocebajanakg"}, {"source_name": "Original Research", "url": "https://www.xda-developers.com/google-chrome-the-great-suspender-malware/"}, {"source_name": "Article", "url": "https://lifehacker.com/ditch-the-great-suspender-before-it-becomes-a-security-1845989664"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--23a6edbd-f5e9-4f83-be3e-beb7673f48e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.018596Z", "modified": "2026-06-02T15:57:33.018596Z", "name": "Malicious Extension: \u201cForcepoint Endpoint for Windows\u201d", "description": "Malicious browser extension: \u201cForcepoint Endpoint for Windows\u201d (fmfjhicbjecfchfmpelfnifijeigelme)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmfjhicbjecfchfmpelfnifijeigelme']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-05T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmfjhicbjecfchfmpelfnifijeigelme", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmfjhicbjecfchfmpelfnifijeigelme", "external_id": "fmfjhicbjecfchfmpelfnifijeigelme"}, {"source_name": "Original Research", "url": "https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-extension-abuses-chrome-sync-to-steal-users-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--887809d7-cc24-4257-b90f-3829b294d202", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.020066Z", "modified": "2026-06-02T15:57:33.020066Z", "name": "Malicious Extension: \u201cVDP:  Best Video Downloader\u201d", "description": "Malicious browser extension: \u201cVDP:  Best Video Downloader\u201d (acdfdofofabmipgcolilkfhnpoclgpdd) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acdfdofofabmipgcolilkfhnpoclgpdd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:acdfdofofabmipgcolilkfhnpoclgpdd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acdfdofofabmipgcolilkfhnpoclgpdd", "external_id": "acdfdofofabmipgcolilkfhnpoclgpdd"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e0f681f2-70dd-4c44-ac7d-3a3938104a05", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.021171Z", "modified": "2026-06-02T15:57:33.021171Z", "name": "Malicious Extension: \u201cY2mate\u201d", "description": "Malicious browser extension: \u201cY2mate\u201d (oobppndjaabcidladjeehddkgkccfcpn) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oobppndjaabcidladjeehddkgkccfcpn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oobppndjaabcidladjeehddkgkccfcpn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oobppndjaabcidladjeehddkgkccfcpn", "external_id": "oobppndjaabcidladjeehddkgkccfcpn"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--55c2cd89-72e2-4426-aea2-61f9787ab8ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.022458Z", "modified": "2026-06-02T15:57:33.022458Z", "name": "Malicious Extension: ", "description": "Malicious browser extension:  (aonedlchkbicmhepimiahfalheedjgbh) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aonedlchkbicmhepimiahfalheedjgbh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aonedlchkbicmhepimiahfalheedjgbh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aonedlchkbicmhepimiahfalheedjgbh", "external_id": "aonedlchkbicmhepimiahfalheedjgbh"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4d8c2e63-88b6-4dc1-92b4-821f506df54d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.023568Z", "modified": "2026-06-02T15:57:33.023568Z", "name": "Malicious Extension: \u201cRadioGaGa\u201d", "description": "Malicious browser extension: \u201cRadioGaGa\u201d (aoeacblfmdamdejeiaepojbhohhkmkjh) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aoeacblfmdamdejeiaepojbhohhkmkjh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aoeacblfmdamdejeiaepojbhohhkmkjh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aoeacblfmdamdejeiaepojbhohhkmkjh", "external_id": "aoeacblfmdamdejeiaepojbhohhkmkjh"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c985ca96-a8b1-4935-bcea-075e3a82e376", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.024648Z", "modified": "2026-06-02T15:57:33.024648Z", "name": "Malicious Extension: \u201cSavematik\u201d", "description": "Malicious browser extension: \u201cSavematik\u201d (eoeoincjhpflnpdaiemgbboknhkblome) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eoeoincjhpflnpdaiemgbboknhkblome']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eoeoincjhpflnpdaiemgbboknhkblome", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eoeoincjhpflnpdaiemgbboknhkblome", "external_id": "eoeoincjhpflnpdaiemgbboknhkblome"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--735f296e-efac-4470-bd65-e24e71c75833", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.025721Z", "modified": "2026-06-02T15:57:33.025721Z", "name": "Malicious Extension: ", "description": "Malicious browser extension:  (onbkopaoemachfglhlpomhbpofepfpom) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/onbkopaoemachfglhlpomhbpofepfpom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:onbkopaoemachfglhlpomhbpofepfpom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/onbkopaoemachfglhlpomhbpofepfpom", "external_id": "onbkopaoemachfglhlpomhbpofepfpom"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b3076906-89ae-4e46-bc90-f06ec141a9d3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.026805Z", "modified": "2026-06-02T15:57:33.026805Z", "name": "Malicious Extension: ", "description": "Malicious browser extension:  (inlgdellfblpplcogjfedlhjnpgafnia) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/inlgdellfblpplcogjfedlhjnpgafnia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:inlgdellfblpplcogjfedlhjnpgafnia", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/inlgdellfblpplcogjfedlhjnpgafnia", "external_id": "inlgdellfblpplcogjfedlhjnpgafnia"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5e7e59a8-08f5-4a9e-bfe0-82898c86a738", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.027893Z", "modified": "2026-06-02T15:57:33.027893Z", "name": "Malicious Extension: \u201cStylebot\u201d", "description": "Malicious browser extension: \u201cStylebot\u201d (ejfajpmpabphhkcacijnhggimhelopfg) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ejfajpmpabphhkcacijnhggimhelopfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ejfajpmpabphhkcacijnhggimhelopfg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ejfajpmpabphhkcacijnhggimhelopfg", "external_id": "ejfajpmpabphhkcacijnhggimhelopfg"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--86dfb69f-4585-47bd-8ff0-90a268373e61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.028967Z", "modified": "2026-06-02T15:57:33.028967Z", "name": "Malicious Extension: \u201cCoupons at Checkout\u201d", "description": "Malicious browser extension: \u201cCoupons at Checkout\u201d (pgjndpcilbcanlnhhjmhjalilcmoicjc) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgjndpcilbcanlnhhjmhjalilcmoicjc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgjndpcilbcanlnhhjmhjalilcmoicjc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgjndpcilbcanlnhhjmhjalilcmoicjc", "external_id": "pgjndpcilbcanlnhhjmhjalilcmoicjc"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1be6d9ed-5aa9-4f6b-a770-69d19046906f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.030205Z", "modified": "2026-06-02T15:57:33.030205Z", "name": "Malicious Extension: ", "description": "Malicious browser extension:  (napifgkjbjeodgmfjmgncljmnmdefpbf) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/napifgkjbjeodgmfjmgncljmnmdefpbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:napifgkjbjeodgmfjmgncljmnmdefpbf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/napifgkjbjeodgmfjmgncljmnmdefpbf", "external_id": "napifgkjbjeodgmfjmgncljmnmdefpbf"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--112771f2-3480-477d-8471-37c4757f8ded", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.031325Z", "modified": "2026-06-02T15:57:33.031325Z", "name": "Malicious Extension: ", "description": "Malicious browser extension:  (glgemekgfjppocilabhlcbngobillcgf)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/glgemekgfjppocilabhlcbngobillcgf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:glgemekgfjppocilabhlcbngobillcgf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/glgemekgfjppocilabhlcbngobillcgf", "external_id": "glgemekgfjppocilabhlcbngobillcgf"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ed44068d-2660-40a8-8e8b-527a8e6e2ad2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.032412Z", "modified": "2026-06-02T15:57:33.032412Z", "name": "Malicious Extension: \u201cStylebot\u201d", "description": "Malicious browser extension: \u201cStylebot\u201d (klmjcelobglnhnbfpmlbgnoeippfhhil) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/klmjcelobglnhnbfpmlbgnoeippfhhil']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:klmjcelobglnhnbfpmlbgnoeippfhhil", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/klmjcelobglnhnbfpmlbgnoeippfhhil", "external_id": "klmjcelobglnhnbfpmlbgnoeippfhhil"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1543c1a7-c50a-47a4-99a7-4f6940fdd7c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.033484Z", "modified": "2026-06-02T15:57:33.033484Z", "name": "Malicious Extension: \u201cStylebot\u201d", "description": "Malicious browser extension: \u201cStylebot\u201d (ldbfffpdfgghehkkckifnjhoncdgjkib)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldbfffpdfgghehkkckifnjhoncdgjkib']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ldbfffpdfgghehkkckifnjhoncdgjkib", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldbfffpdfgghehkkckifnjhoncdgjkib", "external_id": "ldbfffpdfgghehkkckifnjhoncdgjkib"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4e0fcf49-06ae-4c41-af1b-07a767f68a00", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.034561Z", "modified": "2026-06-02T15:57:33.034561Z", "name": "Malicious Extension: \u201cfriGate CDN\u201d", "description": "Malicious browser extension: \u201cfriGate CDN\u201d (mbacbcfdfaapbcnlnbmciiaakomhkbkb) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mbacbcfdfaapbcnlnbmciiaakomhkbkb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mbacbcfdfaapbcnlnbmciiaakomhkbkb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mbacbcfdfaapbcnlnbmciiaakomhkbkb", "external_id": "mbacbcfdfaapbcnlnbmciiaakomhkbkb"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ae145d01-7503-4221-9331-54d6e91d73d5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.035654Z", "modified": "2026-06-02T15:57:33.035654Z", "name": "Malicious Extension: \u201cfrigate-light\u201d", "description": "Malicious browser extension: \u201cfrigate-light\u201d (mdnmhbnbebabimcjggckeoibchhckemm)", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mdnmhbnbebabimcjggckeoibchhckemm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mdnmhbnbebabimcjggckeoibchhckemm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mdnmhbnbebabimcjggckeoibchhckemm", "external_id": "mdnmhbnbebabimcjggckeoibchhckemm"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f9bfa2af-c326-445a-865d-84c8ffe7d601", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.036725Z", "modified": "2026-06-02T15:57:33.036725Z", "name": "Malicious Extension: \u201cSaveFrom.net helper\u201d", "description": "Malicious browser extension: \u201cSaveFrom.net helper\u201d (lfedlgnabjompjngkpddclhgcmeklana) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lfedlgnabjompjngkpddclhgcmeklana']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lfedlgnabjompjngkpddclhgcmeklana", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lfedlgnabjompjngkpddclhgcmeklana", "external_id": "lfedlgnabjompjngkpddclhgcmeklana"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--739b0bdb-f0ef-4eec-812b-9ae7448db7f8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.03797Z", "modified": "2026-06-02T15:57:33.03797Z", "name": "Malicious Extension: ", "description": "Malicious browser extension:  (mdpljndcmbeikfnlflcggaipgnhiedbl) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mdpljndcmbeikfnlflcggaipgnhiedbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mdpljndcmbeikfnlflcggaipgnhiedbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mdpljndcmbeikfnlflcggaipgnhiedbl", "external_id": "mdpljndcmbeikfnlflcggaipgnhiedbl"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fc179766-1a3b-4754-8de5-aa34afaf2afa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.03905Z", "modified": "2026-06-02T15:57:33.03905Z", "name": "Malicious Extension: ", "description": "Malicious browser extension:  (npdpplbicnmpoigidfdjadamgfkilaak) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/npdpplbicnmpoigidfdjadamgfkilaak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:npdpplbicnmpoigidfdjadamgfkilaak", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/npdpplbicnmpoigidfdjadamgfkilaak", "external_id": "npdpplbicnmpoigidfdjadamgfkilaak"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8ae02bbf-1f66-4031-b1a5-4b5d7b861b89", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.04015Z", "modified": "2026-06-02T15:57:33.04015Z", "name": "Malicious Extension: ", "description": "Malicious browser extension:  (ibehiiilehaakkhkigckfjfknboalpbe) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ibehiiilehaakkhkigckfjfknboalpbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ibehiiilehaakkhkigckfjfknboalpbe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ibehiiilehaakkhkigckfjfknboalpbe", "external_id": "ibehiiilehaakkhkigckfjfknboalpbe"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d06dc9b9-b1af-49cc-99f4-494667ebb883", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.041226Z", "modified": "2026-06-02T15:57:33.041226Z", "name": "Malicious Extension: ", "description": "Malicious browser extension:  (lalpacfpfnobgdkbbpggecolckiffhoi) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lalpacfpfnobgdkbbpggecolckiffhoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lalpacfpfnobgdkbbpggecolckiffhoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lalpacfpfnobgdkbbpggecolckiffhoi", "external_id": "lalpacfpfnobgdkbbpggecolckiffhoi"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fc1813ae-ec38-43fe-8584-5b6f30732308", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.042285Z", "modified": "2026-06-02T15:57:33.042285Z", "name": "Malicious Extension: \u201cfriGate3 proxy helper\u201d", "description": "Malicious browser extension: \u201cfriGate3 proxy helper\u201d (hdbipekpdpggjaipompnomhccfemaljm) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdbipekpdpggjaipompnomhccfemaljm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdbipekpdpggjaipompnomhccfemaljm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdbipekpdpggjaipompnomhccfemaljm", "external_id": "hdbipekpdpggjaipompnomhccfemaljm"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6dc6f03c-1401-4a7e-85dc-bc5dca08b563", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.043357Z", "modified": "2026-06-02T15:57:33.043357Z", "name": "Malicious Extension: \u201cVK Music Downloader\u201d", "description": "Malicious browser extension: \u201cVK Music Downloader\u201d (gfjocjagfinihkkaahliainflifnlnfc) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gfjocjagfinihkkaahliainflifnlnfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gfjocjagfinihkkaahliainflifnlnfc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gfjocjagfinihkkaahliainflifnlnfc", "external_id": "gfjocjagfinihkkaahliainflifnlnfc"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--94857a50-498e-4edb-9ba3-8c0a577e13ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.044433Z", "modified": "2026-06-02T15:57:33.044433Z", "name": "Malicious Extension: ", "description": "Malicious browser extension:  (ickfamnaffmfjgecbbnhecdnmjknblic) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ickfamnaffmfjgecbbnhecdnmjknblic']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ickfamnaffmfjgecbbnhecdnmjknblic", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ickfamnaffmfjgecbbnhecdnmjknblic", "external_id": "ickfamnaffmfjgecbbnhecdnmjknblic"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--051e8d44-f205-44e9-bf25-99c9e4045ef2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.045667Z", "modified": "2026-06-02T15:57:33.045667Z", "name": "Malicious Extension: ", "description": "Malicious browser extension:  (bmcnncbmipphlkdmgfbipbanmmfdamkd) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bmcnncbmipphlkdmgfbipbanmmfdamkd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bmcnncbmipphlkdmgfbipbanmmfdamkd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bmcnncbmipphlkdmgfbipbanmmfdamkd", "external_id": "bmcnncbmipphlkdmgfbipbanmmfdamkd"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--60800edb-d4b6-4726-905d-743dc82b2b4e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.046735Z", "modified": "2026-06-02T15:57:33.046735Z", "name": "Malicious Extension: ", "description": "Malicious browser extension:  (miejmllodobdobgjbeonandkjhnhpjbn) \u201cThese extensions have not all been confirmed to be malicious by other third-party researchers.  EXT-NAME was a best effort and could be wrong.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/miejmllodobdobgjbeonandkjhnhpjbn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:miejmllodobdobgjbeonandkjhnhpjbn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/miejmllodobdobgjbeonandkjhnhpjbn", "external_id": "miejmllodobdobgjbeonandkjhnhpjbn"}, {"source_name": "Original Research", "url": "https://habr.com/en/company/yandex/blog/534586/"}, {"source_name": "Article", "url": "https://www.kaspersky.com/blog/chrome-plugins-alert/38242/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--878562f9-fff2-4e70-bcee-f7ad0453af68", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.048106Z", "modified": "2026-06-02T15:57:33.048106Z", "name": "Malicious Extension: \u201cMicrosoft Authenticator\u201d", "description": "Malicious browser extension: \u201cMicrosoft Authenticator\u201d (mabdjppmcjpjploliggpbonahnjjlgkf) \u201cThe extension was \u2018Offered by:  Extensions\u2019 in the Chrome Web Store and is the easy giveaway.\u201d", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mabdjppmcjpjploliggpbonahnjjlgkf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mabdjppmcjpjploliggpbonahnjjlgkf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mabdjppmcjpjploliggpbonahnjjlgkf", "external_id": "mabdjppmcjpjploliggpbonahnjjlgkf"}, {"source_name": "Article", "url": "https://www.ghacks.net/2021/05/18/dont-download-this-microsoft-authenticator-extension-for-chrome-it-is-fake/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--75dd18fb-e6c0-4575-8c4b-0a46188e359d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.049507Z", "modified": "2026-06-02T15:57:33.049507Z", "name": "Malicious Extension: Cyberhaven Security Extension", "description": "Malicious browser extension: Cyberhaven Security Extension (nnpnnpemnckcfdebeekibpiijlicmpom) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-25.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nnpnnpemnckcfdebeekibpiijlicmpom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nnpnnpemnckcfdebeekibpiijlicmpom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nnpnnpemnckcfdebeekibpiijlicmpom", "external_id": "nnpnnpemnckcfdebeekibpiijlicmpom"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--17683287-7097-4098-9d97-4f333bb1995c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.050584Z", "modified": "2026-06-02T15:57:33.050584Z", "name": "Malicious Extension: VPNCity", "description": "Malicious browser extension: VPNCity (kkodiihpgodmdankclfibbiphjkfdenh) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-12.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kkodiihpgodmdankclfibbiphjkfdenh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kkodiihpgodmdankclfibbiphjkfdenh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kkodiihpgodmdankclfibbiphjkfdenh", "external_id": "kkodiihpgodmdankclfibbiphjkfdenh"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b7b57d08-b201-41b9-b8f5-c9eb5a58adde", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.051683Z", "modified": "2026-06-02T15:57:33.051683Z", "name": "Malicious Extension: Uvoice", "description": "Malicious browser extension: Uvoice (oaikpkmjciadfpddlpjjdapglcihgdle) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oaikpkmjciadfpddlpjjdapglcihgdle']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:oaikpkmjciadfpddlpjjdapglcihgdle", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oaikpkmjciadfpddlpjjdapglcihgdle", "external_id": "oaikpkmjciadfpddlpjjdapglcihgdle"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--deb4922c-63e4-414a-9adf-5e857aa88f53", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.05277Z", "modified": "2026-06-02T15:57:33.05277Z", "name": "Malicious Extension: Internxt VPN", "description": "Malicious browser extension: Internxt VPN (dpggmcodlahmljkhlmpgpdcffdaoccni) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dpggmcodlahmljkhlmpgpdcffdaoccni']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dpggmcodlahmljkhlmpgpdcffdaoccni", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dpggmcodlahmljkhlmpgpdcffdaoccni", "external_id": "dpggmcodlahmljkhlmpgpdcffdaoccni"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--95b7cd5c-6afe-40cf-b59a-5dd64e279216", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.054012Z", "modified": "2026-06-02T15:57:33.054012Z", "name": "Malicious Extension: Wayin AI", "description": "Malicious browser extension: Wayin AI (acmfnomgphggonodopogfbmkneepfgnh) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acmfnomgphggonodopogfbmkneepfgnh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:acmfnomgphggonodopogfbmkneepfgnh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acmfnomgphggonodopogfbmkneepfgnh", "external_id": "acmfnomgphggonodopogfbmkneepfgnh"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fa96dc4a-bf3b-41d9-8032-98df0f3bcded", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.055088Z", "modified": "2026-06-02T15:57:33.055088Z", "name": "Malicious Extension: Search Copilot AI Assistant for Chrome", "description": "Malicious browser extension: Search Copilot AI Assistant for Chrome (mnhffkhmpnefgklngfmlndmkimimbphc) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-07-17.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mnhffkhmpnefgklngfmlndmkimimbphc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mnhffkhmpnefgklngfmlndmkimimbphc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mnhffkhmpnefgklngfmlndmkimimbphc", "external_id": "mnhffkhmpnefgklngfmlndmkimimbphc"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--33f0ef8e-4f63-485d-a476-f6d6e96cd9a4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.056173Z", "modified": "2026-06-02T15:57:33.056173Z", "name": "Malicious Extension: Reader Mode", "description": "Malicious browser extension: Reader Mode (cedgndijpacnfbdggppddacngjfdkaca) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-18.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cedgndijpacnfbdggppddacngjfdkaca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cedgndijpacnfbdggppddacngjfdkaca", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cedgndijpacnfbdggppddacngjfdkaca", "external_id": "cedgndijpacnfbdggppddacngjfdkaca"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4755df6f-bd5b-429f-8d5b-187599bc18ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.057239Z", "modified": "2026-06-02T15:57:33.057239Z", "name": "Malicious Extension: Bard AI chat", "description": "Malicious browser extension: Bard AI chat (bbdnohkpnbkdkmnkddobeafboooinpla) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-10-22.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbdnohkpnbkdkmnkddobeafboooinpla']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bbdnohkpnbkdkmnkddobeafboooinpla", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbdnohkpnbkdkmnkddobeafboooinpla", "external_id": "bbdnohkpnbkdkmnkddobeafboooinpla"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--00a8452e-914a-434a-9c4d-ba41875333e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.058368Z", "modified": "2026-06-02T15:57:33.058368Z", "name": "Malicious Extension: TinaMind", "description": "Malicious browser extension: TinaMind (egmennebgadmncfjafcemlecimkepcle) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-15.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/egmennebgadmncfjafcemlecimkepcle']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:egmennebgadmncfjafcemlecimkepcle", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/egmennebgadmncfjafcemlecimkepcle", "external_id": "egmennebgadmncfjafcemlecimkepcle"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e442748b-5bc5-4a1a-883b-04bcc24db382", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.059478Z", "modified": "2026-06-02T15:57:33.059478Z", "name": "Malicious Extension: YesCaptcha assistant", "description": "Malicious browser extension: YesCaptcha assistant (bibjgkidgpfbblifamdlkdlhgihmfohh) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-29.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bibjgkidgpfbblifamdlkdlhgihmfohh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bibjgkidgpfbblifamdlkdlhgihmfohh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bibjgkidgpfbblifamdlkdlhgihmfohh", "external_id": "bibjgkidgpfbblifamdlkdlhgihmfohh"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5290d893-c884-40f5-9cef-8d7a84e8fd9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.060552Z", "modified": "2026-06-02T15:57:33.060552Z", "name": "Malicious Extension: GraphQL Network Inspector", "description": "Malicious browser extension: GraphQL Network Inspector (befflofjcniongenjmbkgkoljhgliihe) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-29.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/befflofjcniongenjmbkgkoljhgliihe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:befflofjcniongenjmbkgkoljhgliihe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/befflofjcniongenjmbkgkoljhgliihe", "external_id": "befflofjcniongenjmbkgkoljhgliihe"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--586d8d15-ef94-4d9c-a27f-b87bcb79126e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.061802Z", "modified": "2026-06-02T15:57:33.061802Z", "name": "Malicious Extension: Primus (prev. PADO)", "description": "Malicious browser extension: Primus (prev. PADO) (pkgciiiancapdlpcbppfkmeaieppikkk) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-18.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pkgciiiancapdlpcbppfkmeaieppikkk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pkgciiiancapdlpcbppfkmeaieppikkk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pkgciiiancapdlpcbppfkmeaieppikkk", "external_id": "pkgciiiancapdlpcbppfkmeaieppikkk"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ff38a3ec-7777-458c-a61d-a4dea2e64276", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.062878Z", "modified": "2026-06-02T15:57:33.062878Z", "name": "Malicious Extension: Tackker - online keylogger tool", "description": "Malicious browser extension: Tackker - online keylogger tool (llimhhconnjiflfimocjggfjdlmlhblm) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-25.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/llimhhconnjiflfimocjggfjdlmlhblm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:llimhhconnjiflfimocjggfjdlmlhblm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/llimhhconnjiflfimocjggfjdlmlhblm", "external_id": "llimhhconnjiflfimocjggfjdlmlhblm"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7d59bc6d-1837-4af8-aa72-e9b2f2017e51", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.063962Z", "modified": "2026-06-02T15:57:33.063962Z", "name": "Malicious Extension: AI Shop Buddy", "description": "Malicious browser extension: AI Shop Buddy (oeiomhmbaapihbilkfkhmlajkeegnjhe) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-04-30.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oeiomhmbaapihbilkfkhmlajkeegnjhe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:oeiomhmbaapihbilkfkhmlajkeegnjhe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oeiomhmbaapihbilkfkhmlajkeegnjhe", "external_id": "oeiomhmbaapihbilkfkhmlajkeegnjhe"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ba92a02e-4f6d-4714-a61c-c6fb55543ca4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.065045Z", "modified": "2026-06-02T15:57:33.065045Z", "name": "Malicious Extension: Sort by Oldest", "description": "Malicious browser extension: Sort by Oldest (ndlbedplllcgconngcnfmkadhokfaaln) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-01-11.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ndlbedplllcgconngcnfmkadhokfaaln']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ndlbedplllcgconngcnfmkadhokfaaln", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ndlbedplllcgconngcnfmkadhokfaaln", "external_id": "ndlbedplllcgconngcnfmkadhokfaaln"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--74083117-433b-482d-b591-7836ca89c83c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.066126Z", "modified": "2026-06-02T15:57:33.066126Z", "name": "Malicious Extension: Rewards Search Automator", "description": "Malicious browser extension: Rewards Search Automator (epdjhgbipjpbbhoccdeipghoihibnfja) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-05-04.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/epdjhgbipjpbbhoccdeipghoihibnfja']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:epdjhgbipjpbbhoccdeipghoihibnfja", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/epdjhgbipjpbbhoccdeipghoihibnfja", "external_id": "epdjhgbipjpbbhoccdeipghoihibnfja"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0245e4b4-cf93-41c3-aefe-e7cc7bceeb7e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.067199Z", "modified": "2026-06-02T15:57:33.067199Z", "name": "Malicious Extension: Earny - Up to 20% Cash Back", "description": "Malicious browser extension: Earny - Up to 20% Cash Back (cplhlgabfijoiabgkigdafklbhhdkahj) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2023-04-05.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cplhlgabfijoiabgkigdafklbhhdkahj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cplhlgabfijoiabgkigdafklbhhdkahj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cplhlgabfijoiabgkigdafklbhhdkahj", "external_id": "cplhlgabfijoiabgkigdafklbhhdkahj"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fe1db30f-65b6-483f-9689-e3b32b7a8450", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.068273Z", "modified": "2026-06-02T15:57:33.068273Z", "name": "Malicious Extension: ChatGPT Assistant - Smart Search", "description": "Malicious browser extension: ChatGPT Assistant - Smart Search (jiofmdifioeejeilfkpegipdjiopiekl) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-02-12.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jiofmdifioeejeilfkpegipdjiopiekl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jiofmdifioeejeilfkpegipdjiopiekl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jiofmdifioeejeilfkpegipdjiopiekl", "external_id": "jiofmdifioeejeilfkpegipdjiopiekl"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--db83f681-a3ad-44f5-97f4-6684fadae255", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.069511Z", "modified": "2026-06-02T15:57:33.069511Z", "name": "Malicious Extension: Proxy SwitchyOmega (V3)", "description": "Malicious browser extension: Proxy SwitchyOmega (V3) (hihblcmlaaademjlakdpicchbjnnnkbo) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-30.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hihblcmlaaademjlakdpicchbjnnnkbo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hihblcmlaaademjlakdpicchbjnnnkbo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hihblcmlaaademjlakdpicchbjnnnkbo", "external_id": "hihblcmlaaademjlakdpicchbjnnnkbo"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--748f027c-9fe0-42c1-8c60-0f574cfdb640", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.070578Z", "modified": "2026-06-02T15:57:33.070578Z", "name": "Malicious Extension: Visual Effects for Google Meet", "description": "Malicious browser extension: Visual Effects for Google Meet (ekpkdmohpdnebfedjjfklhpefgpgaaji) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-26.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekpkdmohpdnebfedjjfklhpefgpgaaji']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ekpkdmohpdnebfedjjfklhpefgpgaaji", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekpkdmohpdnebfedjjfklhpefgpgaaji", "external_id": "ekpkdmohpdnebfedjjfklhpefgpgaaji"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3fcb1903-0b31-4237-8955-75dfb670c3c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.071667Z", "modified": "2026-06-02T15:57:33.071667Z", "name": "Malicious Extension: CastorUS", "description": "Malicious browser extension: CastorUS (epikoohpebngmakjinphfiagogjcnddm) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/epikoohpebngmakjinphfiagogjcnddm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:epikoohpebngmakjinphfiagogjcnddm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/epikoohpebngmakjinphfiagogjcnddm", "external_id": "epikoohpebngmakjinphfiagogjcnddm"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1c77c37a-56cd-4ad0-91b4-654001df2eae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.072743Z", "modified": "2026-06-02T15:57:33.072743Z", "name": "Malicious Extension: Wistia Video Downloader", "description": "Malicious browser extension: Wistia Video Downloader (miglaibdlgminlepgeifekifakochlka) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/miglaibdlgminlepgeifekifakochlka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:miglaibdlgminlepgeifekifakochlka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/miglaibdlgminlepgeifekifakochlka", "external_id": "miglaibdlgminlepgeifekifakochlka"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3ccfb7b5-2f9f-49fe-ad8d-9968908814c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.073805Z", "modified": "2026-06-02T15:57:33.073805Z", "name": "Malicious Extension: Email Hunter", "description": "Malicious browser extension: Email Hunter (eanofdhdfbcalhflpbdipkjjkoimeeod) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eanofdhdfbcalhflpbdipkjjkoimeeod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:eanofdhdfbcalhflpbdipkjjkoimeeod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eanofdhdfbcalhflpbdipkjjkoimeeod", "external_id": "eanofdhdfbcalhflpbdipkjjkoimeeod"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--69bac206-2292-49cd-885f-b341fee30430", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.074862Z", "modified": "2026-06-02T15:57:33.074862Z", "name": "Malicious Extension: Moonsift", "description": "Malicious browser extension: Moonsift (ogbhbgkiojdollpjbhbamafmedkeockb) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-10.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ogbhbgkiojdollpjbhbamafmedkeockb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ogbhbgkiojdollpjbhbamafmedkeockb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ogbhbgkiojdollpjbhbamafmedkeockb", "external_id": "ogbhbgkiojdollpjbhbamafmedkeockb"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--48311fed-8aa2-42fd-8e92-886fea218ae2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.075936Z", "modified": "2026-06-02T15:57:33.075936Z", "name": "Malicious Extension: Bookmark FC", "description": "Malicious browser extension: Bookmark FC (bgejafhieobnfpjlpcjjggoboebonfcg) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bgejafhieobnfpjlpcjjggoboebonfcg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bgejafhieobnfpjlpcjjggoboebonfcg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bgejafhieobnfpjlpcjjggoboebonfcg", "external_id": "bgejafhieobnfpjlpcjjggoboebonfcg"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cfbf0a2c-965b-4f4c-b235-8a2373867e13", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.077178Z", "modified": "2026-06-02T15:57:33.077178Z", "name": "Malicious Extension: Parrot Talks", "description": "Malicious browser extension: Parrot Talks (igbodamhgjohafcenbcljfegbipdfjpk) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/igbodamhgjohafcenbcljfegbipdfjpk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:igbodamhgjohafcenbcljfegbipdfjpk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/igbodamhgjohafcenbcljfegbipdfjpk", "external_id": "igbodamhgjohafcenbcljfegbipdfjpk"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--61a8debb-c147-4087-9ae4-18676c3ade06", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.07825Z", "modified": "2026-06-02T15:57:33.07825Z", "name": "Malicious Extension: Censor Tracker", "description": "Malicious browser extension: Censor Tracker (mbindhfolmpijhodmgkloeeppmkhpmhc) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mbindhfolmpijhodmgkloeeppmkhpmhc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mbindhfolmpijhodmgkloeeppmkhpmhc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mbindhfolmpijhodmgkloeeppmkhpmhc", "external_id": "mbindhfolmpijhodmgkloeeppmkhpmhc"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1534c45a-6678-41df-8497-fb6304c95eb9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.079338Z", "modified": "2026-06-02T15:57:33.079338Z", "name": "Malicious Extension: Wakey", "description": "Malicious browser extension: Wakey (hodiladlefdpcbemnbbcpclbmknkiaem) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hodiladlefdpcbemnbbcpclbmknkiaem']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hodiladlefdpcbemnbbcpclbmknkiaem", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hodiladlefdpcbemnbbcpclbmknkiaem", "external_id": "hodiladlefdpcbemnbbcpclbmknkiaem"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c5797bf6-62f0-4428-b90d-fbc1c38ffca2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.080403Z", "modified": "2026-06-02T15:57:33.080403Z", "name": "Malicious Extension: Internxt Video Downloader", "description": "Malicious browser extension: Internxt Video Downloader (lbneaaedflankmgmfbmaplggbmjjmbae) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lbneaaedflankmgmfbmaplggbmjjmbae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lbneaaedflankmgmfbmaplggbmjjmbae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lbneaaedflankmgmfbmaplggbmjjmbae", "external_id": "lbneaaedflankmgmfbmaplggbmjjmbae"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ee6e278c-3a16-473b-86c6-6b580bfec189", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.081465Z", "modified": "2026-06-02T15:57:33.081465Z", "name": "Malicious Extension: Pado Extension", "description": "Malicious browser extension: Pado Extension (eaijffijbobmnonfhilihbejadplhddo) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eaijffijbobmnonfhilihbejadplhddo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:eaijffijbobmnonfhilihbejadplhddo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eaijffijbobmnonfhilihbejadplhddo", "external_id": "eaijffijbobmnonfhilihbejadplhddo"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e9efb553-6b9c-4474-891b-b7fdf8caec69", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.082535Z", "modified": "2026-06-02T15:57:33.082535Z", "name": "Malicious Extension: Linewize Connect", "description": "Malicious browser extension: Linewize Connect (hmiaoahjllhfgebflooeeefeiafpkfde) Part of Dec 2024 Cyberhaven supply chain campaign. Devs phished via fake Google OAuth. Targeted Facebook Ads credentials. Compromised version active 2024-12-19.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmiaoahjllhfgebflooeeefeiafpkfde']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hmiaoahjllhfgebflooeeefeiafpkfde", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmiaoahjllhfgebflooeeefeiafpkfde", "external_id": "hmiaoahjllhfgebflooeeefeiafpkfde"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/cyberhaven-extension-compromise/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--81b3c9be-892b-4f83-83c4-fad2171dbaa8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.083963Z", "modified": "2026-06-02T15:57:33.083963Z", "name": "Malicious Extension: Blipshot: one click full page screenshots", "description": "Malicious browser extension: Blipshot: one click full page screenshots (mdaboflcmhejfihjcbmdiebgfchigjcf) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-07-04. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mdaboflcmhejfihjcbmdiebgfchigjcf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mdaboflcmhejfihjcbmdiebgfchigjcf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mdaboflcmhejfihjcbmdiebgfchigjcf", "external_id": "mdaboflcmhejfihjcbmdiebgfchigjcf"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ca305c75-5e64-44f7-9bbc-1b114b363349", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.085211Z", "modified": "2026-06-02T15:57:33.085211Z", "name": "Malicious Extension: Emojis - Emoji Keyboard", "description": "Malicious browser extension: Emojis - Emoji Keyboard (gaoflciahikhligngeccdecgfjngejlh) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-07-04. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gaoflciahikhligngeccdecgfjngejlh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gaoflciahikhligngeccdecgfjngejlh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gaoflciahikhligngeccdecgfjngejlh", "external_id": "gaoflciahikhligngeccdecgfjngejlh"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7189d6e3-4de2-4859-8391-a58141a2d2aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.086291Z", "modified": "2026-06-02T15:57:33.086291Z", "name": "Malicious Extension: WAToolkit", "description": "Malicious browser extension: WAToolkit (fedimamkpgiemhacbdhkkaihgofncola) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-07-04. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fedimamkpgiemhacbdhkkaihgofncola']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fedimamkpgiemhacbdhkkaihgofncola", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fedimamkpgiemhacbdhkkaihgofncola", "external_id": "fedimamkpgiemhacbdhkkaihgofncola"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--94d617b9-b5e1-46e8-90a2-ed3c97dce822", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.087385Z", "modified": "2026-06-02T15:57:33.087385Z", "name": "Malicious Extension: Color Changer for YouTube", "description": "Malicious browser extension: Color Changer for YouTube (jlhgcomgldfapimdboelilfcipigkgik) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-07-05. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jlhgcomgldfapimdboelilfcipigkgik']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jlhgcomgldfapimdboelilfcipigkgik", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jlhgcomgldfapimdboelilfcipigkgik", "external_id": "jlhgcomgldfapimdboelilfcipigkgik"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5a8db330-19a4-4032-a339-fcdc4bffba3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.088459Z", "modified": "2026-06-02T15:57:33.088459Z", "name": "Malicious Extension: Video Effects for YouTube And Audio Enhancer", "description": "Malicious browser extension: Video Effects for YouTube And Audio Enhancer (jdjldbengpgdcfkljfdmakdgmfpneldd) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-07-05. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jdjldbengpgdcfkljfdmakdgmfpneldd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jdjldbengpgdcfkljfdmakdgmfpneldd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jdjldbengpgdcfkljfdmakdgmfpneldd", "external_id": "jdjldbengpgdcfkljfdmakdgmfpneldd"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bce388f6-797a-425a-ab37-1516cd7f0061", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.089535Z", "modified": "2026-06-02T15:57:33.089535Z", "name": "Malicious Extension: Themes for Chrome and YouTube Picture in Picture", "description": "Malicious browser extension: Themes for Chrome and YouTube Picture in Picture (deljjimclpnhngmikaiiodgggdniaooh) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-07-17. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/deljjimclpnhngmikaiiodgggdniaooh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:deljjimclpnhngmikaiiodgggdniaooh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/deljjimclpnhngmikaiiodgggdniaooh", "external_id": "deljjimclpnhngmikaiiodgggdniaooh"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d6454a0a-8494-4ff3-a61c-94eec0297560", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.090604Z", "modified": "2026-06-02T15:57:33.090604Z", "name": "Malicious Extension: Mike Adblock fuer Chrome", "description": "Malicious browser extension: Mike Adblock fuer Chrome (giaoehhefkmchjbbdnahgeppblbdejmj) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-07-18. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/giaoehhefkmchjbbdnahgeppblbdejmj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:giaoehhefkmchjbbdnahgeppblbdejmj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/giaoehhefkmchjbbdnahgeppblbdejmj", "external_id": "giaoehhefkmchjbbdnahgeppblbdejmj"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d6bbefbf-fdc6-4289-8abf-7e32f5dfef24", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.091692Z", "modified": "2026-06-02T15:57:33.091692Z", "name": "Malicious Extension: Page Refresh", "description": "Malicious browser extension: Page Refresh (hmooaemjmediafeacjplpbpenjnpcneg) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-07-25. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmooaemjmediafeacjplpbpenjnpcneg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmooaemjmediafeacjplpbpenjnpcneg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmooaemjmediafeacjplpbpenjnpcneg", "external_id": "hmooaemjmediafeacjplpbpenjnpcneg"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ab1f6ce8-746d-49a3-b995-3a4b90f683d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.092934Z", "modified": "2026-06-02T15:57:33.092934Z", "name": "Malicious Extension: Wistia Video Downloader", "description": "Malicious browser extension: Wistia Video Downloader (acbiaofoeebeinacmcknopaikmecdehl) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-08-08. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acbiaofoeebeinacmcknopaikmecdehl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:acbiaofoeebeinacmcknopaikmecdehl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acbiaofoeebeinacmcknopaikmecdehl", "external_id": "acbiaofoeebeinacmcknopaikmecdehl"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c3470118-acc3-4335-9d54-beb8902fa0c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.094009Z", "modified": "2026-06-02T15:57:33.094009Z", "name": "Malicious Extension: Super dark mode", "description": "Malicious browser extension: Super dark mode (nlgphodeccebbcnkgmokeegopgpnjfkc) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-08-11. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nlgphodeccebbcnkgmokeegopgpnjfkc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nlgphodeccebbcnkgmokeegopgpnjfkc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nlgphodeccebbcnkgmokeegopgpnjfkc", "external_id": "nlgphodeccebbcnkgmokeegopgpnjfkc"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--777d3bc1-1294-4333-bc13-a9eaa37dd78c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.095083Z", "modified": "2026-06-02T15:57:33.095083Z", "name": "Malicious Extension: Emoji keyboard emojis for chrome", "description": "Malicious browser extension: Emoji keyboard emojis for chrome (fbcgkphadgmbalmlklhbdagcicajenei) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-08-11. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbcgkphadgmbalmlklhbdagcicajenei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fbcgkphadgmbalmlklhbdagcicajenei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbcgkphadgmbalmlklhbdagcicajenei", "external_id": "fbcgkphadgmbalmlklhbdagcicajenei"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c2b60fae-82c7-44a0-8e55-cf280e7987e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.096166Z", "modified": "2026-06-02T15:57:33.096166Z", "name": "Malicious Extension: Adblocker for Chrome - NoAds", "description": "Malicious browser extension: Adblocker for Chrome - NoAds (alplpnakfeabeiebipdmaenpmbgknjce) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-08-22. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/alplpnakfeabeiebipdmaenpmbgknjce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:alplpnakfeabeiebipdmaenpmbgknjce", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/alplpnakfeabeiebipdmaenpmbgknjce", "external_id": "alplpnakfeabeiebipdmaenpmbgknjce"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ccf0e201-41ab-426f-8bf1-ac0bb6e83ad0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.097227Z", "modified": "2026-06-02T15:57:33.097227Z", "name": "Malicious Extension: Adblock for You", "description": "Malicious browser extension: Adblock for You (ogcaehilgakehloljjmajoempaflmdci) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-09-10. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ogcaehilgakehloljjmajoempaflmdci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ogcaehilgakehloljjmajoempaflmdci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ogcaehilgakehloljjmajoempaflmdci", "external_id": "ogcaehilgakehloljjmajoempaflmdci"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--997ec7f6-38c3-4889-a6ec-8a2a36043d06", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.09829Z", "modified": "2026-06-02T15:57:33.09829Z", "name": "Malicious Extension: Adblock for Chrome", "description": "Malicious browser extension: Adblock for Chrome (onomjaelhagjjojbkcafidnepbfkpnee) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-09-10. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/onomjaelhagjjojbkcafidnepbfkpnee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:onomjaelhagjjojbkcafidnepbfkpnee", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/onomjaelhagjjojbkcafidnepbfkpnee", "external_id": "onomjaelhagjjojbkcafidnepbfkpnee"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--07f38758-05b1-4f36-bf4a-3ac763a4b2a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.099359Z", "modified": "2026-06-02T15:57:33.099359Z", "name": "Malicious Extension: Nimble Capture", "description": "Malicious browser extension: Nimble Capture (bpconcjcammlapcogcnnelfmaeghhagj) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-09-27. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bpconcjcammlapcogcnnelfmaeghhagj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bpconcjcammlapcogcnnelfmaeghhagj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bpconcjcammlapcogcnnelfmaeghhagj", "external_id": "bpconcjcammlapcogcnnelfmaeghhagj"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--024f4103-5dff-4a52-980e-2a970d2d4102", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.101572Z", "modified": "2026-06-02T15:57:33.101572Z", "name": "Malicious Extension: KProxy", "description": "Malicious browser extension: KProxy (gdocgbfmddcfnlnpmnghmjicjognhonm) GitLab TamperedChef campaign. Threat actor assessed to have PURCHASED extensions from developers (ownership-transfer vector). Stripped CSP headers from first 2000 sites per session. Facilitated ad/SEO fraud. Last malicious update: 2024-10-08. Reported to Google Jan 2025, removed Feb 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gdocgbfmddcfnlnpmnghmjicjognhonm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gdocgbfmddcfnlnpmnghmjicjognhonm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gdocgbfmddcfnlnpmnghmjicjognhonm", "external_id": "gdocgbfmddcfnlnpmnghmjicjognhonm"}, {"source_name": "Original Research", "url": "https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/"}, {"source_name": "Article", "url": "https://cybersecuritynews.com/16-malicious-chrome-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--70df1617-9dbb-46d6-957c-d2e3f4d97aec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.102991Z", "modified": "2026-06-02T15:57:33.102991Z", "name": "Malicious Extension: Urban VPN Proxy", "description": "Malicious browser extension: Urban VPN Proxy (eppiocemhmnlbhjplcgkofciiegomcon) BiScience/Urban Cybersecurity AI chat harvesting. v5.5.0 (July 9 2025) silently introduced harvesting of ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek, Grok, Meta AI conversations. Data sold to data broker BiScience. Featured badge from Google. Removed after Koi Security disclosure Dec 2025. 6M+ Chrome users \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eppiocemhmnlbhjplcgkofciiegomcon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-15T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:eppiocemhmnlbhjplcgkofciiegomcon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eppiocemhmnlbhjplcgkofciiegomcon", "external_id": "eppiocemhmnlbhjplcgkofciiegomcon"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection"}, {"source_name": "Article", "url": "https://thehackernews.com/2025/12/featured-chrome-browser-extension.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de51f723-1a05-40de-9e55-8589de5e1885", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.104127Z", "modified": "2026-06-02T15:57:33.104127Z", "name": "Malicious Extension: Urban Ad Blocker", "description": "Malicious browser extension: Urban Ad Blocker (feflcgofneboehfdeebcfglbodaceghj) BiScience/Urban Cybersecurity AI chat harvesting. v5.5.0 (July 9 2025) silently introduced harvesting of ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek, Grok, Meta AI conversations. Data sold to data broker BiScience. Featured badge from Google. Removed after Koi Security disclosure Dec 2025. 10k Chrome users \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/feflcgofneboehfdeebcfglbodaceghj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-15T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:feflcgofneboehfdeebcfglbodaceghj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/feflcgofneboehfdeebcfglbodaceghj", "external_id": "feflcgofneboehfdeebcfglbodaceghj"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection"}, {"source_name": "Article", "url": "https://thehackernews.com/2025/12/featured-chrome-browser-extension.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a57744f9-4530-4b46-9537-904fe7cf4571", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.105546Z", "modified": "2026-06-02T15:57:33.105546Z", "name": "Malicious Extension: Chat GPT for Chrome with GPT-5 Claude Sonnet and DeepSeek AI", "description": "Malicious browser extension: Chat GPT for Chrome with GPT-5 Claude Sonnet and DeepSeek AI (fnmihdojmnkclgjpcoonokmkhjpjechg) AITOPIA impersonator campaign (Prompt Poaching). Exfiltrated ChatGPT and DeepSeek conversations to C2 every 30 mins. Had Google Featured badge. Reported to Google Dec 29 2025. C2: deepaichats.com, chatsaigpt.com. Uninstalling one extension auto-opened tab pushing the other. 600k Chrome users \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fnmihdojmnkclgjpcoonokmkhjpjechg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fnmihdojmnkclgjpcoonokmkhjpjechg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fnmihdojmnkclgjpcoonokmkhjpjechg", "external_id": "fnmihdojmnkclgjpcoonokmkhjpjechg"}, {"source_name": "Original Research", "url": "https://www.ox.security/blog/malicious-chrome-extensions-steal-chatgpt-deepseek-conversations/"}, {"source_name": "Article", "url": "https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c995991d-a58a-4826-bfd1-6ed7ed90e7c1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.106628Z", "modified": "2026-06-02T15:57:33.106628Z", "name": "Malicious Extension: AI Sidebar with Deepseek ChatGPT Claude and more", "description": "Malicious browser extension: AI Sidebar with Deepseek ChatGPT Claude and more (inhcgfpbfdjbjogdfjbclgolkmhnooop) AITOPIA impersonator campaign (Prompt Poaching). Exfiltrated ChatGPT and DeepSeek conversations to C2 every 30 mins. Had Google Featured badge. Reported to Google Dec 29 2025. C2: deepaichats.com, chatsaigpt.com. Uninstalling one extension auto-opened tab pushing the other. 300k Chrome users \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/inhcgfpbfdjbjogdfjbclgolkmhnooop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:inhcgfpbfdjbjogdfjbclgolkmhnooop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/inhcgfpbfdjbjogdfjbclgolkmhnooop", "external_id": "inhcgfpbfdjbjogdfjbclgolkmhnooop"}, {"source_name": "Original Research", "url": "https://www.ox.security/blog/malicious-chrome-extensions-steal-chatgpt-deepseek-conversations/"}, {"source_name": "Article", "url": "https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--920d5783-5e98-4b72-9471-58e5c84353d2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.108012Z", "modified": "2026-06-02T15:57:33.108012Z", "name": "Malicious Extension: Color Picker Eyedropper - Geco colorpick", "description": "Malicious browser extension: Color Picker Eyedropper - Geco colorpick (eokjikchkppnkdipbiggnmlkahcdkikp) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025. 100k+ users. Lead extension. Had Google verified badge and featured placement.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eokjikchkppnkdipbiggnmlkahcdkikp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:eokjikchkppnkdipbiggnmlkahcdkikp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eokjikchkppnkdipbiggnmlkahcdkikp", "external_id": "eokjikchkppnkdipbiggnmlkahcdkikp"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dc8c7416-707f-4213-8f9a-a0aaa3267abd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.109266Z", "modified": "2026-06-02T15:57:33.109266Z", "name": "Malicious Extension: Emoji keyboard online - copy and paste emoji", "description": "Malicious browser extension: Emoji keyboard online - copy and paste emoji (kgmeffmlnkfnjpgmdndccklfigfhajen) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kgmeffmlnkfnjpgmdndccklfigfhajen']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kgmeffmlnkfnjpgmdndccklfigfhajen", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kgmeffmlnkfnjpgmdndccklfigfhajen", "external_id": "kgmeffmlnkfnjpgmdndccklfigfhajen"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fc5c960b-2ff9-454f-8ead-a35022d1cf06", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.110338Z", "modified": "2026-06-02T15:57:33.110338Z", "name": "Malicious Extension: Free Weather Forecast", "description": "Malicious browser extension: Free Weather Forecast (dpdibkjjgbaadnnjhkmmnenkmbnhpobj) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dpdibkjjgbaadnnjhkmmnenkmbnhpobj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dpdibkjjgbaadnnjhkmmnenkmbnhpobj", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dpdibkjjgbaadnnjhkmmnenkmbnhpobj", "external_id": "dpdibkjjgbaadnnjhkmmnenkmbnhpobj"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0eeb89ef-d7d8-4bfb-b319-ebc7326e4e35", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.111424Z", "modified": "2026-06-02T15:57:33.111424Z", "name": "Malicious Extension: Video Speed Controller - Video manager", "description": "Malicious browser extension: Video Speed Controller - Video manager (gaiceihehajjahakcglkhmdbbdclbnlf) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gaiceihehajjahakcglkhmdbbdclbnlf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gaiceihehajjahakcglkhmdbbdclbnlf", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gaiceihehajjahakcglkhmdbbdclbnlf", "external_id": "gaiceihehajjahakcglkhmdbbdclbnlf"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--38079cdc-fa95-4b43-86d8-01e078206c01", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.112491Z", "modified": "2026-06-02T15:57:33.112491Z", "name": "Malicious Extension: Unlock Discord - VPN Proxy to Unblock Discord Anywhere", "description": "Malicious browser extension: Unlock Discord - VPN Proxy to Unblock Discord Anywhere (mlgbkfnjdmaoldgagamcnommbbnhfnhf) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mlgbkfnjdmaoldgagamcnommbbnhfnhf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mlgbkfnjdmaoldgagamcnommbbnhfnhf", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mlgbkfnjdmaoldgagamcnommbbnhfnhf", "external_id": "mlgbkfnjdmaoldgagamcnommbbnhfnhf"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7178ce6a-fb97-4ac0-8469-1ee63f10240b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.113563Z", "modified": "2026-06-02T15:57:33.113563Z", "name": "Malicious Extension: Dark Theme - Dark Reader for Chrome", "description": "Malicious browser extension: Dark Theme - Dark Reader for Chrome (eckokfcjbjbgjifpcbdmengnabecdakp) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eckokfcjbjbgjifpcbdmengnabecdakp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:eckokfcjbjbgjifpcbdmengnabecdakp", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eckokfcjbjbgjifpcbdmengnabecdakp", "external_id": "eckokfcjbjbgjifpcbdmengnabecdakp"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--84da376f-51d8-438e-81f4-ed956d138ad9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.114626Z", "modified": "2026-06-02T15:57:33.114626Z", "name": "Malicious Extension: Volume Max - Ultimate Sound Booster", "description": "Malicious browser extension: Volume Max - Ultimate Sound Booster (mgbhdehiapbjamfgekfpebmhmnmcmemg) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mgbhdehiapbjamfgekfpebmhmnmcmemg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mgbhdehiapbjamfgekfpebmhmnmcmemg", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mgbhdehiapbjamfgekfpebmhmnmcmemg", "external_id": "mgbhdehiapbjamfgekfpebmhmnmcmemg"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f7faee18-bc3f-4f87-8585-00da9ce42e4c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.115712Z", "modified": "2026-06-02T15:57:33.115712Z", "name": "Malicious Extension: Unblock TikTok - Seamless Access with One-Click Proxy", "description": "Malicious browser extension: Unblock TikTok - Seamless Access with One-Click Proxy (cbajickflblmpjodnjoldpiicfmecmif) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbajickflblmpjodnjoldpiicfmecmif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cbajickflblmpjodnjoldpiicfmecmif", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbajickflblmpjodnjoldpiicfmecmif", "external_id": "cbajickflblmpjodnjoldpiicfmecmif"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3feeb4ae-13ae-45aa-b713-6c3d6ac46549", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.116951Z", "modified": "2026-06-02T15:57:33.116951Z", "name": "Malicious Extension: Unlock YouTube VPN", "description": "Malicious browser extension: Unlock YouTube VPN (pdbfcnhlobhoahcamoefbfodpmklgmjm) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdbfcnhlobhoahcamoefbfodpmklgmjm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pdbfcnhlobhoahcamoefbfodpmklgmjm", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdbfcnhlobhoahcamoefbfodpmklgmjm", "external_id": "pdbfcnhlobhoahcamoefbfodpmklgmjm"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5a844f7e-413c-4577-9af3-7b6c8941a43f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.118016Z", "modified": "2026-06-02T15:57:33.118016Z", "name": "Malicious Extension: Weather", "description": "Malicious browser extension: Weather (ihbiedpeaicgipncdnnkikeehnjiddck) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ihbiedpeaicgipncdnnkikeehnjiddck']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ihbiedpeaicgipncdnnkikeehnjiddck", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ihbiedpeaicgipncdnnkikeehnjiddck", "external_id": "ihbiedpeaicgipncdnnkikeehnjiddck"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--294d0d45-c326-49ed-8849-d0791b83f44b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.119094Z", "modified": "2026-06-02T15:57:33.119094Z", "name": "Malicious Extension: RedDirection extension (name unconfirmed)", "description": "Malicious browser extension: RedDirection extension (name unconfirmed) (pdpfhanekfkeijhemmfbnnjffiblgefi) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025. ID from SOC analysis. Name needs verification. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdpfhanekfkeijhemmfbnnjffiblgefi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pdpfhanekfkeijhemmfbnnjffiblgefi", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdpfhanekfkeijhemmfbnnjffiblgefi", "external_id": "pdpfhanekfkeijhemmfbnnjffiblgefi"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--500e6c41-f1a3-48b0-b962-0ca24bccd970", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.120187Z", "modified": "2026-06-02T15:57:33.120187Z", "name": "Malicious Extension: RedDirection extension (name unconfirmed)", "description": "Malicious browser extension: RedDirection extension (name unconfirmed) (lkahpjghmdhpiojknppmlenngmpkkfma) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025. ID from SOC analysis. Name needs verification. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lkahpjghmdhpiojknppmlenngmpkkfma']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lkahpjghmdhpiojknppmlenngmpkkfma", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lkahpjghmdhpiojknppmlenngmpkkfma", "external_id": "lkahpjghmdhpiojknppmlenngmpkkfma"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cb9d467a-df3a-4bf2-b93a-840648b7566a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.121252Z", "modified": "2026-06-02T15:57:33.121252Z", "name": "Malicious Extension: RedDirection extension (name unconfirmed)", "description": "Malicious browser extension: RedDirection extension (name unconfirmed) (pjbgfifennfhnbkhoidkdchbflppjncb) RedDirection campaign (Koi Security, Jul 2025). Extensions stayed clean for years then received silent malicious updates. C2 backdoor tracked every URL visited. OWNERSHIP-TRANSFER=1: extensions acquired legitimately then weaponized. 2.3M users affected across Chrome+Edge. Reported to Google+Microsoft Jul 2025. ID from SOC analysis. Name needs verification. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pjbgfifennfhnbkhoidkdchbflppjncb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pjbgfifennfhnbkhoidkdchbflppjncb", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pjbgfifennfhnbkhoidkdchbflppjncb", "external_id": "pjbgfifennfhnbkhoidkdchbflppjncb"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.theregister.com/2025/07/08/browser_hijacking_campaign/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--53459526-ffc2-4a9d-80ec-6f9407019110", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.122623Z", "modified": "2026-06-02T15:57:33.122623Z", "name": "Malicious Extension: Autoskip for Youtube", "description": "Malicious browser extension: Autoskip for Youtube (lgjdgmdbfhobkdbcjnpnlmhnplnidkkp) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 9,008,298 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lgjdgmdbfhobkdbcjnpnlmhnplnidkkp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lgjdgmdbfhobkdbcjnpnlmhnplnidkkp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lgjdgmdbfhobkdbcjnpnlmhnplnidkkp", "external_id": "lgjdgmdbfhobkdbcjnpnlmhnplnidkkp"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--43335706-b1a0-4b5a-8a33-53179f7a6b4d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.123715Z", "modified": "2026-06-02T15:57:33.123715Z", "name": "Malicious Extension: Soundboost", "description": "Malicious browser extension: Soundboost (chmfnmjfghjpdamlofhlonnnnokkpbao) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 6,925,522 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/chmfnmjfghjpdamlofhlonnnnokkpbao']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:chmfnmjfghjpdamlofhlonnnnokkpbao", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/chmfnmjfghjpdamlofhlonnnnokkpbao", "external_id": "chmfnmjfghjpdamlofhlonnnnokkpbao"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1c905ab4-7a8e-4653-8ebe-34d31f04b64e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.124954Z", "modified": "2026-06-02T15:57:33.124954Z", "name": "Malicious Extension: Crystal Ad block", "description": "Malicious browser extension: Crystal Ad block (lklmhefoneonjalpjcnhaidnodopinib) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 6,869,278 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lklmhefoneonjalpjcnhaidnodopinib']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lklmhefoneonjalpjcnhaidnodopinib", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lklmhefoneonjalpjcnhaidnodopinib", "external_id": "lklmhefoneonjalpjcnhaidnodopinib"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b86c4d3c-4eae-461f-8953-da504c342127", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.126021Z", "modified": "2026-06-02T15:57:33.126021Z", "name": "Malicious Extension: Brisk VPN", "description": "Malicious browser extension: Brisk VPN (ciifcakemmcbbdpmljdohdmbodagmela) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 5,595,420 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ciifcakemmcbbdpmljdohdmbodagmela']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ciifcakemmcbbdpmljdohdmbodagmela", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ciifcakemmcbbdpmljdohdmbodagmela", "external_id": "ciifcakemmcbbdpmljdohdmbodagmela"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8e1406a5-0d5c-490c-9b87-13c7243c878c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.127083Z", "modified": "2026-06-02T15:57:33.127083Z", "name": "Malicious Extension: Clipboard Helper", "description": "Malicious browser extension: Clipboard Helper (meljmedplehjlnnaempfdoecookjenph) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 3,499,233 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/meljmedplehjlnnaempfdoecookjenph']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:meljmedplehjlnnaempfdoecookjenph", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/meljmedplehjlnnaempfdoecookjenph", "external_id": "meljmedplehjlnnaempfdoecookjenph"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--198846f1-8cad-463e-841e-29d10365aaf3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.128171Z", "modified": "2026-06-02T15:57:33.128171Z", "name": "Malicious Extension: Maxi Refresher", "description": "Malicious browser extension: Maxi Refresher (lipmdblppejomolopniipdjlpfjcojob) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 3,483,639 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lipmdblppejomolopniipdjlpfjcojob']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lipmdblppejomolopniipdjlpfjcojob", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lipmdblppejomolopniipdjlpfjcojob", "external_id": "lipmdblppejomolopniipdjlpfjcojob"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a3b5302b-7fac-4a6d-9c79-539232d65ead", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.129245Z", "modified": "2026-06-02T15:57:33.129245Z", "name": "Malicious Extension: Quick Translation", "description": "Malicious browser extension: Quick Translation (lmcboojgmmaafdmgacncdpjnpnnhpmei) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,797,773 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmcboojgmmaafdmgacncdpjnpnnhpmei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lmcboojgmmaafdmgacncdpjnpnnhpmei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmcboojgmmaafdmgacncdpjnpnnhpmei", "external_id": "lmcboojgmmaafdmgacncdpjnpnnhpmei"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--73f35947-3759-4fb8-870a-d65717953d35", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.13031Z", "modified": "2026-06-02T15:57:33.13031Z", "name": "Malicious Extension: Easyview Reader view", "description": "Malicious browser extension: Easyview Reader view (icnekagcncdgpdnpoecofjinkplbnocm) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,786,137 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/icnekagcncdgpdnpoecofjinkplbnocm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:icnekagcncdgpdnpoecofjinkplbnocm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/icnekagcncdgpdnpoecofjinkplbnocm", "external_id": "icnekagcncdgpdnpoecofjinkplbnocm"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f4208fc3-1d90-459a-9e08-abe74c31d8f5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.1314Z", "modified": "2026-06-02T15:57:33.1314Z", "name": "Malicious Extension: PDF toolbox", "description": "Malicious browser extension: PDF toolbox (bahogceckgcanpcoabcdgmoidngedmfo) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,782,790 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bahogceckgcanpcoabcdgmoidngedmfo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bahogceckgcanpcoabcdgmoidngedmfo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bahogceckgcanpcoabcdgmoidngedmfo", "external_id": "bahogceckgcanpcoabcdgmoidngedmfo"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3604e7c1-af93-46a5-84bb-4621339caa18", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.132638Z", "modified": "2026-06-02T15:57:33.132638Z", "name": "Malicious Extension: Epsilon Ad blocker", "description": "Malicious browser extension: Epsilon Ad blocker (bkpdalonclochcahhipekbnedhklcdnp) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,571,050 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bkpdalonclochcahhipekbnedhklcdnp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bkpdalonclochcahhipekbnedhklcdnp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bkpdalonclochcahhipekbnedhklcdnp", "external_id": "bkpdalonclochcahhipekbnedhklcdnp"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7228b62e-7c31-472d-b8d2-6499c7e3b9ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.133708Z", "modified": "2026-06-02T15:57:33.133708Z", "name": "Malicious Extension: Craft Cursors", "description": "Malicious browser extension: Craft Cursors (magnkhldhhgdlhikeighmhlhonpmlolk) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,437,224 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/magnkhldhhgdlhikeighmhlhonpmlolk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:magnkhldhhgdlhikeighmhlhonpmlolk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/magnkhldhhgdlhikeighmhlhonpmlolk", "external_id": "magnkhldhhgdlhikeighmhlhonpmlolk"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0ec732fd-f301-4413-9709-f52fac7f958d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.134769Z", "modified": "2026-06-02T15:57:33.134769Z", "name": "Malicious Extension: Alfablocker ad blocker", "description": "Malicious browser extension: Alfablocker ad blocker (edadmcnnkkkgmofibeehgaffppadbnbi) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,430,636 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edadmcnnkkkgmofibeehgaffppadbnbi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:edadmcnnkkkgmofibeehgaffppadbnbi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edadmcnnkkkgmofibeehgaffppadbnbi", "external_id": "edadmcnnkkkgmofibeehgaffppadbnbi"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--59cbe1eb-34da-4c2b-a377-6da3beae7e3f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.13586Z", "modified": "2026-06-02T15:57:33.13586Z", "name": "Malicious Extension: Zoom Plus", "description": "Malicious browser extension: Zoom Plus (ajneghihjbebmnljfhlpdmjjpifeaokc) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,370,645 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ajneghihjbebmnljfhlpdmjjpifeaokc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ajneghihjbebmnljfhlpdmjjpifeaokc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ajneghihjbebmnljfhlpdmjjpifeaokc", "external_id": "ajneghihjbebmnljfhlpdmjjpifeaokc"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--763abcc1-724d-42dd-aa0c-67e435644dc9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.13694Z", "modified": "2026-06-02T15:57:33.13694Z", "name": "Malicious Extension: Base Image Downloader", "description": "Malicious browser extension: Base Image Downloader (nadenkhojomjfdcppbhhncbfakfjiabp) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,366,136 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nadenkhojomjfdcppbhhncbfakfjiabp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nadenkhojomjfdcppbhhncbfakfjiabp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nadenkhojomjfdcppbhhncbfakfjiabp", "external_id": "nadenkhojomjfdcppbhhncbfakfjiabp"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a6f9aa96-6406-405e-b128-b803b0c75667", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.138002Z", "modified": "2026-06-02T15:57:33.138002Z", "name": "Malicious Extension: Clickish fun cursors", "description": "Malicious browser extension: Clickish fun cursors (pbdpfhmbdldfoioggnphkiocpidecmbp) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,353,436 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pbdpfhmbdldfoioggnphkiocpidecmbp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pbdpfhmbdldfoioggnphkiocpidecmbp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pbdpfhmbdldfoioggnphkiocpidecmbp", "external_id": "pbdpfhmbdldfoioggnphkiocpidecmbp"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c4bf8899-2e22-49d9-baa0-fd75bca3b1ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.13906Z", "modified": "2026-06-02T15:57:33.13906Z", "name": "Malicious Extension: Cursor-A custom cursor", "description": "Malicious browser extension: Cursor-A custom cursor (hdgdghnfcappcodemanhafioghjhlbpb) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,237,147 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdgdghnfcappcodemanhafioghjhlbpb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hdgdghnfcappcodemanhafioghjhlbpb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdgdghnfcappcodemanhafioghjhlbpb", "external_id": "hdgdghnfcappcodemanhafioghjhlbpb"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4aee246a-129c-47a5-ac8f-6b00f6e2a0a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.1403Z", "modified": "2026-06-02T15:57:33.1403Z", "name": "Malicious Extension: Amazing Dark Mode", "description": "Malicious browser extension: Amazing Dark Mode (fbjfihoienmhbjflbobnmimfijpngkpa) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,228,049 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbjfihoienmhbjflbobnmimfijpngkpa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fbjfihoienmhbjflbobnmimfijpngkpa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbjfihoienmhbjflbobnmimfijpngkpa", "external_id": "fbjfihoienmhbjflbobnmimfijpngkpa"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e63468c4-ba1c-468a-9165-551b653076b2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.141365Z", "modified": "2026-06-02T15:57:33.141365Z", "name": "Malicious Extension: Maximum Color Changer for Youtube", "description": "Malicious browser extension: Maximum Color Changer for Youtube (kjeffohcijbnlkgoaibmdcfconakaajm) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,226,293 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjeffohcijbnlkgoaibmdcfconakaajm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kjeffohcijbnlkgoaibmdcfconakaajm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjeffohcijbnlkgoaibmdcfconakaajm", "external_id": "kjeffohcijbnlkgoaibmdcfconakaajm"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9d1cea78-01e6-4c8a-afbf-a9ed31787c26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.142436Z", "modified": "2026-06-02T15:57:33.142436Z", "name": "Malicious Extension: Awesome Auto Refresh", "description": "Malicious browser extension: Awesome Auto Refresh (djmpbcihmblfdlkcfncodakgopmpgpgh) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 2,222,284 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/djmpbcihmblfdlkcfncodakgopmpgpgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:djmpbcihmblfdlkcfncodakgopmpgpgh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/djmpbcihmblfdlkcfncodakgopmpgpgh", "external_id": "djmpbcihmblfdlkcfncodakgopmpgpgh"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f8096137-aeda-4ff9-a2ab-d2713fce4e8d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.14352Z", "modified": "2026-06-02T15:57:33.14352Z", "name": "Malicious Extension: Venus Adblock", "description": "Malicious browser extension: Venus Adblock (obeokabcpoilgegepbhlcleanmpgkhcp) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 1,973,783 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obeokabcpoilgegepbhlcleanmpgkhcp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:obeokabcpoilgegepbhlcleanmpgkhcp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obeokabcpoilgegepbhlcleanmpgkhcp", "external_id": "obeokabcpoilgegepbhlcleanmpgkhcp"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--264920b8-2e73-4089-9ea5-b1ad1899a83f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.144611Z", "modified": "2026-06-02T15:57:33.144611Z", "name": "Malicious Extension: Adblock Dragon", "description": "Malicious browser extension: Adblock Dragon (mcmdolplhpeopapnlpbjceoofpgmkahc) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 1,967,202 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mcmdolplhpeopapnlpbjceoofpgmkahc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mcmdolplhpeopapnlpbjceoofpgmkahc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mcmdolplhpeopapnlpbjceoofpgmkahc", "external_id": "mcmdolplhpeopapnlpbjceoofpgmkahc"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cc17581e-8703-462d-85d3-3c6ae9e90deb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.145678Z", "modified": "2026-06-02T15:57:33.145678Z", "name": "Malicious Extension: Readl Reader mode", "description": "Malicious browser extension: Readl Reader mode (dppnhoaonckcimpejpjodcdoenfjleme) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 1,852,707 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dppnhoaonckcimpejpjodcdoenfjleme']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dppnhoaonckcimpejpjodcdoenfjleme", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dppnhoaonckcimpejpjodcdoenfjleme", "external_id": "dppnhoaonckcimpejpjodcdoenfjleme"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--453a2383-5a28-42bb-9833-823498a101f8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.14675Z", "modified": "2026-06-02T15:57:33.14675Z", "name": "Malicious Extension: Volume Frenzy", "description": "Malicious browser extension: Volume Frenzy (idgncaddojiejegdmkofblgplkgmeipk) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 1,626,760 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/idgncaddojiejegdmkofblgplkgmeipk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:idgncaddojiejegdmkofblgplkgmeipk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/idgncaddojiejegdmkofblgplkgmeipk", "external_id": "idgncaddojiejegdmkofblgplkgmeipk"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6bca3ddd-15a8-4626-9807-38da66a2eacb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.148016Z", "modified": "2026-06-02T15:57:33.148016Z", "name": "Malicious Extension: Image download center", "description": "Malicious browser extension: Image download center (deebfeldnfhemlnidojiiidadkgnglpi) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 1,493,741 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/deebfeldnfhemlnidojiiidadkgnglpi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:deebfeldnfhemlnidojiiidadkgnglpi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/deebfeldnfhemlnidojiiidadkgnglpi", "external_id": "deebfeldnfhemlnidojiiidadkgnglpi"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0f562194-efb0-42ff-9992-ba81500d4d2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.149112Z", "modified": "2026-06-02T15:57:33.149112Z", "name": "Malicious Extension: Font Customizer", "description": "Malicious browser extension: Font Customizer (gfbgiekofllpkpaoadjhbbfnljbcimoh) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 1,471,726 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gfbgiekofllpkpaoadjhbbfnljbcimoh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gfbgiekofllpkpaoadjhbbfnljbcimoh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gfbgiekofllpkpaoadjhbbfnljbcimoh", "external_id": "gfbgiekofllpkpaoadjhbbfnljbcimoh"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--62239dd1-3d78-44eb-a6b9-c3b399d587b7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.150188Z", "modified": "2026-06-02T15:57:33.150188Z", "name": "Malicious Extension: Easy Undo Closed Tabs", "description": "Malicious browser extension: Easy Undo Closed Tabs (pbebadpeajadcmaoofljnnfgofehnpeo) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 1,460,691 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pbebadpeajadcmaoofljnnfgofehnpeo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pbebadpeajadcmaoofljnnfgofehnpeo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pbebadpeajadcmaoofljnnfgofehnpeo", "external_id": "pbebadpeajadcmaoofljnnfgofehnpeo"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--21702f41-9ae9-48b2-9343-2ff5c6c546a4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.151266Z", "modified": "2026-06-02T15:57:33.151266Z", "name": "Malicious Extension: Screence screen recorder", "description": "Malicious browser extension: Screence screen recorder (flmihfcdcgigpfcfjpdcniidbfnffdcf) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 1,459,488 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flmihfcdcgigpfcfjpdcniidbfnffdcf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:flmihfcdcgigpfcfjpdcniidbfnffdcf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flmihfcdcgigpfcfjpdcniidbfnffdcf", "external_id": "flmihfcdcgigpfcfjpdcniidbfnffdcf"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eb4624f8-565c-41d1-b6ef-acc57369ffe6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.152338Z", "modified": "2026-06-02T15:57:33.152338Z", "name": "Malicious Extension: OneCleaner", "description": "Malicious browser extension: OneCleaner (pinnfpbpjancnbidnnhpemakncopaega) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 1,457,548 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pinnfpbpjancnbidnnhpemakncopaega']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pinnfpbpjancnbidnnhpemakncopaega", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pinnfpbpjancnbidnnhpemakncopaega", "external_id": "pinnfpbpjancnbidnnhpemakncopaega"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2c956414-b095-4d8f-8fc7-affda194918d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.153405Z", "modified": "2026-06-02T15:57:33.153405Z", "name": "Malicious Extension: Repeat button", "description": "Malicious browser extension: Repeat button (iicpikopjmmincpjkckdngpkmlcchold) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 1,456,013 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iicpikopjmmincpjkckdngpkmlcchold']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:iicpikopjmmincpjkckdngpkmlcchold", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iicpikopjmmincpjkckdngpkmlcchold", "external_id": "iicpikopjmmincpjkckdngpkmlcchold"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--26cea547-0039-4ae6-9f1a-af8c58c05f7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.154476Z", "modified": "2026-06-02T15:57:33.154476Z", "name": "Malicious Extension: Leap Video Downloader", "description": "Malicious browser extension: Leap Video Downloader (bjlcpoknpgaoaollojjdnbdojdclidkh) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 1,454,917 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bjlcpoknpgaoaollojjdnbdojdclidkh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bjlcpoknpgaoaollojjdnbdojdclidkh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bjlcpoknpgaoaollojjdnbdojdclidkh", "external_id": "bjlcpoknpgaoaollojjdnbdojdclidkh"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--03514afd-ecf2-40a5-ba91-8bc35d22429d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.155745Z", "modified": "2026-06-02T15:57:33.155745Z", "name": "Malicious Extension: Tap Image Downloader", "description": "Malicious browser extension: Tap Image Downloader (okclicinnbnfkgchommiamjnkjcibfid) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 1,451,822 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okclicinnbnfkgchommiamjnkjcibfid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:okclicinnbnfkgchommiamjnkjcibfid", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okclicinnbnfkgchommiamjnkjcibfid", "external_id": "okclicinnbnfkgchommiamjnkjcibfid"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8f33cc47-abf9-4dfb-9a8d-10305b0b5cb7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.156831Z", "modified": "2026-06-02T15:57:33.156831Z", "name": "Malicious Extension: Qspeed Video Speed Controller", "description": "Malicious browser extension: Qspeed Video Speed Controller (pcjmcnhpobkjnhajhhleejfmpeoahclc) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 732,250 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pcjmcnhpobkjnhajhhleejfmpeoahclc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pcjmcnhpobkjnhajhhleejfmpeoahclc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pcjmcnhpobkjnhajhhleejfmpeoahclc", "external_id": "pcjmcnhpobkjnhajhhleejfmpeoahclc"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4ce25360-793f-4745-b0e3-25f52b67c198", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.1579Z", "modified": "2026-06-02T15:57:33.1579Z", "name": "Malicious Extension: HyperVolume", "description": "Malicious browser extension: HyperVolume (hinhmojdkodmficpockledafoeodokmc) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 592,479 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hinhmojdkodmficpockledafoeodokmc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hinhmojdkodmficpockledafoeodokmc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hinhmojdkodmficpockledafoeodokmc", "external_id": "hinhmojdkodmficpockledafoeodokmc"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--158581bb-2523-4209-8796-35327319fba0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.158959Z", "modified": "2026-06-02T15:57:33.158959Z", "name": "Malicious Extension: Light picture-in-picture", "description": "Malicious browser extension: Light picture-in-picture (gcnceeflimggoamelclcbhcdggcmnglm) Palant serasearchtop.com campaign. Injected arbitrary JS into every visited website via hidden serasearchtop[.]com config download. Active since 2021, discovered May 2023. 172,931 weekly active users at discovery. 34 extensions total, 87M users combined. Most had Featured badge.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gcnceeflimggoamelclcbhcdggcmnglm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-16T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gcnceeflimggoamelclcbhcdggcmnglm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gcnceeflimggoamelclcbhcdggcmnglm", "external_id": "gcnceeflimggoamelclcbhcdggcmnglm"}, {"source_name": "Original Research", "url": "https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a1461920-12a8-4bea-b1e5-36edde7cf97a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.160363Z", "modified": "2026-06-02T15:57:33.160363Z", "name": "Malicious Extension: Netflix Party", "description": "Malicious browser extension: Netflix Party (mmnbenehknklpbendgmgngeaignppnbe) McAfee affiliate fraud campaign (langhort[.]com). Modified cookies on e-commerce sites to inject affiliate IDs without user knowledge. 15-day delay before activation to evade detection. 800,000 installs. FlipShope excluded \u2014 disputed and removed from McAfee report.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmnbenehknklpbendgmgngeaignppnbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mmnbenehknklpbendgmgngeaignppnbe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmnbenehknklpbendgmgngeaignppnbe", "external_id": "mmnbenehknklpbendgmgngeaignppnbe"}, {"source_name": "Original Research", "url": "https://www.mcafee.com/blogs/internet-security/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b8b80649-e635-4b73-a94e-77a10b508a34", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.161442Z", "modified": "2026-06-02T15:57:33.161442Z", "name": "Malicious Extension: Netflix Party 2", "description": "Malicious browser extension: Netflix Party 2 (flijfnhifgdcbhglkneplegafminjnhn) McAfee affiliate fraud campaign (langhort[.]com). Modified cookies on e-commerce sites to inject affiliate IDs without user knowledge. 15-day delay before activation to evade detection. 300,000 installs. FlipShope excluded \u2014 disputed and removed from McAfee report.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flijfnhifgdcbhglkneplegafminjnhn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:flijfnhifgdcbhglkneplegafminjnhn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flijfnhifgdcbhglkneplegafminjnhn", "external_id": "flijfnhifgdcbhglkneplegafminjnhn"}, {"source_name": "Original Research", "url": "https://www.mcafee.com/blogs/internet-security/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--be26cfd1-9532-4489-bd9b-679905d618de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.16251Z", "modified": "2026-06-02T15:57:33.16251Z", "name": "Malicious Extension: Full Page Screenshot Capture - Screenshotting", "description": "Malicious browser extension: Full Page Screenshot Capture - Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) McAfee affiliate fraud campaign (langhort[.]com). Modified cookies on e-commerce sites to inject affiliate IDs without user knowledge. 15-day delay before activation to evade detection. 200,000 installs. FlipShope excluded \u2014 disputed and removed from McAfee report.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pojgkmkfincpdkdgjepkmdekcahmckjp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pojgkmkfincpdkdgjepkmdekcahmckjp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pojgkmkfincpdkdgjepkmdekcahmckjp", "external_id": "pojgkmkfincpdkdgjepkmdekcahmckjp"}, {"source_name": "Original Research", "url": "https://www.mcafee.com/blogs/internet-security/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bc0e4fbe-5254-482f-8cca-9227180787f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.163771Z", "modified": "2026-06-02T15:57:33.163771Z", "name": "Malicious Extension: AutoBuy Flash Sales", "description": "Malicious browser extension: AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed) McAfee affiliate fraud campaign (langhort[.]com). Modified cookies on e-commerce sites to inject affiliate IDs without user knowledge. 15-day delay before activation to evade detection. 20,000 installs. FlipShope excluded \u2014 disputed and removed from McAfee report. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gbnahglfafmhaehbdmjedfhdmimjcbed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gbnahglfafmhaehbdmjedfhdmimjcbed", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gbnahglfafmhaehbdmjedfhdmimjcbed", "external_id": "gbnahglfafmhaehbdmjedfhdmimjcbed"}, {"source_name": "Original Research", "url": "https://www.mcafee.com/blogs/internet-security/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--83c4b7e4-cf83-4b59-bbd5-e1a0678f7436", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.165225Z", "modified": "2026-06-02T15:57:33.165225Z", "name": "Malicious Extension: styleflex (Dormant Colors campaign)", "description": "Malicious browser extension: styleflex (Dormant Colors campaign) (adpffjpbhgiofmjffgcnohaielbeekfk) Dormant Colors campaign (Guardio Labs). 30 color-themed extensions side-loaded malicious code post-install. Hijacked search results, injected affiliate links to 10,000+ sites. 1M+ installs combined. This is the lead extension (styleflex) confirmed in Guardio report. 29 other campaign IDs not publicly indexed \u2014 only icons/names published by Guardio.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/adpffjpbhgiofmjffgcnohaielbeekfk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-25T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:adpffjpbhgiofmjffgcnohaielbeekfk", "browser:both"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/adpffjpbhgiofmjffgcnohaielbeekfk", "external_id": "adpffjpbhgiofmjffgcnohaielbeekfk"}, {"source_name": "Original Research", "url": "https://guard.io/labs/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/chrome-extensions-with-1-million-installs-hijack-targets-browsers/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--430a2978-591d-4218-8505-566bc2fe198b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.166579Z", "modified": "2026-06-02T15:57:33.166579Z", "name": "Malicious Extension: SearchBlox", "description": "Malicious browser extension: SearchBlox (blddohgncmehcepnokognejaaahehncd) SearchBlox Roblox backdoor. Stole Roblox credentials and in-game assets via account API calls. Developer (UnstoppableLucent) intentionally backdoored own extension with malicious JS. 200,000 installs. Auto-removed by Google after disclosure.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/blddohgncmehcepnokognejaaahehncd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-11-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:blddohgncmehcepnokognejaaahehncd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/blddohgncmehcepnokognejaaahehncd", "external_id": "blddohgncmehcepnokognejaaahehncd"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/backdoored-chrome-extension-installed-by-200-000-roblox-players/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d5a0b712-e923-4fe9-b78b-776140d550a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.167641Z", "modified": "2026-06-02T15:57:33.167641Z", "name": "Malicious Extension: SearchBlox (secondary)", "description": "Malicious browser extension: SearchBlox (secondary) (ccjalhebkdogpobnbdhfpincfeohonni) SearchBlox Roblox backdoor. Stole Roblox credentials and in-game assets via account API calls. Developer (UnstoppableLucent) intentionally backdoored own extension with malicious JS. 959 installs. Auto-removed by Google after disclosure.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ccjalhebkdogpobnbdhfpincfeohonni']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-11-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ccjalhebkdogpobnbdhfpincfeohonni", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ccjalhebkdogpobnbdhfpincfeohonni", "external_id": "ccjalhebkdogpobnbdhfpincfeohonni"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/backdoored-chrome-extension-installed-by-200-000-roblox-players/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aa083ea6-cfce-4f0b-9a1e-b57019b7a352", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.16902Z", "modified": "2026-06-02T15:57:33.16902Z", "name": "Malicious Extension: DAZN: Live Sports Streaming (fake)", "description": "Malicious browser extension: DAZN: Live Sports Streaming (fake) (odcfdbjimjkipbopcfaohmffnbmnbfhb) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/odcfdbjimjkipbopcfaohmffnbmnbfhb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:odcfdbjimjkipbopcfaohmffnbmnbfhb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/odcfdbjimjkipbopcfaohmffnbmnbfhb", "external_id": "odcfdbjimjkipbopcfaohmffnbmnbfhb"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5bb4a51b-7cb6-402f-a8a7-ee7f6f4f0b7b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.17009Z", "modified": "2026-06-02T15:57:33.17009Z", "name": "Malicious Extension: Frameo (fake)", "description": "Malicious browser extension: Frameo (fake) (mknnabcboiamlhlpigbiejjipofhhhmo) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mknnabcboiamlhlpigbiejjipofhhhmo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mknnabcboiamlhlpigbiejjipofhhhmo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mknnabcboiamlhlpigbiejjipofhhhmo", "external_id": "mknnabcboiamlhlpigbiejjipofhhhmo"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1b8318a9-af9d-4f77-a70d-c6aa2ca81ca6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.171339Z", "modified": "2026-06-02T15:57:33.171339Z", "name": "Malicious Extension: HBO Max: Stream HBO TV (fake)", "description": "Malicious browser extension: HBO Max: Stream HBO TV (fake) (cpmpipfpcgkoiedkehiobjidambkldfi) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cpmpipfpcgkoiedkehiobjidambkldfi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cpmpipfpcgkoiedkehiobjidambkldfi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cpmpipfpcgkoiedkehiobjidambkldfi", "external_id": "cpmpipfpcgkoiedkehiobjidambkldfi"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--53aa139c-f2c1-4921-af38-1b7f9e112dd1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.172426Z", "modified": "2026-06-02T15:57:33.172426Z", "name": "Malicious Extension: IMVU (fake)", "description": "Malicious browser extension: IMVU (fake) (lgpaegdhfonaljikhochmeafcpomlphb) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lgpaegdhfonaljikhochmeafcpomlphb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lgpaegdhfonaljikhochmeafcpomlphb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lgpaegdhfonaljikhochmeafcpomlphb", "external_id": "lgpaegdhfonaljikhochmeafcpomlphb"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f1bd4345-20f2-446f-8d00-9c5d361be46a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.173487Z", "modified": "2026-06-02T15:57:33.173487Z", "name": "Malicious Extension: Screen Mirroring + for Roku (fake)", "description": "Malicious browser extension: Screen Mirroring + for Roku (fake) (chdheiofhhmjhfmdefgjnbiakmfhpekh) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/chdheiofhhmjhfmdefgjnbiakmfhpekh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:chdheiofhhmjhfmdefgjnbiakmfhpekh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/chdheiofhhmjhfmdefgjnbiakmfhpekh", "external_id": "chdheiofhhmjhfmdefgjnbiakmfhpekh"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c969d056-8cff-4c79-bed3-90fa5c19ba13", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.174571Z", "modified": "2026-06-02T15:57:33.174571Z", "name": "Malicious Extension: CapCut 2021 (fake)", "description": "Malicious browser extension: CapCut 2021 (fake) (hmmkhbiknngbgkecdjnhblikmjnkmfph) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmmkhbiknngbgkecdjnhblikmjnkmfph']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmmkhbiknngbgkecdjnhblikmjnkmfph", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmmkhbiknngbgkecdjnhblikmjnkmfph", "external_id": "hmmkhbiknngbgkecdjnhblikmjnkmfph"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--763cad50-4807-4786-8fa8-389da06a1e97", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.17565Z", "modified": "2026-06-02T15:57:33.17565Z", "name": "Malicious Extension: iArtBook Digital Painting (fake)", "description": "Malicious browser extension: iArtBook Digital Painting (fake) (pndkaoeigpfhjkjblpmneppaffijeoof) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pndkaoeigpfhjkjblpmneppaffijeoof']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pndkaoeigpfhjkjblpmneppaffijeoof", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pndkaoeigpfhjkjblpmneppaffijeoof", "external_id": "pndkaoeigpfhjkjblpmneppaffijeoof"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6164c9a8-c28b-48c2-8966-630a01f0a544", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.17672Z", "modified": "2026-06-02T15:57:33.17672Z", "name": "Malicious Extension: CapCut (fake)", "description": "Malicious browser extension: CapCut (fake) (jpjljiibjkcgfgajdjhbfkocaoajnpjd) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jpjljiibjkcgfgajdjhbfkocaoajnpjd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jpjljiibjkcgfgajdjhbfkocaoajnpjd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jpjljiibjkcgfgajdjhbfkocaoajnpjd", "external_id": "jpjljiibjkcgfgajdjhbfkocaoajnpjd"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cb4925ae-5369-4e9b-9823-d030fa53804b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.177778Z", "modified": "2026-06-02T15:57:33.177778Z", "name": "Malicious Extension: PhotoMath (fake)", "description": "Malicious browser extension: PhotoMath (fake) (ekjpgaienpbcajanmlakjlblacmmagli) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekjpgaienpbcajanmlakjlblacmmagli']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekjpgaienpbcajanmlakjlblacmmagli", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekjpgaienpbcajanmlakjlblacmmagli", "external_id": "ekjpgaienpbcajanmlakjlblacmmagli"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--59db5f8a-7e2d-446b-91a3-ffa9c47468f9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.179002Z", "modified": "2026-06-02T15:57:33.179002Z", "name": "Malicious Extension: Web Video Cast Browser to TV (fake)", "description": "Malicious browser extension: Web Video Cast Browser to TV (fake) (icliijcepcpkfcnhadpihncikapnlgck) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/icliijcepcpkfcnhadpihncikapnlgck']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:icliijcepcpkfcnhadpihncikapnlgck", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/icliijcepcpkfcnhadpihncikapnlgck", "external_id": "icliijcepcpkfcnhadpihncikapnlgck"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7ccdae40-173b-46a7-a25f-a602b5ad4a77", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.180091Z", "modified": "2026-06-02T15:57:33.180091Z", "name": "Malicious Extension: iArtbook Digital Painting (fake variant)", "description": "Malicious browser extension: iArtbook Digital Painting (fake variant) (jmlinloieidngpommoobnifkbaodgihm) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jmlinloieidngpommoobnifkbaodgihm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jmlinloieidngpommoobnifkbaodgihm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jmlinloieidngpommoobnifkbaodgihm", "external_id": "jmlinloieidngpommoobnifkbaodgihm"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e5aa7ea3-2f24-457a-a86b-7f0ce815e075", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.181172Z", "modified": "2026-06-02T15:57:33.181172Z", "name": "Malicious Extension: Dollify (fake)", "description": "Malicious browser extension: Dollify (fake) (docgaphalahenjbcblkiannmhfecligg) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/docgaphalahenjbcblkiannmhfecligg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:docgaphalahenjbcblkiannmhfecligg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/docgaphalahenjbcblkiannmhfecligg", "external_id": "docgaphalahenjbcblkiannmhfecligg"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--49e1c55e-3783-4a0d-95b2-941103ad81c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.182237Z", "modified": "2026-06-02T15:57:33.182237Z", "name": "Malicious Extension: Microsoft Teams (fake)", "description": "Malicious browser extension: Microsoft Teams (fake) (cfpojnimgikehbalpifbfnofalkmeikm) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cfpojnimgikehbalpifbfnofalkmeikm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cfpojnimgikehbalpifbfnofalkmeikm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cfpojnimgikehbalpifbfnofalkmeikm", "external_id": "cfpojnimgikehbalpifbfnofalkmeikm"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b8e55bea-17bf-4932-98c7-903bdc1e5723", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.183335Z", "modified": "2026-06-02T15:57:33.183335Z", "name": "Malicious Extension: Oculus (fake)", "description": "Malicious browser extension: Oculus (fake) (chplplfgapdmojeidldanhlpgicoljai) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/chplplfgapdmojeidldanhlpgicoljai']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:chplplfgapdmojeidldanhlpgicoljai", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/chplplfgapdmojeidldanhlpgicoljai", "external_id": "chplplfgapdmojeidldanhlpgicoljai"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9dc2feca-0605-40c6-8f4a-8403c6ac0a81", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.184429Z", "modified": "2026-06-02T15:57:33.184429Z", "name": "Malicious Extension: Adobe Lightroom Photo Editor (fake)", "description": "Malicious browser extension: Adobe Lightroom Photo Editor (fake) (ahdijafdcpkcefendeaobodkfjcmphac) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ahdijafdcpkcefendeaobodkfjcmphac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ahdijafdcpkcefendeaobodkfjcmphac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ahdijafdcpkcefendeaobodkfjcmphac", "external_id": "ahdijafdcpkcefendeaobodkfjcmphac"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--58ecb03e-ae8e-4c77-8ed2-db20f3b93489", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.185507Z", "modified": "2026-06-02T15:57:33.185507Z", "name": "Malicious Extension: CapCut professional video editor (fake)", "description": "Malicious browser extension: CapCut professional video editor (fake) (cafffncdbdopajhdpnfpohbneabfmjef) Krebs/Nguyen fake brand extension network. 45 extensions spoofing Adobe, Amazon, Facebook, HBO, Microsoft, Roku, Verizon. Prompted users for personal/financial data. Network of fake reviewers used to boost credibility. ~100k combined downloads. All removed by Google. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cafffncdbdopajhdpnfpohbneabfmjef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cafffncdbdopajhdpnfpohbneabfmjef", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cafffncdbdopajhdpnfpohbneabfmjef", "external_id": "cafffncdbdopajhdpnfpohbneabfmjef"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de7eaf37-0789-429c-87bf-3f5f3746e448", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.18704Z", "modified": "2026-06-02T15:57:33.18704Z", "name": "Malicious Extension: netSave", "description": "Malicious browser extension: netSave (ipjbhjmcbgmdjfiichbgbmpmgonokpkb) ReasonLabs cashback killer campaign. Fake VPN extensions force-installed via registry by trojan hidden in pirated game torrents (GTA, Assassins Creed, Sims 4). Disabled 100+ cashback/coupon extensions and hijacked affiliate activity. Targeted Russian-speaking users. 1000000+ installs.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ipjbhjmcbgmdjfiichbgbmpmgonokpkb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-12-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ipjbhjmcbgmdjfiichbgbmpmgonokpkb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ipjbhjmcbgmdjfiichbgbmpmgonokpkb", "external_id": "ipjbhjmcbgmdjfiichbgbmpmgonokpkb"}, {"source_name": "Original Research", "url": "https://reasonlabs.com/research/the-cashback-extension-killer"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/fake-vpn-chrome-extensions-force-installed-15-million-times/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a4adf3f7-822f-4cfe-8241-1c9b9ac4e23d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.188129Z", "modified": "2026-06-02T15:57:33.188129Z", "name": "Malicious Extension: netWin", "description": "Malicious browser extension: netWin (gandigjpilmchbomlpmfogigbjapofnc) ReasonLabs cashback killer campaign. Fake VPN extensions force-installed via registry by trojan hidden in pirated game torrents (GTA, Assassins Creed, Sims 4). Disabled 100+ cashback/coupon extensions and hijacked affiliate activity. Targeted Russian-speaking users. ~250k installs.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gandigjpilmchbomlpmfogigbjapofnc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-12-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gandigjpilmchbomlpmfogigbjapofnc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gandigjpilmchbomlpmfogigbjapofnc", "external_id": "gandigjpilmchbomlpmfogigbjapofnc"}, {"source_name": "Original Research", "url": "https://reasonlabs.com/research/the-cashback-extension-killer"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/fake-vpn-chrome-extensions-force-installed-15-million-times/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--142db0d8-7f7a-4071-a81b-e2049fde844c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.189195Z", "modified": "2026-06-02T15:57:33.189195Z", "name": "Malicious Extension: netPlus (earlier variant)", "description": "Malicious browser extension: netPlus (earlier variant) (chiiididmecdffakklhibjpjkbfiaeni) ReasonLabs cashback killer campaign. Fake VPN extensions force-installed via registry by trojan hidden in pirated game torrents (GTA, Assassins Creed, Sims 4). Disabled 100+ cashback/coupon extensions and hijacked affiliate activity. Targeted Russian-speaking users. removed May 2022 installs.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/chiiididmecdffakklhibjpjkbfiaeni']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-12-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:chiiididmecdffakklhibjpjkbfiaeni", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/chiiididmecdffakklhibjpjkbfiaeni", "external_id": "chiiididmecdffakklhibjpjkbfiaeni"}, {"source_name": "Original Research", "url": "https://reasonlabs.com/research/the-cashback-extension-killer"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/fake-vpn-chrome-extensions-force-installed-15-million-times/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0b288537-6c87-4228-b210-037d1a57bf40", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.19056Z", "modified": "2026-06-02T15:57:33.19056Z", "name": "Malicious Extension: Adblock Web (PCVARK)", "description": "Malicious browser extension: Adblock Web (PCVARK) (kacljcbejojnapnmiifgckbafkojcncf) PCVARK malicious ad blocker cluster. Company known for PUPs/scareware. Extensions collected browsing data without disclosure. 700k+ users each for active ones. BitSafe and Adblocker Unlimited removed Mar/Apr 2022; Adblock Web and Ad-Blocker still live at disclosure Jun 2023.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kacljcbejojnapnmiifgckbafkojcncf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-05T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kacljcbejojnapnmiifgckbafkojcncf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kacljcbejojnapnmiifgckbafkojcncf", "external_id": "kacljcbejojnapnmiifgckbafkojcncf"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/05/introducing-pcvark-and-their-malicious-ad-blockers/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dfbd31ca-bf9f-43ea-b51d-b65329a2b27a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.191642Z", "modified": "2026-06-02T15:57:33.191642Z", "name": "Malicious Extension: Ad-Blocker (PCVARK)", "description": "Malicious browser extension: Ad-Blocker (PCVARK) (jhkhlgaomejplkanglolfpcmfknnomle) PCVARK malicious ad blocker cluster. Company known for PUPs/scareware. Extensions collected browsing data without disclosure. 700k+ users each for active ones. BitSafe and Adblocker Unlimited removed Mar/Apr 2022; Adblock Web and Ad-Blocker still live at disclosure Jun 2023. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jhkhlgaomejplkanglolfpcmfknnomle']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-05T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jhkhlgaomejplkanglolfpcmfknnomle", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jhkhlgaomejplkanglolfpcmfknnomle", "external_id": "jhkhlgaomejplkanglolfpcmfknnomle"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/05/introducing-pcvark-and-their-malicious-ad-blockers/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f1382133-87ba-4aa6-adcf-3a2e64a04651", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.192718Z", "modified": "2026-06-02T15:57:33.192718Z", "name": "Malicious Extension: BitSafe Adblocker (PCVARK)", "description": "Malicious browser extension: BitSafe Adblocker (PCVARK) (nkmooloiipfcknccapehflmampkaniji) PCVARK malicious ad blocker cluster. Company known for PUPs/scareware. Extensions collected browsing data without disclosure. 700k+ users each for active ones. BitSafe and Adblocker Unlimited removed Mar/Apr 2022; Adblock Web and Ad-Blocker still live at disclosure Jun 2023.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nkmooloiipfcknccapehflmampkaniji']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-05T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nkmooloiipfcknccapehflmampkaniji", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nkmooloiipfcknccapehflmampkaniji", "external_id": "nkmooloiipfcknccapehflmampkaniji"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/05/introducing-pcvark-and-their-malicious-ad-blockers/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d30d3db9-cd32-402d-9366-9230551208bc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.193814Z", "modified": "2026-06-02T15:57:33.193814Z", "name": "Malicious Extension: Adblocker Unlimited (PCVARK)", "description": "Malicious browser extension: Adblocker Unlimited (PCVARK) (kgddnoifhgfdhcpbkkjdgokfnkkmdcen) PCVARK malicious ad blocker cluster. Company known for PUPs/scareware. Extensions collected browsing data without disclosure. 700k+ users each for active ones. BitSafe and Adblocker Unlimited removed Mar/Apr 2022; Adblock Web and Ad-Blocker still live at disclosure Jun 2023.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kgddnoifhgfdhcpbkkjdgokfnkkmdcen']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-05T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kgddnoifhgfdhcpbkkjdgokfnkkmdcen", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kgddnoifhgfdhcpbkkjdgokfnkkmdcen", "external_id": "kgddnoifhgfdhcpbkkjdgokfnkkmdcen"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/05/introducing-pcvark-and-their-malicious-ad-blockers/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3f02b850-5556-441d-b813-253caa5e06fe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.196642Z", "modified": "2026-06-02T15:57:33.196642Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (gbdjcgalliefpinpmggefbloehmmknca) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gbdjcgalliefpinpmggefbloehmmknca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gbdjcgalliefpinpmggefbloehmmknca", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gbdjcgalliefpinpmggefbloehmmknca", "external_id": "gbdjcgalliefpinpmggefbloehmmknca"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--07bfe55f-ceb2-4c71-9eb1-263f0fd0a5ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.197831Z", "modified": "2026-06-02T15:57:33.197831Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (eggeoellnjnnglaibpcmggjnjifeebpi) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eggeoellnjnnglaibpcmggjnjifeebpi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eggeoellnjnnglaibpcmggjnjifeebpi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eggeoellnjnnglaibpcmggjnjifeebpi", "external_id": "eggeoellnjnnglaibpcmggjnjifeebpi"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8e8d0fa8-a906-4d9f-9660-27164eac55df", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.198971Z", "modified": "2026-06-02T15:57:33.198971Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ionpbgeeliajehajombdeflogfpgmmel) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ionpbgeeliajehajombdeflogfpgmmel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ionpbgeeliajehajombdeflogfpgmmel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ionpbgeeliajehajombdeflogfpgmmel", "external_id": "ionpbgeeliajehajombdeflogfpgmmel"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9ab19e93-d810-4c07-8155-ad56da2a4bbf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.200111Z", "modified": "2026-06-02T15:57:33.200111Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (jaekigmcljkkalnicnjoafgfjoefkpeg) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jaekigmcljkkalnicnjoafgfjoefkpeg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jaekigmcljkkalnicnjoafgfjoefkpeg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jaekigmcljkkalnicnjoafgfjoefkpeg", "external_id": "jaekigmcljkkalnicnjoafgfjoefkpeg"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ecc910e1-101c-4c9e-84ac-71a1e3054bea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.201211Z", "modified": "2026-06-02T15:57:33.201211Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (aeilijiaejfdnbagnpannhdoaljpkbhe) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aeilijiaejfdnbagnpannhdoaljpkbhe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aeilijiaejfdnbagnpannhdoaljpkbhe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aeilijiaejfdnbagnpannhdoaljpkbhe", "external_id": "aeilijiaejfdnbagnpannhdoaljpkbhe"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--77eeab27-277e-4a27-92a0-09cec350f4a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.2023Z", "modified": "2026-06-02T15:57:33.2023Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (afdfpkhbdpioonfeknablodaejkklbdn) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/afdfpkhbdpioonfeknablodaejkklbdn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:afdfpkhbdpioonfeknablodaejkklbdn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/afdfpkhbdpioonfeknablodaejkklbdn", "external_id": "afdfpkhbdpioonfeknablodaejkklbdn"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a17dbfa7-1362-4b4c-a7d5-46ac688d05f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.203577Z", "modified": "2026-06-02T15:57:33.203577Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (anflghppebdhjipndogapfagemgnlblh) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/anflghppebdhjipndogapfagemgnlblh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:anflghppebdhjipndogapfagemgnlblh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/anflghppebdhjipndogapfagemgnlblh", "external_id": "anflghppebdhjipndogapfagemgnlblh"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3ccf5067-42e7-498f-8d40-f1f0fa0ba594", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.204684Z", "modified": "2026-06-02T15:57:33.204684Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (bebmphofpgkhclocdbgomhnjcpelbenh) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bebmphofpgkhclocdbgomhnjcpelbenh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bebmphofpgkhclocdbgomhnjcpelbenh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bebmphofpgkhclocdbgomhnjcpelbenh", "external_id": "bebmphofpgkhclocdbgomhnjcpelbenh"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fa7f6e08-3deb-4333-ad6a-bd5e272d0879", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.205769Z", "modified": "2026-06-02T15:57:33.205769Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (bmkgbgkneealfabgnjfeljaiegpginpl) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bmkgbgkneealfabgnjfeljaiegpginpl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bmkgbgkneealfabgnjfeljaiegpginpl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bmkgbgkneealfabgnjfeljaiegpginpl", "external_id": "bmkgbgkneealfabgnjfeljaiegpginpl"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d3d72f80-7c9a-4f54-9251-5359f5892307", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.206847Z", "modified": "2026-06-02T15:57:33.206847Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ccjlpblmgkncnnimcmbanbnhbggdpkie) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ccjlpblmgkncnnimcmbanbnhbggdpkie']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ccjlpblmgkncnnimcmbanbnhbggdpkie", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ccjlpblmgkncnnimcmbanbnhbggdpkie", "external_id": "ccjlpblmgkncnnimcmbanbnhbggdpkie"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--64c0de04-23fe-4ced-998d-82e3a19f7ea7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.207956Z", "modified": "2026-06-02T15:57:33.207956Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (cclhgechkjghfaoebihpklmllnnlnbdb) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cclhgechkjghfaoebihpklmllnnlnbdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cclhgechkjghfaoebihpklmllnnlnbdb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cclhgechkjghfaoebihpklmllnnlnbdb", "external_id": "cclhgechkjghfaoebihpklmllnnlnbdb"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ba6c51cd-09f4-4073-86c8-455b7e198dcf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.209038Z", "modified": "2026-06-02T15:57:33.209038Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (cfegchignldpfnjpodhcklmgleaoanhi) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cfegchignldpfnjpodhcklmgleaoanhi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cfegchignldpfnjpodhcklmgleaoanhi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cfegchignldpfnjpodhcklmgleaoanhi", "external_id": "cfegchignldpfnjpodhcklmgleaoanhi"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cc1e365e-d51c-4c41-ba09-1798e680af60", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.210115Z", "modified": "2026-06-02T15:57:33.210115Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (cfllfglbkmnbkcibbjoghimalbileaic) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cfllfglbkmnbkcibbjoghimalbileaic']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cfllfglbkmnbkcibbjoghimalbileaic", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cfllfglbkmnbkcibbjoghimalbileaic", "external_id": "cfllfglbkmnbkcibbjoghimalbileaic"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f2bcbeec-6970-4209-ba3b-f52df02cc0c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.211369Z", "modified": "2026-06-02T15:57:33.211369Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (cjljdgfhkjbdbkcdkfojleidpldagmao) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cjljdgfhkjbdbkcdkfojleidpldagmao']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cjljdgfhkjbdbkcdkfojleidpldagmao", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cjljdgfhkjbdbkcdkfojleidpldagmao", "external_id": "cjljdgfhkjbdbkcdkfojleidpldagmao"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aec18a9b-ff6d-45c2-ace5-90cb4fe83c9c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.212453Z", "modified": "2026-06-02T15:57:33.212453Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (coabfkgengacobjpmdlmmihhhfnhbjdm) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/coabfkgengacobjpmdlmmihhhfnhbjdm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:coabfkgengacobjpmdlmmihhhfnhbjdm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/coabfkgengacobjpmdlmmihhhfnhbjdm", "external_id": "coabfkgengacobjpmdlmmihhhfnhbjdm"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bc860fc8-3a4e-4004-954f-5d26a9c9a7b9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.213524Z", "modified": "2026-06-02T15:57:33.213524Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (dcaffjpclkkjfacgfofgpjbmgjnjlpmh) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dcaffjpclkkjfacgfofgpjbmgjnjlpmh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dcaffjpclkkjfacgfofgpjbmgjnjlpmh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dcaffjpclkkjfacgfofgpjbmgjnjlpmh", "external_id": "dcaffjpclkkjfacgfofgpjbmgjnjlpmh"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d297e239-90ec-41a8-9a06-d436ce5effee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.214605Z", "modified": "2026-06-02T15:57:33.214605Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (djekgpcemgcnfkjldcclcpcjhemofcib) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/djekgpcemgcnfkjldcclcpcjhemofcib']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:djekgpcemgcnfkjldcclcpcjhemofcib", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/djekgpcemgcnfkjldcclcpcjhemofcib", "external_id": "djekgpcemgcnfkjldcclcpcjhemofcib"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--20cf2285-3421-4274-a2df-d72c6f21132f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.215699Z", "modified": "2026-06-02T15:57:33.215699Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (dkbccihpiccbcheieabdbjikohfdfaje) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkbccihpiccbcheieabdbjikohfdfaje']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkbccihpiccbcheieabdbjikohfdfaje", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkbccihpiccbcheieabdbjikohfdfaje", "external_id": "dkbccihpiccbcheieabdbjikohfdfaje"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--959abcbd-690d-42ec-876c-bf2154f1c2ba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.216778Z", "modified": "2026-06-02T15:57:33.216778Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (dlpimjmonhbmamocpboifndnnakgknbf) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dlpimjmonhbmamocpboifndnnakgknbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dlpimjmonhbmamocpboifndnnakgknbf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dlpimjmonhbmamocpboifndnnakgknbf", "external_id": "dlpimjmonhbmamocpboifndnnakgknbf"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2a4212c6-bdeb-4c85-bb95-425422dfd62c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.217848Z", "modified": "2026-06-02T15:57:33.217848Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (dmbjkidogjmmlejdmnecpmfapdmidfjg) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dmbjkidogjmmlejdmnecpmfapdmidfjg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dmbjkidogjmmlejdmnecpmfapdmidfjg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dmbjkidogjmmlejdmnecpmfapdmidfjg", "external_id": "dmbjkidogjmmlejdmnecpmfapdmidfjg"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4d3a78d7-f6b6-4c33-9e6b-4d8c1fa47120", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.219096Z", "modified": "2026-06-02T15:57:33.219096Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (dneifdhdmnmmlobjbimlkcnhkbidmlek) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dneifdhdmnmmlobjbimlkcnhkbidmlek']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dneifdhdmnmmlobjbimlkcnhkbidmlek", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dneifdhdmnmmlobjbimlkcnhkbidmlek", "external_id": "dneifdhdmnmmlobjbimlkcnhkbidmlek"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b2cf1308-e100-41c0-833a-195487547475", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.220192Z", "modified": "2026-06-02T15:57:33.220192Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (doiiaejbgndnnnomcdhefcbfnbbjfbib) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/doiiaejbgndnnnomcdhefcbfnbbjfbib']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:doiiaejbgndnnnomcdhefcbfnbbjfbib", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/doiiaejbgndnnnomcdhefcbfnbbjfbib", "external_id": "doiiaejbgndnnnomcdhefcbfnbbjfbib"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1bba3f78-7aa9-42e2-a051-47d7ab6eda89", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.221272Z", "modified": "2026-06-02T15:57:33.221272Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (dpfofggmkhdbfcciajfdphofclabnogo) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dpfofggmkhdbfcciajfdphofclabnogo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dpfofggmkhdbfcciajfdphofclabnogo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dpfofggmkhdbfcciajfdphofclabnogo", "external_id": "dpfofggmkhdbfcciajfdphofclabnogo"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d62757c7-e6ef-464d-b9ba-8929630d03ab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.222349Z", "modified": "2026-06-02T15:57:33.222349Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (eabhkjojehdleajkbigffmpnaelncapp) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eabhkjojehdleajkbigffmpnaelncapp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eabhkjojehdleajkbigffmpnaelncapp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eabhkjojehdleajkbigffmpnaelncapp", "external_id": "eabhkjojehdleajkbigffmpnaelncapp"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--826f441d-c04d-4ba4-8db5-190d7f425af4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.223426Z", "modified": "2026-06-02T15:57:33.223426Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ealojglnbikknifbgleaceopepceakfn) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ealojglnbikknifbgleaceopepceakfn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ealojglnbikknifbgleaceopepceakfn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ealojglnbikknifbgleaceopepceakfn", "external_id": "ealojglnbikknifbgleaceopepceakfn"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d673ae74-5eb6-4ba1-9a4f-cc329f936559", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.224507Z", "modified": "2026-06-02T15:57:33.224507Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ebdbcfomjliacpblnioignhfhjeajpch) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ebdbcfomjliacpblnioignhfhjeajpch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ebdbcfomjliacpblnioignhfhjeajpch", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ebdbcfomjliacpblnioignhfhjeajpch", "external_id": "ebdbcfomjliacpblnioignhfhjeajpch"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--593227a8-fb67-4a08-9aa2-e62abc93db1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.225595Z", "modified": "2026-06-02T15:57:33.225595Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (edlifbnjlicfpckhgjhflgkeeibhhcii) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edlifbnjlicfpckhgjhflgkeeibhhcii']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:edlifbnjlicfpckhgjhflgkeeibhhcii", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edlifbnjlicfpckhgjhflgkeeibhhcii", "external_id": "edlifbnjlicfpckhgjhflgkeeibhhcii"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5c7362cb-d9f8-48e6-8703-7be3a6437d9e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.226869Z", "modified": "2026-06-02T15:57:33.226869Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ehmneimbopigfgchjglgngamiccjkijh) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ehmneimbopigfgchjglgngamiccjkijh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ehmneimbopigfgchjglgngamiccjkijh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ehmneimbopigfgchjglgngamiccjkijh", "external_id": "ehmneimbopigfgchjglgngamiccjkijh"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5cb5f05f-1bed-4634-9c42-529074697602", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.227986Z", "modified": "2026-06-02T15:57:33.227986Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ehpgcagmhpndkmglombjndkdmggkgnge) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ehpgcagmhpndkmglombjndkdmggkgnge']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ehpgcagmhpndkmglombjndkdmggkgnge", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ehpgcagmhpndkmglombjndkdmggkgnge", "external_id": "ehpgcagmhpndkmglombjndkdmggkgnge"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c1fdd69f-57fe-479c-9853-c2df1e18d178", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.229066Z", "modified": "2026-06-02T15:57:33.229066Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ejllkedmklophclpgonojjkaliafeilj) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ejllkedmklophclpgonojjkaliafeilj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ejllkedmklophclpgonojjkaliafeilj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ejllkedmklophclpgonojjkaliafeilj", "external_id": "ejllkedmklophclpgonojjkaliafeilj"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--46204182-eb0f-4a5b-ad64-7d2018390dba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.230137Z", "modified": "2026-06-02T15:57:33.230137Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ekjogkoigkhbgdgpolejnjfmhdcgaoof) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekjogkoigkhbgdgpolejnjfmhdcgaoof']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekjogkoigkhbgdgpolejnjfmhdcgaoof", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekjogkoigkhbgdgpolejnjfmhdcgaoof", "external_id": "ekjogkoigkhbgdgpolejnjfmhdcgaoof"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6155919b-f30d-4b1f-ac68-33be8d291b6a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.231216Z", "modified": "2026-06-02T15:57:33.231216Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (elpdbicokgbedckgblmbhoamophfbchi) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/elpdbicokgbedckgblmbhoamophfbchi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:elpdbicokgbedckgblmbhoamophfbchi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/elpdbicokgbedckgblmbhoamophfbchi", "external_id": "elpdbicokgbedckgblmbhoamophfbchi"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5dd8301a-6ebd-42ba-8d02-8634496141db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.23229Z", "modified": "2026-06-02T15:57:33.23229Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (emeokgokialpjadjaoeiplmnkjoaegng) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/emeokgokialpjadjaoeiplmnkjoaegng']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:emeokgokialpjadjaoeiplmnkjoaegng", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/emeokgokialpjadjaoeiplmnkjoaegng", "external_id": "emeokgokialpjadjaoeiplmnkjoaegng"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--204d5116-edf2-4f5d-841f-8098d6a40eec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.233366Z", "modified": "2026-06-02T15:57:33.233366Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (epeigjgefhajkiiallmfblgglmdbhfab) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/epeigjgefhajkiiallmfblgglmdbhfab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:epeigjgefhajkiiallmfblgglmdbhfab", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/epeigjgefhajkiiallmfblgglmdbhfab", "external_id": "epeigjgefhajkiiallmfblgglmdbhfab"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fbfad77d-1656-4c66-802b-de2672c81c58", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.234613Z", "modified": "2026-06-02T15:57:33.234613Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (eplfglplnlljjpeiccbgnijecmkeimed) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eplfglplnlljjpeiccbgnijecmkeimed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eplfglplnlljjpeiccbgnijecmkeimed", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eplfglplnlljjpeiccbgnijecmkeimed", "external_id": "eplfglplnlljjpeiccbgnijecmkeimed"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--389fa7db-c88e-4a66-876c-2acad3edde7a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.235715Z", "modified": "2026-06-02T15:57:33.235715Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (fbbjijdngocdplimineplmdllhjkaece) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbbjijdngocdplimineplmdllhjkaece']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fbbjijdngocdplimineplmdllhjkaece", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbbjijdngocdplimineplmdllhjkaece", "external_id": "fbbjijdngocdplimineplmdllhjkaece"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1107c84b-ad05-4037-8a5b-d214206db789", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.236791Z", "modified": "2026-06-02T15:57:33.236791Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (fbjhgeaafhlbjiejehpjdnghinlcceak) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbjhgeaafhlbjiejehpjdnghinlcceak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fbjhgeaafhlbjiejehpjdnghinlcceak", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbjhgeaafhlbjiejehpjdnghinlcceak", "external_id": "fbjhgeaafhlbjiejehpjdnghinlcceak"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c4f52709-1a8f-4f11-8f49-3d87df53e517", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.237863Z", "modified": "2026-06-02T15:57:33.237863Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (fedchalbmgfhdobblebblldiblbmpgdj) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fedchalbmgfhdobblebblldiblbmpgdj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fedchalbmgfhdobblebblldiblbmpgdj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fedchalbmgfhdobblebblldiblbmpgdj", "external_id": "fedchalbmgfhdobblebblldiblbmpgdj"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b8a35385-2d20-40d3-b7a7-3b1048e9fe89", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.238929Z", "modified": "2026-06-02T15:57:33.238929Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (fobaamfiblkoobhjpiigemmdegbmpohd) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fobaamfiblkoobhjpiigemmdegbmpohd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fobaamfiblkoobhjpiigemmdegbmpohd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fobaamfiblkoobhjpiigemmdegbmpohd", "external_id": "fobaamfiblkoobhjpiigemmdegbmpohd"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d1fb77f4-fbc2-4f99-bdb9-6bcea82a834b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.240016Z", "modified": "2026-06-02T15:57:33.240016Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (gceehiicnbpehbbdaloolaanlnddailm) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gceehiicnbpehbbdaloolaanlnddailm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gceehiicnbpehbbdaloolaanlnddailm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gceehiicnbpehbbdaloolaanlnddailm", "external_id": "gceehiicnbpehbbdaloolaanlnddailm"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c76eec43-2d6d-43b1-a975-b9ac1de28068", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.241083Z", "modified": "2026-06-02T15:57:33.241083Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ggacghlcchiiejclfdajbpkbjfgjhfol) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ggacghlcchiiejclfdajbpkbjfgjhfol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ggacghlcchiiejclfdajbpkbjfgjhfol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ggacghlcchiiejclfdajbpkbjfgjhfol", "external_id": "ggacghlcchiiejclfdajbpkbjfgjhfol"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c696aa1a-3f17-4535-9b64-a8f78e06aee3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.242312Z", "modified": "2026-06-02T15:57:33.242312Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (gjjbmfigjpgnehjioicaalopaikcnheo) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gjjbmfigjpgnehjioicaalopaikcnheo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gjjbmfigjpgnehjioicaalopaikcnheo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gjjbmfigjpgnehjioicaalopaikcnheo", "external_id": "gjjbmfigjpgnehjioicaalopaikcnheo"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--08a4346c-fd31-4aa5-95e5-9a70fb86b4f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.243393Z", "modified": "2026-06-02T15:57:33.243393Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (gpdfpljioapjogbnlpmganakfjcemifk) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gpdfpljioapjogbnlpmganakfjcemifk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gpdfpljioapjogbnlpmganakfjcemifk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gpdfpljioapjogbnlpmganakfjcemifk", "external_id": "gpdfpljioapjogbnlpmganakfjcemifk"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ca7aadc2-b544-4925-bb67-d8e7e4ddb4f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.244462Z", "modified": "2026-06-02T15:57:33.244462Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (hjlekdknhjogancdagnndeenmobeofgm) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hjlekdknhjogancdagnndeenmobeofgm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hjlekdknhjogancdagnndeenmobeofgm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hjlekdknhjogancdagnndeenmobeofgm", "external_id": "hjlekdknhjogancdagnndeenmobeofgm"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--efe7ba1d-63d7-47e4-bc78-9c3ae7d025ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.245526Z", "modified": "2026-06-02T15:57:33.245526Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (hlbdhflagoegglpdminhlpenkdgloabe) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hlbdhflagoegglpdminhlpenkdgloabe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hlbdhflagoegglpdminhlpenkdgloabe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hlbdhflagoegglpdminhlpenkdgloabe", "external_id": "hlbdhflagoegglpdminhlpenkdgloabe"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5e69d3e2-23df-45b5-a818-87b0eef37ddf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.246612Z", "modified": "2026-06-02T15:57:33.246612Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (hnfabcchmopgohnhkcojhocneefbnffg) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hnfabcchmopgohnhkcojhocneefbnffg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hnfabcchmopgohnhkcojhocneefbnffg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hnfabcchmopgohnhkcojhocneefbnffg", "external_id": "hnfabcchmopgohnhkcojhocneefbnffg"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--da702c53-602f-4667-b7ab-36af03429b91", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.247697Z", "modified": "2026-06-02T15:57:33.247697Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (iabflonngmpkalkpbjonemaamlgdghea) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iabflonngmpkalkpbjonemaamlgdghea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iabflonngmpkalkpbjonemaamlgdghea", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iabflonngmpkalkpbjonemaamlgdghea", "external_id": "iabflonngmpkalkpbjonemaamlgdghea"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--47116902-1366-4540-b519-61df37895683", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.248799Z", "modified": "2026-06-02T15:57:33.248799Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ibppednjgooiepmkgdcoppnmbhmieefh) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ibppednjgooiepmkgdcoppnmbhmieefh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ibppednjgooiepmkgdcoppnmbhmieefh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ibppednjgooiepmkgdcoppnmbhmieefh", "external_id": "ibppednjgooiepmkgdcoppnmbhmieefh"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b0f6d330-6a6b-41b2-bdef-aa31a12bdcda", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.250041Z", "modified": "2026-06-02T15:57:33.250041Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (icchadngbpkcegnabnabhkjkfkfflmpj) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/icchadngbpkcegnabnabhkjkfkfflmpj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:icchadngbpkcegnabnabhkjkfkfflmpj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/icchadngbpkcegnabnabhkjkfkfflmpj", "external_id": "icchadngbpkcegnabnabhkjkfkfflmpj"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fda040ad-6f15-43e1-b22e-0aa194c1ff75", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.251127Z", "modified": "2026-06-02T15:57:33.251127Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ielooaepfhfcnmihgnabkldnpddnnldl) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ielooaepfhfcnmihgnabkldnpddnnldl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ielooaepfhfcnmihgnabkldnpddnnldl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ielooaepfhfcnmihgnabkldnpddnnldl", "external_id": "ielooaepfhfcnmihgnabkldnpddnnldl"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d84bb83e-44d3-4d07-adbc-1b0206ecf470", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.252217Z", "modified": "2026-06-02T15:57:33.252217Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ifdepgnnjpnbkcgempionjablajancjc) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ifdepgnnjpnbkcgempionjablajancjc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ifdepgnnjpnbkcgempionjablajancjc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ifdepgnnjpnbkcgempionjablajancjc", "external_id": "ifdepgnnjpnbkcgempionjablajancjc"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--146ede5f-d955-4e2c-ae86-77741fadedb1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.25329Z", "modified": "2026-06-02T15:57:33.25329Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ijejnggjjphlenbhmjhhgcdpehhacaal) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ijejnggjjphlenbhmjhhgcdpehhacaal']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ijejnggjjphlenbhmjhhgcdpehhacaal", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ijejnggjjphlenbhmjhhgcdpehhacaal", "external_id": "ijejnggjjphlenbhmjhhgcdpehhacaal"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1e5b7829-d888-42f2-8e1d-115ff0004d60", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.254357Z", "modified": "2026-06-02T15:57:33.254357Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (iklgljbighkgbjoecoddejooldolenbj) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iklgljbighkgbjoecoddejooldolenbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iklgljbighkgbjoecoddejooldolenbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iklgljbighkgbjoecoddejooldolenbj", "external_id": "iklgljbighkgbjoecoddejooldolenbj"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6a9a561b-dcf9-4ff4-93bf-909aeca09204", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.25543Z", "modified": "2026-06-02T15:57:33.25543Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (imopknpgdihifjkjpmjaagcagkefddnb) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/imopknpgdihifjkjpmjaagcagkefddnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:imopknpgdihifjkjpmjaagcagkefddnb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/imopknpgdihifjkjpmjaagcagkefddnb", "external_id": "imopknpgdihifjkjpmjaagcagkefddnb"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dc23bcd5-f977-4ec7-9945-9eb10188fe0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.256505Z", "modified": "2026-06-02T15:57:33.256505Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (jchmabokofdoabocpiicjljelmackhho) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jchmabokofdoabocpiicjljelmackhho']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jchmabokofdoabocpiicjljelmackhho", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jchmabokofdoabocpiicjljelmackhho", "external_id": "jchmabokofdoabocpiicjljelmackhho"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ffa15484-0d27-46ce-aeec-4db3a050c578", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.257769Z", "modified": "2026-06-02T15:57:33.257769Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (jdlkkmamiaikhfampledjnhhkbeifokk) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jdlkkmamiaikhfampledjnhhkbeifokk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jdlkkmamiaikhfampledjnhhkbeifokk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jdlkkmamiaikhfampledjnhhkbeifokk", "external_id": "jdlkkmamiaikhfampledjnhhkbeifokk"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f3491631-bafb-481a-baab-d7bc368ea1b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.25888Z", "modified": "2026-06-02T15:57:33.25888Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (jglemppahimembneahjbkhjknnefeeio) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jglemppahimembneahjbkhjknnefeeio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jglemppahimembneahjbkhjknnefeeio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jglemppahimembneahjbkhjknnefeeio", "external_id": "jglemppahimembneahjbkhjknnefeeio"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5cd50b77-7f0e-4a9a-b8ae-ac4b03d88568", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.259976Z", "modified": "2026-06-02T15:57:33.259976Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (jiaopkfkampgnnkckajcbdgannoipcne) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jiaopkfkampgnnkckajcbdgannoipcne']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jiaopkfkampgnnkckajcbdgannoipcne", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jiaopkfkampgnnkckajcbdgannoipcne", "external_id": "jiaopkfkampgnnkckajcbdgannoipcne"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eecb382b-7451-4200-9378-90d08ca56b6c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.261047Z", "modified": "2026-06-02T15:57:33.261047Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (jjgnkfncaadmaobenjjpmngdpgalemho) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jjgnkfncaadmaobenjjpmngdpgalemho']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jjgnkfncaadmaobenjjpmngdpgalemho", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jjgnkfncaadmaobenjjpmngdpgalemho", "external_id": "jjgnkfncaadmaobenjjpmngdpgalemho"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9507b556-4faa-421f-b3a0-31b7953ec956", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.262124Z", "modified": "2026-06-02T15:57:33.262124Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (jlbpahgopcmomkgegpbmopfodolajhbl) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jlbpahgopcmomkgegpbmopfodolajhbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jlbpahgopcmomkgegpbmopfodolajhbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jlbpahgopcmomkgegpbmopfodolajhbl", "external_id": "jlbpahgopcmomkgegpbmopfodolajhbl"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1500af58-784a-45f5-a1ea-16c79fd0e9c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.263198Z", "modified": "2026-06-02T15:57:33.263198Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (jpefmbpcbebpjpmelobfakahfdcgcmkl) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jpefmbpcbebpjpmelobfakahfdcgcmkl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jpefmbpcbebpjpmelobfakahfdcgcmkl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jpefmbpcbebpjpmelobfakahfdcgcmkl", "external_id": "jpefmbpcbebpjpmelobfakahfdcgcmkl"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8d44817e-67af-462d-9b2f-92859dc5f5ea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.264275Z", "modified": "2026-06-02T15:57:33.264275Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (khdnaopfklkdcloiinccnaflffmfcioa) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/khdnaopfklkdcloiinccnaflffmfcioa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:khdnaopfklkdcloiinccnaflffmfcioa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/khdnaopfklkdcloiinccnaflffmfcioa", "external_id": "khdnaopfklkdcloiinccnaflffmfcioa"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--294a90a3-0f1f-47ee-8a64-9019d57b26b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.26551Z", "modified": "2026-06-02T15:57:33.26551Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (kjgkmceledmpdnmgmppiekdbnamccdjp) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjgkmceledmpdnmgmppiekdbnamccdjp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjgkmceledmpdnmgmppiekdbnamccdjp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjgkmceledmpdnmgmppiekdbnamccdjp", "external_id": "kjgkmceledmpdnmgmppiekdbnamccdjp"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--153e469b-c310-4334-adbb-7f78f39a4e00", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.266578Z", "modified": "2026-06-02T15:57:33.266578Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (laameccjpleogmfhilmffpdbiibgbekf) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/laameccjpleogmfhilmffpdbiibgbekf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:laameccjpleogmfhilmffpdbiibgbekf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/laameccjpleogmfhilmffpdbiibgbekf", "external_id": "laameccjpleogmfhilmffpdbiibgbekf"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5f41b96d-d2e9-4e7a-a7da-be952ebf9f57", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.267655Z", "modified": "2026-06-02T15:57:33.267655Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (lagdcjmbchphhndlbpfajelapcodekll) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lagdcjmbchphhndlbpfajelapcodekll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lagdcjmbchphhndlbpfajelapcodekll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lagdcjmbchphhndlbpfajelapcodekll", "external_id": "lagdcjmbchphhndlbpfajelapcodekll"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8cf21c9c-f8bc-4ebe-9469-621ec51417cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.268729Z", "modified": "2026-06-02T15:57:33.268729Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (lbohagbplppjcpllnhdichjldhfgkicb) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lbohagbplppjcpllnhdichjldhfgkicb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lbohagbplppjcpllnhdichjldhfgkicb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lbohagbplppjcpllnhdichjldhfgkicb", "external_id": "lbohagbplppjcpllnhdichjldhfgkicb"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9dbb2858-854d-489a-8b61-937b92b4d5db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.269801Z", "modified": "2026-06-02T15:57:33.269801Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ledkggjjapdgojgihnaploncccgiadhg) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ledkggjjapdgojgihnaploncccgiadhg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ledkggjjapdgojgihnaploncccgiadhg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ledkggjjapdgojgihnaploncccgiadhg", "external_id": "ledkggjjapdgojgihnaploncccgiadhg"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aea46f38-7e74-4acc-909e-e1f9c674a5af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.270874Z", "modified": "2026-06-02T15:57:33.270874Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (lgecddhfcfhlmllljooldkbbijdcnlpe) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lgecddhfcfhlmllljooldkbbijdcnlpe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lgecddhfcfhlmllljooldkbbijdcnlpe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lgecddhfcfhlmllljooldkbbijdcnlpe", "external_id": "lgecddhfcfhlmllljooldkbbijdcnlpe"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6005211e-0997-4de0-a648-136e607bacc0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.271955Z", "modified": "2026-06-02T15:57:33.271955Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (lkciiknpgglgbbcgcpbpobjabglmpkle) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lkciiknpgglgbbcgcpbpobjabglmpkle']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lkciiknpgglgbbcgcpbpobjabglmpkle", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lkciiknpgglgbbcgcpbpobjabglmpkle", "external_id": "lkciiknpgglgbbcgcpbpobjabglmpkle"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--11e54716-bdec-4b9a-9b07-4753670731c3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.273198Z", "modified": "2026-06-02T15:57:33.273198Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (lkhhagecaghfakddbncibijbjmgfhfdm) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lkhhagecaghfakddbncibijbjmgfhfdm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lkhhagecaghfakddbncibijbjmgfhfdm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lkhhagecaghfakddbncibijbjmgfhfdm", "external_id": "lkhhagecaghfakddbncibijbjmgfhfdm"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8b87aff9-46f8-434b-8f0d-39869e80aeb7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.274265Z", "modified": "2026-06-02T15:57:33.274265Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (lknpbgnookklokdjomiildnlalffjmma) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lknpbgnookklokdjomiildnlalffjmma']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lknpbgnookklokdjomiildnlalffjmma", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lknpbgnookklokdjomiildnlalffjmma", "external_id": "lknpbgnookklokdjomiildnlalffjmma"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d16b75ff-89f0-4721-8412-becd8ea4c6a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.275358Z", "modified": "2026-06-02T15:57:33.275358Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (lojpdfjjionbhgplcangflkalmiadhfi) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lojpdfjjionbhgplcangflkalmiadhfi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lojpdfjjionbhgplcangflkalmiadhfi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lojpdfjjionbhgplcangflkalmiadhfi", "external_id": "lojpdfjjionbhgplcangflkalmiadhfi"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ff3a78cb-33eb-416b-954b-cf495ec6f9d4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.276438Z", "modified": "2026-06-02T15:57:33.276438Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (mdkiofbiinbmlblcfhfjgmclhdfikkpm) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mdkiofbiinbmlblcfhfjgmclhdfikkpm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mdkiofbiinbmlblcfhfjgmclhdfikkpm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mdkiofbiinbmlblcfhfjgmclhdfikkpm", "external_id": "mdkiofbiinbmlblcfhfjgmclhdfikkpm"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b2b7de67-2525-4567-a819-58448765b91e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.277508Z", "modified": "2026-06-02T15:57:33.277508Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (meffljleomgifbbcffejnmhjagncfpbd) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/meffljleomgifbbcffejnmhjagncfpbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:meffljleomgifbbcffejnmhjagncfpbd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/meffljleomgifbbcffejnmhjagncfpbd", "external_id": "meffljleomgifbbcffejnmhjagncfpbd"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f76fa54f-629d-4d17-8d2e-c514ad1be722", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.278572Z", "modified": "2026-06-02T15:57:33.278572Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (mejjgaogggabifjfjdbnobinfibaamla) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mejjgaogggabifjfjdbnobinfibaamla']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mejjgaogggabifjfjdbnobinfibaamla", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mejjgaogggabifjfjdbnobinfibaamla", "external_id": "mejjgaogggabifjfjdbnobinfibaamla"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d48c3fb2-d400-4353-bfc8-46baaa2ed859", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.279655Z", "modified": "2026-06-02T15:57:33.279655Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (mhpcabliilgadobjpkameggapnpeppdg) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mhpcabliilgadobjpkameggapnpeppdg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mhpcabliilgadobjpkameggapnpeppdg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mhpcabliilgadobjpkameggapnpeppdg", "external_id": "mhpcabliilgadobjpkameggapnpeppdg"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3ffec4c4-99eb-4f48-b15a-12e19a6174a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.280892Z", "modified": "2026-06-02T15:57:33.280892Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (mkjjckchdfhjbpckippbnipkdnlidbeb) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mkjjckchdfhjbpckippbnipkdnlidbeb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mkjjckchdfhjbpckippbnipkdnlidbeb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mkjjckchdfhjbpckippbnipkdnlidbeb", "external_id": "mkjjckchdfhjbpckippbnipkdnlidbeb"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5efd44df-a035-4cda-8b90-3c8e5556dbed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.281985Z", "modified": "2026-06-02T15:57:33.281985Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (mldaiedoebimcgkokmknonjefkionldi) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mldaiedoebimcgkokmknonjefkionldi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mldaiedoebimcgkokmknonjefkionldi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mldaiedoebimcgkokmknonjefkionldi", "external_id": "mldaiedoebimcgkokmknonjefkionldi"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8327f4b1-701f-4f73-8952-b593e88aac46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.283061Z", "modified": "2026-06-02T15:57:33.283061Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (mlkjjjmhjijlmafgjlpkiobpdocdbncj) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mlkjjjmhjijlmafgjlpkiobpdocdbncj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mlkjjjmhjijlmafgjlpkiobpdocdbncj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mlkjjjmhjijlmafgjlpkiobpdocdbncj", "external_id": "mlkjjjmhjijlmafgjlpkiobpdocdbncj"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cacd13ef-c183-4d4f-9fc1-05e914a6857e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.284167Z", "modified": "2026-06-02T15:57:33.284167Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (mndiaaeaiclnmjcnacogaacoejchdclp) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mndiaaeaiclnmjcnacogaacoejchdclp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mndiaaeaiclnmjcnacogaacoejchdclp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mndiaaeaiclnmjcnacogaacoejchdclp", "external_id": "mndiaaeaiclnmjcnacogaacoejchdclp"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bfdc035b-33e5-40e3-ad78-0ba8b2593832", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.285247Z", "modified": "2026-06-02T15:57:33.285247Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (mnlohknjofogcljbcknkakphddjpijak) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mnlohknjofogcljbcknkakphddjpijak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mnlohknjofogcljbcknkakphddjpijak", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mnlohknjofogcljbcknkakphddjpijak", "external_id": "mnlohknjofogcljbcknkakphddjpijak"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--06deb98e-e286-4592-bf39-c545b49951ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.286314Z", "modified": "2026-06-02T15:57:33.286314Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (nhnfcgpcbfclhfafjlooihdfghaeinfc) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nhnfcgpcbfclhfafjlooihdfghaeinfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nhnfcgpcbfclhfafjlooihdfghaeinfc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nhnfcgpcbfclhfafjlooihdfghaeinfc", "external_id": "nhnfcgpcbfclhfafjlooihdfghaeinfc"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0cc193c5-f6a8-4b1c-9dd9-d908fae38eee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.287408Z", "modified": "2026-06-02T15:57:33.287408Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ninecedhhpccjifamhafbdelibdjibgd) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ninecedhhpccjifamhafbdelibdjibgd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ninecedhhpccjifamhafbdelibdjibgd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ninecedhhpccjifamhafbdelibdjibgd", "external_id": "ninecedhhpccjifamhafbdelibdjibgd"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--df7bd3eb-a43f-4f12-b58e-ce9d3a99727d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.289731Z", "modified": "2026-06-02T15:57:33.289731Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (nmigaijibiabddkkmjhlehchpmgbokfj) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nmigaijibiabddkkmjhlehchpmgbokfj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nmigaijibiabddkkmjhlehchpmgbokfj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nmigaijibiabddkkmjhlehchpmgbokfj", "external_id": "nmigaijibiabddkkmjhlehchpmgbokfj"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ba2ab8f3-6542-41e8-8470-a69d75c6607a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.290856Z", "modified": "2026-06-02T15:57:33.290856Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (npdkkcjlmhcnnaoobfdjndibfkkhhdfn) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/npdkkcjlmhcnnaoobfdjndibfkkhhdfn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:npdkkcjlmhcnnaoobfdjndibfkkhhdfn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/npdkkcjlmhcnnaoobfdjndibfkkhhdfn", "external_id": "npdkkcjlmhcnnaoobfdjndibfkkhhdfn"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--76a2751d-1736-45df-847a-70e63e47766a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.291983Z", "modified": "2026-06-02T15:57:33.291983Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (npmjjkphdlmbeidbdbfefgedondknlaf) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/npmjjkphdlmbeidbdbfefgedondknlaf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:npmjjkphdlmbeidbdbfefgedondknlaf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/npmjjkphdlmbeidbdbfefgedondknlaf", "external_id": "npmjjkphdlmbeidbdbfefgedondknlaf"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a696f52e-530e-4cce-84be-56119c735b45", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.2931Z", "modified": "2026-06-02T15:57:33.2931Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (oakbcaafbicdddpdlhbchhpblmhefngh) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oakbcaafbicdddpdlhbchhpblmhefngh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oakbcaafbicdddpdlhbchhpblmhefngh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oakbcaafbicdddpdlhbchhpblmhefngh", "external_id": "oakbcaafbicdddpdlhbchhpblmhefngh"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6eafa64d-cf96-46e7-9b2d-c6695e6cfc4a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.294195Z", "modified": "2026-06-02T15:57:33.294195Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (obdhcplpbliifflekgclobogbdliddjd) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obdhcplpbliifflekgclobogbdliddjd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obdhcplpbliifflekgclobogbdliddjd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obdhcplpbliifflekgclobogbdliddjd", "external_id": "obdhcplpbliifflekgclobogbdliddjd"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--51f6cf00-9f74-4998-859e-d358cc1b676a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.295291Z", "modified": "2026-06-02T15:57:33.295291Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ocginjipilabheemhfbedijlhajbcabh) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ocginjipilabheemhfbedijlhajbcabh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ocginjipilabheemhfbedijlhajbcabh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ocginjipilabheemhfbedijlhajbcabh", "external_id": "ocginjipilabheemhfbedijlhajbcabh"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--affa46e6-e106-4413-817d-5db443088f24", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.296378Z", "modified": "2026-06-02T15:57:33.296378Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (oepjogknopbbibcjcojmedaepolkghpb) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oepjogknopbbibcjcojmedaepolkghpb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oepjogknopbbibcjcojmedaepolkghpb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oepjogknopbbibcjcojmedaepolkghpb", "external_id": "oepjogknopbbibcjcojmedaepolkghpb"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3ed88852-06ed-41b9-ad59-26ba9486547e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.297632Z", "modified": "2026-06-02T15:57:33.297632Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ofpnikijgfhlmmjlpkfaifhhdonchhoi) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofpnikijgfhlmmjlpkfaifhhdonchhoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ofpnikijgfhlmmjlpkfaifhhdonchhoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofpnikijgfhlmmjlpkfaifhhdonchhoi", "external_id": "ofpnikijgfhlmmjlpkfaifhhdonchhoi"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9ca8e5c0-6d4d-45cd-b834-759df3fd9a33", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.298714Z", "modified": "2026-06-02T15:57:33.298714Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (ogfjgagnmkiigilnoiabkbbajinanlbn) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ogfjgagnmkiigilnoiabkbbajinanlbn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ogfjgagnmkiigilnoiabkbbajinanlbn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ogfjgagnmkiigilnoiabkbbajinanlbn", "external_id": "ogfjgagnmkiigilnoiabkbbajinanlbn"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4ace8957-d045-4358-9e1b-447553d5ada4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.299801Z", "modified": "2026-06-02T15:57:33.299801Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (okkffdhbfplmbjblhgapnchjinanmnij) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okkffdhbfplmbjblhgapnchjinanmnij']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:okkffdhbfplmbjblhgapnchjinanmnij", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okkffdhbfplmbjblhgapnchjinanmnij", "external_id": "okkffdhbfplmbjblhgapnchjinanmnij"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0275d688-4300-43df-b2cd-8dd59572e21e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.300874Z", "modified": "2026-06-02T15:57:33.300874Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (oodkhhminilgphkdofffddlgopkgbgpm) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oodkhhminilgphkdofffddlgopkgbgpm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oodkhhminilgphkdofffddlgopkgbgpm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oodkhhminilgphkdofffddlgopkgbgpm", "external_id": "oodkhhminilgphkdofffddlgopkgbgpm"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--05778730-5ec1-4ced-90de-bff76f8e2b58", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.301951Z", "modified": "2026-06-02T15:57:33.301951Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (pegfdldddiilihjahcpdehhhfcbibipg) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pegfdldddiilihjahcpdehhhfcbibipg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pegfdldddiilihjahcpdehhhfcbibipg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pegfdldddiilihjahcpdehhhfcbibipg", "external_id": "pegfdldddiilihjahcpdehhhfcbibipg"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--050da53a-67c1-4283-b189-ec6d7fb3d238", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.303015Z", "modified": "2026-06-02T15:57:33.303015Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (phfkifnjcmdcmljnnablahicoabkokbg) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/phfkifnjcmdcmljnnablahicoabkokbg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:phfkifnjcmdcmljnnablahicoabkokbg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/phfkifnjcmdcmljnnablahicoabkokbg", "external_id": "phfkifnjcmdcmljnnablahicoabkokbg"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4cb026f6-f7f7-4b2a-b552-a48ffce295b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.304123Z", "modified": "2026-06-02T15:57:33.304123Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (phjbepamfhjgjdgmbhmfflhnlohldchb) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/phjbepamfhjgjdgmbhmfflhnlohldchb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:phjbepamfhjgjdgmbhmfflhnlohldchb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/phjbepamfhjgjdgmbhmfflhnlohldchb", "external_id": "phjbepamfhjgjdgmbhmfflhnlohldchb"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a7877e9f-109b-44d8-91fe-b2165be33936", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.305373Z", "modified": "2026-06-02T15:57:33.305373Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (plmlopfeeobajiecodiggabcihohcnge) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/plmlopfeeobajiecodiggabcihohcnge']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:plmlopfeeobajiecodiggabcihohcnge", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/plmlopfeeobajiecodiggabcihohcnge", "external_id": "plmlopfeeobajiecodiggabcihohcnge"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--29e6776b-9da6-496b-a7ac-624f9406f334", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.306458Z", "modified": "2026-06-02T15:57:33.306458Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (pmilcmjbofinpnbnpanpdadijibcgifc) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmilcmjbofinpnbnpanpdadijibcgifc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmilcmjbofinpnbnpanpdadijibcgifc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmilcmjbofinpnbnpanpdadijibcgifc", "external_id": "pmilcmjbofinpnbnpanpdadijibcgifc"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2f23dbbc-6cdd-4dd6-a9b7-921a08fca5fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.307547Z", "modified": "2026-06-02T15:57:33.307547Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (pmnphobdokkajkpbkajlaiooipfcpgio) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmnphobdokkajkpbkajlaiooipfcpgio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmnphobdokkajkpbkajlaiooipfcpgio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmnphobdokkajkpbkajlaiooipfcpgio", "external_id": "pmnphobdokkajkpbkajlaiooipfcpgio"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8cf0d119-baba-4db0-a5de-a985a1d27d62", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.308632Z", "modified": "2026-06-02T15:57:33.308632Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (pnanegnllonoiklmmlegcaajoicfifcm) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pnanegnllonoiklmmlegcaajoicfifcm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pnanegnllonoiklmmlegcaajoicfifcm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pnanegnllonoiklmmlegcaajoicfifcm", "external_id": "pnanegnllonoiklmmlegcaajoicfifcm"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3ad5c901-b2e2-4ab5-9e64-fe945caf8db4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.309698Z", "modified": "2026-06-02T15:57:33.309698Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (pnlphjjfielecalmmjjdhjjninkbjdod) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pnlphjjfielecalmmjjdhjjninkbjdod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pnlphjjfielecalmmjjdhjjninkbjdod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pnlphjjfielecalmmjjdhjjninkbjdod", "external_id": "pnlphjjfielecalmmjjdhjjninkbjdod"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--06ed6b3e-3797-4869-aad0-2bdce03cc8fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.31078Z", "modified": "2026-06-02T15:57:33.31078Z", "name": "Malicious Extension: Palant affiliate fraud cluster (name unconfirmed)", "description": "Malicious browser extension: Palant affiliate fraud cluster (name unconfirmed) (pooaemmkohlphkekccfajnbcokjlbehk) Palant Jun 2023 affiliate fraud cluster. 109 extensions, 62M users. Obfuscated code performing affiliate fraud \u2014 redirected users to affiliate-tagged URLs for 10k+ sites. Translator, downloader, and game extensions used as cover. Extension names change frequently \u2014 ID is stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pooaemmkohlphkekccfajnbcokjlbehk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pooaemmkohlphkekccfajnbcokjlbehk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pooaemmkohlphkekccfajnbcokjlbehk", "external_id": "pooaemmkohlphkekccfajnbcokjlbehk"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--af5fc7ee-ccca-4c8a-af8e-a2a33b82174c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.312163Z", "modified": "2026-06-02T15:57:33.312163Z", "name": "Malicious Extension: Palant cluster C000003 (name unconfirmed)", "description": "Malicious browser extension: Palant cluster C000003 (name unconfirmed) (fmlpbbognkocpajihchioognkmdeeldo) Palant cluster C000003 \u2014 distinct subcluster within Jun 2023 affiliate fraud campaign.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmlpbbognkocpajihchioognkmdeeldo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmlpbbognkocpajihchioognkmdeeldo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmlpbbognkocpajihchioognkmdeeldo", "external_id": "fmlpbbognkocpajihchioognkmdeeldo"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--400d8470-ddcc-4f51-90f1-1f59ec28d37b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.313401Z", "modified": "2026-06-02T15:57:33.313401Z", "name": "Malicious Extension: Palant cluster C000003 (name unconfirmed)", "description": "Malicious browser extension: Palant cluster C000003 (name unconfirmed) (goaebigflkhjjblmofhoggdhebgnielo) Palant cluster C000003 \u2014 distinct subcluster within Jun 2023 affiliate fraud campaign.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/goaebigflkhjjblmofhoggdhebgnielo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:goaebigflkhjjblmofhoggdhebgnielo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/goaebigflkhjjblmofhoggdhebgnielo", "external_id": "goaebigflkhjjblmofhoggdhebgnielo"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--973fd72c-8c0c-40ae-acbb-1d3880aca2b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.314474Z", "modified": "2026-06-02T15:57:33.314474Z", "name": "Malicious Extension: Palant cluster C000003 (name unconfirmed)", "description": "Malicious browser extension: Palant cluster C000003 (name unconfirmed) (igkkmokkmlbkkgdnkkancbonkbbmkioc) Palant cluster C000003 \u2014 distinct subcluster within Jun 2023 affiliate fraud campaign.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/igkkmokkmlbkkgdnkkancbonkbbmkioc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:igkkmokkmlbkkgdnkkancbonkbbmkioc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/igkkmokkmlbkkgdnkkancbonkbbmkioc", "external_id": "igkkmokkmlbkkgdnkkancbonkbbmkioc"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b65b7c35-1860-44e3-baca-3f332ba570d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.315567Z", "modified": "2026-06-02T15:57:33.315567Z", "name": "Malicious Extension: Palant cluster C000003 (name unconfirmed)", "description": "Malicious browser extension: Palant cluster C000003 (name unconfirmed) (lopnbnfpjmgpbppclhclehhgafnifija) Palant cluster C000003 \u2014 distinct subcluster within Jun 2023 affiliate fraud campaign. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lopnbnfpjmgpbppclhclehhgafnifija']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-08T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lopnbnfpjmgpbppclhclehhgafnifija", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lopnbnfpjmgpbppclhclehhgafnifija", "external_id": "lopnbnfpjmgpbppclhclehhgafnifija"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--514cda70-58db-4496-8021-046a4dd67b9d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.316969Z", "modified": "2026-06-02T15:57:33.316969Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (kgfeiebnfmmfpomhochmlfmdmjmfedfj) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kgfeiebnfmmfpomhochmlfmdmjmfedfj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kgfeiebnfmmfpomhochmlfmdmjmfedfj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kgfeiebnfmmfpomhochmlfmdmjmfedfj", "external_id": "kgfeiebnfmmfpomhochmlfmdmjmfedfj"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6bf0ca41-0818-4c6c-a67a-873444e7f490", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.318144Z", "modified": "2026-06-02T15:57:33.318144Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (pmlcjncilaaaemknfefmegedhcgelmee) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmlcjncilaaaemknfefmegedhcgelmee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pmlcjncilaaaemknfefmegedhcgelmee", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmlcjncilaaaemknfefmegedhcgelmee", "external_id": "pmlcjncilaaaemknfefmegedhcgelmee"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d7f30b57-bd3b-4b37-9c8a-5107d4cd460e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.319299Z", "modified": "2026-06-02T15:57:33.319299Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (ohdgnoepeabcfdkboidmaedenahioohf) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ohdgnoepeabcfdkboidmaedenahioohf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ohdgnoepeabcfdkboidmaedenahioohf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ohdgnoepeabcfdkboidmaedenahioohf", "external_id": "ohdgnoepeabcfdkboidmaedenahioohf"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--02a579e2-c810-41e2-9e4c-db3a6148bb09", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.3204Z", "modified": "2026-06-02T15:57:33.3204Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (dnbipceilikdgjmeiagblfckeialaela) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dnbipceilikdgjmeiagblfckeialaela']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dnbipceilikdgjmeiagblfckeialaela", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dnbipceilikdgjmeiagblfckeialaela", "external_id": "dnbipceilikdgjmeiagblfckeialaela"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d4db404e-3cc7-4687-9b87-270ea8ad4ec1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.321665Z", "modified": "2026-06-02T15:57:33.321665Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (aciipkgmbljbcokcnhjbjdhilpngemnj) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aciipkgmbljbcokcnhjbjdhilpngemnj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:aciipkgmbljbcokcnhjbjdhilpngemnj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aciipkgmbljbcokcnhjbjdhilpngemnj", "external_id": "aciipkgmbljbcokcnhjbjdhilpngemnj"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--edb85e6e-6570-4c66-9aaf-1af2d3135b8d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.322745Z", "modified": "2026-06-02T15:57:33.322745Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (nlmjpeojbncdmlfkpppngdnolhfgiehn) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nlmjpeojbncdmlfkpppngdnolhfgiehn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nlmjpeojbncdmlfkpppngdnolhfgiehn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nlmjpeojbncdmlfkpppngdnolhfgiehn", "external_id": "nlmjpeojbncdmlfkpppngdnolhfgiehn"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cdad2ab8-87a3-4711-9685-e4dadd069266", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.323858Z", "modified": "2026-06-02T15:57:33.323858Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (phjhbkdgnjaokligmkimgnlagccanodn) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/phjhbkdgnjaokligmkimgnlagccanodn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:phjhbkdgnjaokligmkimgnlagccanodn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/phjhbkdgnjaokligmkimgnlagccanodn", "external_id": "phjhbkdgnjaokligmkimgnlagccanodn"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9f292259-c54e-4a8c-97d0-fb4ac8a77ec2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.324951Z", "modified": "2026-06-02T15:57:33.324951Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (fkhpfgpmejefmjaeelgoopkcglgafedm) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fkhpfgpmejefmjaeelgoopkcglgafedm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fkhpfgpmejefmjaeelgoopkcglgafedm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fkhpfgpmejefmjaeelgoopkcglgafedm", "external_id": "fkhpfgpmejefmjaeelgoopkcglgafedm"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b183d4f9-5698-406b-8cfd-794ea0279c02", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.326039Z", "modified": "2026-06-02T15:57:33.326039Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (kekdpkbijjffmohdaonbpeeaiknhbkhj) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kekdpkbijjffmohdaonbpeeaiknhbkhj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kekdpkbijjffmohdaonbpeeaiknhbkhj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kekdpkbijjffmohdaonbpeeaiknhbkhj", "external_id": "kekdpkbijjffmohdaonbpeeaiknhbkhj"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d48d9a92-4639-44e0-8b68-338d121f78ab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.327118Z", "modified": "2026-06-02T15:57:33.327118Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (mcmmiinopedfbaoongoclagidncaacbd) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mcmmiinopedfbaoongoclagidncaacbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mcmmiinopedfbaoongoclagidncaacbd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mcmmiinopedfbaoongoclagidncaacbd", "external_id": "mcmmiinopedfbaoongoclagidncaacbd"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--85819067-6eda-47b5-9928-d939f71f3172", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.328268Z", "modified": "2026-06-02T15:57:33.328268Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (ndcokkmfmiaecmndbpohaogmpmchfpkk) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ndcokkmfmiaecmndbpohaogmpmchfpkk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ndcokkmfmiaecmndbpohaogmpmchfpkk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ndcokkmfmiaecmndbpohaogmpmchfpkk", "external_id": "ndcokkmfmiaecmndbpohaogmpmchfpkk"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d883343c-2979-478a-8b2f-86effe3aac76", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.329646Z", "modified": "2026-06-02T15:57:33.329646Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (cpmpjapeeidaikiiemnddfgfdfjjhgif) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cpmpjapeeidaikiiemnddfgfdfjjhgif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cpmpjapeeidaikiiemnddfgfdfjjhgif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cpmpjapeeidaikiiemnddfgfdfjjhgif", "external_id": "cpmpjapeeidaikiiemnddfgfdfjjhgif"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1e31b88f-2f8e-4159-a19d-359b3c7b5c62", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.330767Z", "modified": "2026-06-02T15:57:33.330767Z", "name": "Malicious Extension: Browser game extension (malicious, name unconfirmed)", "description": "Malicious browser extension: Browser game extension (malicious, name unconfirmed) (ajefbooiifdkmgkpjkanmgbjbndfbfhg) Browser game extensions abusing broad host permissions. Palant Jun 2023 series. Games used as cover to gain all-website access for data collection/affiliate fraud.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ajefbooiifdkmgkpjkanmgbjbndfbfhg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-14T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ajefbooiifdkmgkpjkanmgbjbndfbfhg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ajefbooiifdkmgkpjkanmgbjbndfbfhg", "external_id": "ajefbooiifdkmgkpjkanmgbjbndfbfhg"}, {"source_name": "Original Research", "url": "https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-75m-installs-removed-from-web-store/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--737c1906-44e2-49cc-93ad-aa963c1ddbbf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.332232Z", "modified": "2026-06-02T15:57:33.332232Z", "name": "Malicious Extension: Clean Master (ShadyPanda Phase 3 RCE)", "description": "Malicious browser extension: Clean Master (ShadyPanda Phase 3 RCE) (eagiakjmjnblliacokhcalebgnhellfi) ShadyPanda Phase 3 RCE backdoor. Extensions operated cleanly 2018-2019 through mid-2024, then weaponized via silent update. Hourly RCE: checks api.extensionplay[.]com, executes arbitrary JS with full browser API access. Exfiltrates AES-encrypted browsing history to cleanmasters[.]store. Anti-analysis: detects dev tools. 300k Chrome users. Google removed extensions.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eagiakjmjnblliacokhcalebgnhellfi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:eagiakjmjnblliacokhcalebgnhellfi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eagiakjmjnblliacokhcalebgnhellfi", "external_id": "eagiakjmjnblliacokhcalebgnhellfi"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7fe62066-ff4a-4e68-be36-fc789589a676", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.333366Z", "modified": "2026-06-02T15:57:33.333366Z", "name": "Malicious Extension: ShadyPanda Phase 3 RCE extension", "description": "Malicious browser extension: ShadyPanda Phase 3 RCE extension (ibiejjpajlfljcgjndbonclhcbdcamai) ShadyPanda Phase 3 RCE backdoor. Extensions operated cleanly 2018-2019 through mid-2024, then weaponized via silent update. Hourly RCE: checks api.extensionplay[.]com, executes arbitrary JS with full browser API access. Exfiltrates AES-encrypted browsing history to cleanmasters[.]store. Anti-analysis: detects dev tools. 300k Chrome users. Google removed extensions.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ibiejjpajlfljcgjndbonclhcbdcamai']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ibiejjpajlfljcgjndbonclhcbdcamai", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ibiejjpajlfljcgjndbonclhcbdcamai", "external_id": "ibiejjpajlfljcgjndbonclhcbdcamai"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4b9e8eed-e161-4e74-9292-955803a5c03b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.334463Z", "modified": "2026-06-02T15:57:33.334463Z", "name": "Malicious Extension: ShadyPanda Phase 3 RCE extension", "description": "Malicious browser extension: ShadyPanda Phase 3 RCE extension (ogjneoecnllmjcegcfpaamfpbiaaiekh) ShadyPanda Phase 3 RCE backdoor. Extensions operated cleanly 2018-2019 through mid-2024, then weaponized via silent update. Hourly RCE: checks api.extensionplay[.]com, executes arbitrary JS with full browser API access. Exfiltrates AES-encrypted browsing history to cleanmasters[.]store. Anti-analysis: detects dev tools. 300k Chrome users. Google removed extensions.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ogjneoecnllmjcegcfpaamfpbiaaiekh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ogjneoecnllmjcegcfpaamfpbiaaiekh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ogjneoecnllmjcegcfpaamfpbiaaiekh", "external_id": "ogjneoecnllmjcegcfpaamfpbiaaiekh"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--34fffc26-f1d6-4fd2-94de-3f3793f4a11d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.335587Z", "modified": "2026-06-02T15:57:33.335587Z", "name": "Malicious Extension: ShadyPanda Phase 3 RCE extension", "description": "Malicious browser extension: ShadyPanda Phase 3 RCE extension (jbnopeoocgbmnochaadfnhiiimfpbpmf) ShadyPanda Phase 3 RCE backdoor. Extensions operated cleanly 2018-2019 through mid-2024, then weaponized via silent update. Hourly RCE: checks api.extensionplay[.]com, executes arbitrary JS with full browser API access. Exfiltrates AES-encrypted browsing history to cleanmasters[.]store. Anti-analysis: detects dev tools. 300k Chrome users. Google removed extensions.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jbnopeoocgbmnochaadfnhiiimfpbpmf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jbnopeoocgbmnochaadfnhiiimfpbpmf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jbnopeoocgbmnochaadfnhiiimfpbpmf", "external_id": "jbnopeoocgbmnochaadfnhiiimfpbpmf"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2898aff4-f31a-42b7-a4d6-ad79b96ed56f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.336793Z", "modified": "2026-06-02T15:57:33.336793Z", "name": "Malicious Extension: ShadyPanda Phase 3 RCE extension", "description": "Malicious browser extension: ShadyPanda Phase 3 RCE extension (cdgonefipacceedbkflolomdegncceid) ShadyPanda Phase 3 RCE backdoor. Extensions operated cleanly 2018-2019 through mid-2024, then weaponized via silent update. Hourly RCE: checks api.extensionplay[.]com, executes arbitrary JS with full browser API access. Exfiltrates AES-encrypted browsing history to cleanmasters[.]store. Anti-analysis: detects dev tools. 300k Chrome users. Google removed extensions.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cdgonefipacceedbkflolomdegncceid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cdgonefipacceedbkflolomdegncceid", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cdgonefipacceedbkflolomdegncceid", "external_id": "cdgonefipacceedbkflolomdegncceid"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7d1abd0d-c8de-445c-a21c-7aefc5c194ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.338459Z", "modified": "2026-06-02T15:57:33.338459Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (gipnpcencdgljnaecpekokmpgnhgpela) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gipnpcencdgljnaecpekokmpgnhgpela']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gipnpcencdgljnaecpekokmpgnhgpela", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gipnpcencdgljnaecpekokmpgnhgpela", "external_id": "gipnpcencdgljnaecpekokmpgnhgpela"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7ec50f1a-24e2-4a7d-b6ba-dc280f6338ba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.339576Z", "modified": "2026-06-02T15:57:33.339576Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (bpgaffohfacaamplbbojgbiicfgedmoi) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bpgaffohfacaamplbbojgbiicfgedmoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bpgaffohfacaamplbbojgbiicfgedmoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bpgaffohfacaamplbbojgbiicfgedmoi", "external_id": "bpgaffohfacaamplbbojgbiicfgedmoi"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c2bc1832-5459-41e1-a868-3447710a0e31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.340663Z", "modified": "2026-06-02T15:57:33.340663Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (ineempkjpmbdejmdgienaphomigjjiej) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ineempkjpmbdejmdgienaphomigjjiej']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ineempkjpmbdejmdgienaphomigjjiej", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ineempkjpmbdejmdgienaphomigjjiej", "external_id": "ineempkjpmbdejmdgienaphomigjjiej"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a84d751d-c1b2-4a49-af48-f6f95f976942", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.341735Z", "modified": "2026-06-02T15:57:33.341735Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (nnnklgkfdfbdijeeglhjfleaoagiagig) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nnnklgkfdfbdijeeglhjfleaoagiagig']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nnnklgkfdfbdijeeglhjfleaoagiagig", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nnnklgkfdfbdijeeglhjfleaoagiagig", "external_id": "nnnklgkfdfbdijeeglhjfleaoagiagig"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cf72b901-962e-48f9-933e-191d90efe005", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.342813Z", "modified": "2026-06-02T15:57:33.342813Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (mljmfnkjmcdmongjnnnbbnajjdbojoci) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mljmfnkjmcdmongjnnnbbnajjdbojoci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mljmfnkjmcdmongjnnnbbnajjdbojoci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mljmfnkjmcdmongjnnnbbnajjdbojoci", "external_id": "mljmfnkjmcdmongjnnnbbnajjdbojoci"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6f2d260f-d333-4965-ad86-3bf84758db26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.343909Z", "modified": "2026-06-02T15:57:33.343909Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (llkncpcdceadgibhbedecmkencokjajg) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/llkncpcdceadgibhbedecmkencokjajg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:llkncpcdceadgibhbedecmkencokjajg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/llkncpcdceadgibhbedecmkencokjajg", "external_id": "llkncpcdceadgibhbedecmkencokjajg"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c5833aa3-3f8b-473a-b8ea-17c7f113f1a1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.345141Z", "modified": "2026-06-02T15:57:33.345141Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (nmfbniajnpceakchicdhfofoejhgjefb) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nmfbniajnpceakchicdhfofoejhgjefb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nmfbniajnpceakchicdhfofoejhgjefb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nmfbniajnpceakchicdhfofoejhgjefb", "external_id": "nmfbniajnpceakchicdhfofoejhgjefb"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--81b2ce67-3965-42b5-bb0e-51eea4f72aff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.34622Z", "modified": "2026-06-02T15:57:33.34622Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (ijcpbhmpbaafndchbjdjchogaogelnjl) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ijcpbhmpbaafndchbjdjchogaogelnjl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ijcpbhmpbaafndchbjdjchogaogelnjl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ijcpbhmpbaafndchbjdjchogaogelnjl", "external_id": "ijcpbhmpbaafndchbjdjchogaogelnjl"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cd72ced0-5e44-43c9-88aa-eb10ab9cdba8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.3473Z", "modified": "2026-06-02T15:57:33.3473Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (olaahjgjlhoehkpemnfognpgmkbedodk) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/olaahjgjlhoehkpemnfognpgmkbedodk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:olaahjgjlhoehkpemnfognpgmkbedodk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/olaahjgjlhoehkpemnfognpgmkbedodk", "external_id": "olaahjgjlhoehkpemnfognpgmkbedodk"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--47df91e0-ae6a-485b-9ae7-c6c15d668767", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.348391Z", "modified": "2026-06-02T15:57:33.348391Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (gnhgdhlkojnlgljamagoigaabdmfhfeg) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gnhgdhlkojnlgljamagoigaabdmfhfeg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gnhgdhlkojnlgljamagoigaabdmfhfeg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gnhgdhlkojnlgljamagoigaabdmfhfeg", "external_id": "gnhgdhlkojnlgljamagoigaabdmfhfeg"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--691e27c0-87ae-46db-940e-6c397cb88551", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.349481Z", "modified": "2026-06-02T15:57:33.349481Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (cihbmmokhmieaidfgamioabhhkggnehm) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cihbmmokhmieaidfgamioabhhkggnehm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cihbmmokhmieaidfgamioabhhkggnehm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cihbmmokhmieaidfgamioabhhkggnehm", "external_id": "cihbmmokhmieaidfgamioabhhkggnehm"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ba69f945-8760-4a17-8912-abed24d1a35e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.350562Z", "modified": "2026-06-02T15:57:33.350562Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (lehjnmndiohfaphecnjhopgookigekdk) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lehjnmndiohfaphecnjhopgookigekdk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lehjnmndiohfaphecnjhopgookigekdk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lehjnmndiohfaphecnjhopgookigekdk", "external_id": "lehjnmndiohfaphecnjhopgookigekdk"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--50ad775c-d8bc-443c-897c-f535e99da7ad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.35165Z", "modified": "2026-06-02T15:57:33.35165Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (hlcjkaoneihodfmonjnlnnfpdcopgfjk) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hlcjkaoneihodfmonjnlnnfpdcopgfjk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hlcjkaoneihodfmonjnlnnfpdcopgfjk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hlcjkaoneihodfmonjnlnnfpdcopgfjk", "external_id": "hlcjkaoneihodfmonjnlnnfpdcopgfjk"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--29e8f16f-84d3-4283-b604-b806a998de05", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.352887Z", "modified": "2026-06-02T15:57:33.352887Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (hmhifpbclhgklaaepgbabgcpfgidkoei) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmhifpbclhgklaaepgbabgcpfgidkoei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hmhifpbclhgklaaepgbabgcpfgidkoei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmhifpbclhgklaaepgbabgcpfgidkoei", "external_id": "hmhifpbclhgklaaepgbabgcpfgidkoei"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6d570513-f9eb-4265-a127-6a7144b8aebe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.353966Z", "modified": "2026-06-02T15:57:33.353966Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (lnlononncfdnhdfmgpkdfoibmfdehfoj) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lnlononncfdnhdfmgpkdfoibmfdehfoj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lnlononncfdnhdfmgpkdfoibmfdehfoj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lnlononncfdnhdfmgpkdfoibmfdehfoj", "external_id": "lnlononncfdnhdfmgpkdfoibmfdehfoj"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--152619df-f583-44d3-8af5-5974bdaa6df8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.355036Z", "modified": "2026-06-02T15:57:33.355036Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (nagbiboibhbjbclhcigklajjdefaiidc) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nagbiboibhbjbclhcigklajjdefaiidc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nagbiboibhbjbclhcigklajjdefaiidc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nagbiboibhbjbclhcigklajjdefaiidc", "external_id": "nagbiboibhbjbclhcigklajjdefaiidc"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--32e1448c-1c8a-49a5-9fa5-63dba88c19c1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.356142Z", "modified": "2026-06-02T15:57:33.356142Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (ofkopmlicnffaiiabnmnaajaimmenkjn) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofkopmlicnffaiiabnmnaajaimmenkjn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ofkopmlicnffaiiabnmnaajaimmenkjn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofkopmlicnffaiiabnmnaajaimmenkjn", "external_id": "ofkopmlicnffaiiabnmnaajaimmenkjn"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--da606670-146e-4c5a-bcad-efcffed26074", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.357231Z", "modified": "2026-06-02T15:57:33.357231Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (ocffbdeldlbilgegmifiakciiicnoaeo) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ocffbdeldlbilgegmifiakciiicnoaeo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ocffbdeldlbilgegmifiakciiicnoaeo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ocffbdeldlbilgegmifiakciiicnoaeo", "external_id": "ocffbdeldlbilgegmifiakciiicnoaeo"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--25c94285-4e54-4d9f-9eef-ce8f72a39af5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.358305Z", "modified": "2026-06-02T15:57:33.358305Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (eaokmbopbenbmgegkmoiogmpejlaikea) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eaokmbopbenbmgegkmoiogmpejlaikea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:eaokmbopbenbmgegkmoiogmpejlaikea", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eaokmbopbenbmgegkmoiogmpejlaikea", "external_id": "eaokmbopbenbmgegkmoiogmpejlaikea"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--990c8545-0279-422d-be42-167762d3c6c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.359387Z", "modified": "2026-06-02T15:57:33.359387Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (lhiehjmkpbhhkfapacaiheolgejcifgd) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lhiehjmkpbhhkfapacaiheolgejcifgd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lhiehjmkpbhhkfapacaiheolgejcifgd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lhiehjmkpbhhkfapacaiheolgejcifgd", "external_id": "lhiehjmkpbhhkfapacaiheolgejcifgd"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8ec3a094-cc7d-48a8-822e-5613eb711ab6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.360631Z", "modified": "2026-06-02T15:57:33.360631Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (ondhgmkgppbdnogfiglikgpdkmkaiggk) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ondhgmkgppbdnogfiglikgpdkmkaiggk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ondhgmkgppbdnogfiglikgpdkmkaiggk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ondhgmkgppbdnogfiglikgpdkmkaiggk", "external_id": "ondhgmkgppbdnogfiglikgpdkmkaiggk"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--33a5f86c-9bf3-4aba-a666-397659416b33", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.361711Z", "modified": "2026-06-02T15:57:33.361711Z", "name": "Malicious Extension: ShadyPanda affiliate fraud extension", "description": "Malicious browser extension: ShadyPanda affiliate fraud extension (imdgpklnabbkghcbhmkbjbhcomnfdige) ShadyPanda Phase 1/2 affiliate fraud + search hijacking. Injected affiliate codes on eBay/Amazon/Booking.com clicks. Phase 2 extensions hijacked searches via trovi.com, exfiltrated cookies/search queries. Publisher nuggetsno15 (Chrome). 7-year campaign by China-attributed actor.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/imdgpklnabbkghcbhmkbjbhcomnfdige']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:imdgpklnabbkghcbhmkbjbhcomnfdige", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/imdgpklnabbkghcbhmkbjbhcomnfdige", "external_id": "imdgpklnabbkghcbhmkbjbhcomnfdige"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--454fafba-63d2-4725-8c1d-3f59e3566385", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.363082Z", "modified": "2026-06-02T15:57:33.363082Z", "name": "Malicious Extension: WeTab / ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: WeTab / ShadyPanda Phase 4 spyware (Edge) (bpelnogcookhocnaokfpoeinibimbeff) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/bpelnogcookhocnaokfpoeinibimbeff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bpelnogcookhocnaokfpoeinibimbeff", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/bpelnogcookhocnaokfpoeinibimbeff", "external_id": "bpelnogcookhocnaokfpoeinibimbeff"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6982037b-7d60-45f0-9e1c-3701aa372077", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.364174Z", "modified": "2026-06-02T15:57:33.364174Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (enkihkfondbngohnmlefmobdgkpmejha) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/enkihkfondbngohnmlefmobdgkpmejha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:enkihkfondbngohnmlefmobdgkpmejha", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/enkihkfondbngohnmlefmobdgkpmejha", "external_id": "enkihkfondbngohnmlefmobdgkpmejha"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4b646361-1eb3-4f83-930a-fc88c831d608", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.365248Z", "modified": "2026-06-02T15:57:33.365248Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (hajlmbnnniemimmaehcefkamdadpjlfa) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/hajlmbnnniemimmaehcefkamdadpjlfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hajlmbnnniemimmaehcefkamdadpjlfa", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/hajlmbnnniemimmaehcefkamdadpjlfa", "external_id": "hajlmbnnniemimmaehcefkamdadpjlfa"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b564e5bf-5aff-40f1-a903-24d2ab04355b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.366327Z", "modified": "2026-06-02T15:57:33.366327Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (aadnmeanpbokjjahcnikajejglihibpd) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/aadnmeanpbokjjahcnikajejglihibpd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:aadnmeanpbokjjahcnikajejglihibpd", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/aadnmeanpbokjjahcnikajejglihibpd", "external_id": "aadnmeanpbokjjahcnikajejglihibpd"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f7b0828d-de34-415f-a021-e1fde9dbbd47", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.367421Z", "modified": "2026-06-02T15:57:33.367421Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (ipnidmjhnoipibbinllilgeohohehabl) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/ipnidmjhnoipibbinllilgeohohehabl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ipnidmjhnoipibbinllilgeohohehabl", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/ipnidmjhnoipibbinllilgeohohehabl", "external_id": "ipnidmjhnoipibbinllilgeohohehabl"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3d503d16-6c46-400c-9cea-975fbf0f36cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.368676Z", "modified": "2026-06-02T15:57:33.368676Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (fnnigcfbmghcefaboigkhfimeolhhbcp) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/fnnigcfbmghcefaboigkhfimeolhhbcp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fnnigcfbmghcefaboigkhfimeolhhbcp", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/fnnigcfbmghcefaboigkhfimeolhhbcp", "external_id": "fnnigcfbmghcefaboigkhfimeolhhbcp"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--29589c15-b94b-4c4d-ad29-d0a06c9b4bad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.369754Z", "modified": "2026-06-02T15:57:33.369754Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (nlcebdoehkdiojeahkofcfnolkleembf) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/nlcebdoehkdiojeahkofcfnolkleembf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nlcebdoehkdiojeahkofcfnolkleembf", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/nlcebdoehkdiojeahkofcfnolkleembf", "external_id": "nlcebdoehkdiojeahkofcfnolkleembf"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--309bdf8b-0b1e-4a63-b78a-4d045b0bf3a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.370839Z", "modified": "2026-06-02T15:57:33.370839Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (fhababnomjcnhmobbemagohkldaeicad) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/fhababnomjcnhmobbemagohkldaeicad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fhababnomjcnhmobbemagohkldaeicad", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/fhababnomjcnhmobbemagohkldaeicad", "external_id": "fhababnomjcnhmobbemagohkldaeicad"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0fe0bfe3-3c5b-43a1-9c92-a1882c731671", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.371934Z", "modified": "2026-06-02T15:57:33.371934Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (nokknhlkpdfppefncfkdebhgfpfilieo) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/nokknhlkpdfppefncfkdebhgfpfilieo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nokknhlkpdfppefncfkdebhgfpfilieo", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/nokknhlkpdfppefncfkdebhgfpfilieo", "external_id": "nokknhlkpdfppefncfkdebhgfpfilieo"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3de3b769-15ab-42d8-a6e3-33173ce57edb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.373032Z", "modified": "2026-06-02T15:57:33.373032Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (ljmcneongnlaecabgneiippeacdoimaa) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/ljmcneongnlaecabgneiippeacdoimaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ljmcneongnlaecabgneiippeacdoimaa", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/ljmcneongnlaecabgneiippeacdoimaa", "external_id": "ljmcneongnlaecabgneiippeacdoimaa"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b37a7aa5-b1ac-4059-9325-a47b19761119", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.374136Z", "modified": "2026-06-02T15:57:33.374136Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (onifebiiejdjncjpjnojlebibonmnhog) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/onifebiiejdjncjpjnojlebibonmnhog']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:onifebiiejdjncjpjnojlebibonmnhog", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/onifebiiejdjncjpjnojlebibonmnhog", "external_id": "onifebiiejdjncjpjnojlebibonmnhog"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--263d07e7-1477-4cf9-83ea-433af63ac9a4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.375228Z", "modified": "2026-06-02T15:57:33.375228Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (dbagndmcddecodlmnlcmhheicgkaglpk) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/dbagndmcddecodlmnlcmhheicgkaglpk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dbagndmcddecodlmnlcmhheicgkaglpk", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/dbagndmcddecodlmnlcmhheicgkaglpk", "external_id": "dbagndmcddecodlmnlcmhheicgkaglpk"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--45bf62da-3a0b-48c3-9ec2-d913842f7e2d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.376472Z", "modified": "2026-06-02T15:57:33.376472Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (fmgfcpjmmapcjlknncjgmbolgaecngfo) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/fmgfcpjmmapcjlknncjgmbolgaecngfo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fmgfcpjmmapcjlknncjgmbolgaecngfo", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/fmgfcpjmmapcjlknncjgmbolgaecngfo", "external_id": "fmgfcpjmmapcjlknncjgmbolgaecngfo"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6908d8a5-6b6c-442f-bd7d-f87d20940ff3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.377547Z", "modified": "2026-06-02T15:57:33.377547Z", "name": "Malicious Extension: ShadyPanda Phase 4 spyware (Edge)", "description": "Malicious browser extension: ShadyPanda Phase 4 spyware (Edge) (kgmlodoegkmpfkbepkfhgeldido) ShadyPanda Phase 4 Edge spyware. Publisher Starlab Technology. WeTab flagship has 3M installs. Collects every URL, search query, mouse click (pixel XY coords). Transmits to 17 domains (8 Baidu servers China, 7 WeTab servers China, Google Analytics). 4M+ combined users. Still live in Edge store at disclosure Dec 2025. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/kgmlodoegkmpfkbepkfhgeldido']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kgmlodoegkmpfkbepkfhgeldido", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/kgmlodoegkmpfkbepkfhgeldido", "external_id": "kgmlodoegkmpfkbepkfhgeldido"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b9f3e2ce-3171-4e7e-a775-7f8b474ba20d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.378926Z", "modified": "2026-06-02T15:57:33.378926Z", "name": "Malicious Extension: Adobe Lightroom (fake, variant 2)", "description": "Malicious browser extension: Adobe Lightroom (fake, variant 2) (cadilgfilcmlmbekleigjmfhfkoceooo) Krebs/Nguyen May 2021 fake brand extension network. 45 extensions spoofed Adobe, Amazon, CBS, FITE, HBO, IMVU, Microsoft, Ring, Roku. Prompted users for personal/financial data. Network of fake Google reviewer accounts used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cadilgfilcmlmbekleigjmfhfkoceooo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cadilgfilcmlmbekleigjmfhfkoceooo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cadilgfilcmlmbekleigjmfhfkoceooo", "external_id": "cadilgfilcmlmbekleigjmfhfkoceooo"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e5776629-7a48-4db5-abcb-f865c940b3af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.380025Z", "modified": "2026-06-02T15:57:33.380025Z", "name": "Malicious Extension: Microsoft Authenticator (fake, variant 2)", "description": "Malicious browser extension: Microsoft Authenticator (fake, variant 2) (kjjbepngcjggfigkpilafenaahlpdomg) Krebs/Nguyen May 2021 fake brand extension network. 45 extensions spoofed Adobe, Amazon, CBS, FITE, HBO, IMVU, Microsoft, Ring, Roku. Prompted users for personal/financial data. Network of fake Google reviewer accounts used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjjbepngcjggfigkpilafenaahlpdomg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjjbepngcjggfigkpilafenaahlpdomg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjjbepngcjggfigkpilafenaahlpdomg", "external_id": "kjjbepngcjggfigkpilafenaahlpdomg"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--07d89ae4-edae-471e-a37d-aaf501968bba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.38109Z", "modified": "2026-06-02T15:57:33.38109Z", "name": "Malicious Extension: Adobe Premiere Pro for Chrome (fake)", "description": "Malicious browser extension: Adobe Premiere Pro for Chrome (fake) (dclmmkinjdaochjinbhanlipdpmkdhfb) Krebs/Nguyen May 2021 fake brand extension network. 45 extensions spoofed Adobe, Amazon, CBS, FITE, HBO, IMVU, Microsoft, Ring, Roku. Prompted users for personal/financial data. Network of fake Google reviewer accounts used to boost credibility. ~100k combined downloads. All removed by Google. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dclmmkinjdaochjinbhanlipdpmkdhfb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dclmmkinjdaochjinbhanlipdpmkdhfb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dclmmkinjdaochjinbhanlipdpmkdhfb", "external_id": "dclmmkinjdaochjinbhanlipdpmkdhfb"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b283f3ca-5a4a-40f5-a933-58130c2afcf2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.382161Z", "modified": "2026-06-02T15:57:33.382161Z", "name": "Malicious Extension: HBO Max Stream TV & Movies (fake, variant 2)", "description": "Malicious browser extension: HBO Max Stream TV & Movies (fake, variant 2) (mncelcekoimhncibjkhcoejhmgfjmanl) Krebs/Nguyen May 2021 fake brand extension network. 45 extensions spoofed Adobe, Amazon, CBS, FITE, HBO, IMVU, Microsoft, Ring, Roku. Prompted users for personal/financial data. Network of fake Google reviewer accounts used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mncelcekoimhncibjkhcoejhmgfjmanl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mncelcekoimhncibjkhcoejhmgfjmanl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mncelcekoimhncibjkhcoejhmgfjmanl", "external_id": "mncelcekoimhncibjkhcoejhmgfjmanl"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e3acfd62-2650-4112-a7d7-02ed84b73e39", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.383257Z", "modified": "2026-06-02T15:57:33.383257Z", "name": "Malicious Extension: Ring (fake)", "description": "Malicious browser extension: Ring (fake) (hbalpgnomjolafhoomdmangogcmggdni) Krebs/Nguyen May 2021 fake brand extension network. 45 extensions spoofed Adobe, Amazon, CBS, FITE, HBO, IMVU, Microsoft, Ring, Roku. Prompted users for personal/financial data. Network of fake Google reviewer accounts used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hbalpgnomjolafhoomdmangogcmggdni']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hbalpgnomjolafhoomdmangogcmggdni", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hbalpgnomjolafhoomdmangogcmggdni", "external_id": "hbalpgnomjolafhoomdmangogcmggdni"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9ca7da2e-f4eb-44c3-a224-e86403aae3ef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.385618Z", "modified": "2026-06-02T15:57:33.385618Z", "name": "Malicious Extension: Amazon Music Songs & Podcasts (fake)", "description": "Malicious browser extension: Amazon Music Songs & Podcasts (fake) (eadnohgkalgkbmhiehaonnjekbdfeldi) Krebs/Nguyen May 2021 fake brand extension network. 45 extensions spoofed Adobe, Amazon, CBS, FITE, HBO, IMVU, Microsoft, Ring, Roku. Prompted users for personal/financial data. Network of fake Google reviewer accounts used to boost credibility. ~100k combined downloads. All removed by Google. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eadnohgkalgkbmhiehaonnjekbdfeldi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eadnohgkalgkbmhiehaonnjekbdfeldi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eadnohgkalgkbmhiehaonnjekbdfeldi", "external_id": "eadnohgkalgkbmhiehaonnjekbdfeldi"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ce207983-a3b0-493e-bd8a-f1217200cf6f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.38677Z", "modified": "2026-06-02T15:57:33.38677Z", "name": "Malicious Extension: Ultralight Photo Editor (fake)", "description": "Malicious browser extension: Ultralight Photo Editor (fake) (njmeabchibjdgopmacgnpjohlgheapkm) Krebs/Nguyen May 2021 fake brand extension network. 45 extensions spoofed Adobe, Amazon, CBS, FITE, HBO, IMVU, Microsoft, Ring, Roku. Prompted users for personal/financial data. Network of fake Google reviewer accounts used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njmeabchibjdgopmacgnpjohlgheapkm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njmeabchibjdgopmacgnpjohlgheapkm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njmeabchibjdgopmacgnpjohlgheapkm", "external_id": "njmeabchibjdgopmacgnpjohlgheapkm"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eda1ceba-543a-46e7-8ebf-67a43f30cbbf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.387928Z", "modified": "2026-06-02T15:57:33.387928Z", "name": "Malicious Extension: Amino Communities and Chats (fake)", "description": "Malicious browser extension: Amino Communities and Chats (fake) (jiodaacchgkgkgnmgmbjoommaebhnkke) Krebs/Nguyen May 2021 fake brand extension network. 45 extensions spoofed Adobe, Amazon, CBS, FITE, HBO, IMVU, Microsoft, Ring, Roku. Prompted users for personal/financial data. Network of fake Google reviewer accounts used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jiodaacchgkgkgnmgmbjoommaebhnkke']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jiodaacchgkgkgnmgmbjoommaebhnkke", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jiodaacchgkgkgnmgmbjoommaebhnkke", "external_id": "jiodaacchgkgkgnmgmbjoommaebhnkke"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f15548b5-43d4-4071-9625-138425b054a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.389027Z", "modified": "2026-06-02T15:57:33.389027Z", "name": "Malicious Extension: CBS Full Episodes & Live TV (fake)", "description": "Malicious browser extension: CBS Full Episodes & Live TV (fake) (gfmechkhphhhoofplogbnnabckliedjc) Krebs/Nguyen May 2021 fake brand extension network. 45 extensions spoofed Adobe, Amazon, CBS, FITE, HBO, IMVU, Microsoft, Ring, Roku. Prompted users for personal/financial data. Network of fake Google reviewer accounts used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gfmechkhphhhoofplogbnnabckliedjc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gfmechkhphhhoofplogbnnabckliedjc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gfmechkhphhhoofplogbnnabckliedjc", "external_id": "gfmechkhphhhoofplogbnnabckliedjc"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--729a500e-59f9-400f-9fd3-261c1912f1af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.390113Z", "modified": "2026-06-02T15:57:33.390113Z", "name": "Malicious Extension: FITE Boxing Wrestling MMA (fake)", "description": "Malicious browser extension: FITE Boxing Wrestling MMA (fake) (jnimfanjgmamoamlpfolknfooennpdef) Krebs/Nguyen May 2021 fake brand extension network. 45 extensions spoofed Adobe, Amazon, CBS, FITE, HBO, IMVU, Microsoft, Ring, Roku. Prompted users for personal/financial data. Network of fake Google reviewer accounts used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jnimfanjgmamoamlpfolknfooennpdef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jnimfanjgmamoamlpfolknfooennpdef", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jnimfanjgmamoamlpfolknfooennpdef", "external_id": "jnimfanjgmamoamlpfolknfooennpdef"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--96eec20f-8d64-4c76-8251-21a50d9c8a1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.391205Z", "modified": "2026-06-02T15:57:33.391205Z", "name": "Malicious Extension: IMVU (fake, variant 2)", "description": "Malicious browser extension: IMVU (fake, variant 2) (lkafchaokchbenjfmjnbbnpafijgleib) Krebs/Nguyen May 2021 fake brand extension network. 45 extensions spoofed Adobe, Amazon, CBS, FITE, HBO, IMVU, Microsoft, Ring, Roku. Prompted users for personal/financial data. Network of fake Google reviewer accounts used to boost credibility. ~100k combined downloads. All removed by Google.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lkafchaokchbenjfmjnbbnpafijgleib']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-05-29T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lkafchaokchbenjfmjnbbnpafijgleib", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lkafchaokchbenjfmjnbbnpafijgleib", "external_id": "lkafchaokchbenjfmjnbbnpafijgleib"}, {"source_name": "Original Research", "url": "https://docs.google.com/spreadsheets/d/1CcFc4mgGA9Ping8RZIh6MH5XUUFXyYdJlvO-xRMda1Q/edit"}, {"source_name": "Article", "url": "https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--75efad43-6b70-42b4-a2bd-9afb60da37de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.392598Z", "modified": "2026-06-02T15:57:33.392598Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (adjoknoacleghaejlggocbakidkoifle) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/adjoknoacleghaejlggocbakidkoifle']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:adjoknoacleghaejlggocbakidkoifle", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/adjoknoacleghaejlggocbakidkoifle", "external_id": "adjoknoacleghaejlggocbakidkoifle"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--22893554-746a-40f9-b140-d34106bd09b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.393853Z", "modified": "2026-06-02T15:57:33.393853Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (aedgpiecagcpmehhelbibfbgpfiafdkm) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aedgpiecagcpmehhelbibfbgpfiafdkm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:aedgpiecagcpmehhelbibfbgpfiafdkm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aedgpiecagcpmehhelbibfbgpfiafdkm", "external_id": "aedgpiecagcpmehhelbibfbgpfiafdkm"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--182ce899-e448-4493-a174-eb335f9951d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.394938Z", "modified": "2026-06-02T15:57:33.394938Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (agepkkdokhlaoiaenedmjbfnblfdiboc) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/agepkkdokhlaoiaenedmjbfnblfdiboc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:agepkkdokhlaoiaenedmjbfnblfdiboc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/agepkkdokhlaoiaenedmjbfnblfdiboc", "external_id": "agepkkdokhlaoiaenedmjbfnblfdiboc"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de09ee80-19ad-4bb1-9e94-a06970d62439", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.39605Z", "modified": "2026-06-02T15:57:33.39605Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (aikflfpejipbpjdlfabpgclhblkpaafo) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aikflfpejipbpjdlfabpgclhblkpaafo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:aikflfpejipbpjdlfabpgclhblkpaafo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aikflfpejipbpjdlfabpgclhblkpaafo", "external_id": "aikflfpejipbpjdlfabpgclhblkpaafo"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1b5df231-1853-4561-95be-50cd74f8cc62", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.397125Z", "modified": "2026-06-02T15:57:33.397125Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (ajfokipknlmjhcioemgnofkpmdnbaldi) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ajfokipknlmjhcioemgnofkpmdnbaldi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ajfokipknlmjhcioemgnofkpmdnbaldi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ajfokipknlmjhcioemgnofkpmdnbaldi", "external_id": "ajfokipknlmjhcioemgnofkpmdnbaldi"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9f08a9e2-41ef-4ba6-a065-b361cce55efb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.3982Z", "modified": "2026-06-02T15:57:33.3982Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (akmdionenlnfcipmdhbhcnkighafmdha) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akmdionenlnfcipmdhbhcnkighafmdha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:akmdionenlnfcipmdhbhcnkighafmdha", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akmdionenlnfcipmdhbhcnkighafmdha", "external_id": "akmdionenlnfcipmdhbhcnkighafmdha"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d668b1a2-1aaa-43f1-8b89-4a31808fe2cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.399291Z", "modified": "2026-06-02T15:57:33.399291Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (ambcheakfbokmebglefpbbphbccekhhl) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ambcheakfbokmebglefpbbphbccekhhl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ambcheakfbokmebglefpbbphbccekhhl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ambcheakfbokmebglefpbbphbccekhhl", "external_id": "ambcheakfbokmebglefpbbphbccekhhl"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a574313b-5523-4623-ab66-13bcfaa50ba0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.400373Z", "modified": "2026-06-02T15:57:33.400373Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (bajoeadpdidoahbhphmhejmbdmgnbdci) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bajoeadpdidoahbhphmhejmbdmgnbdci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bajoeadpdidoahbhphmhejmbdmgnbdci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bajoeadpdidoahbhphmhejmbdmgnbdci", "external_id": "bajoeadpdidoahbhphmhejmbdmgnbdci"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1ee8159e-e9b4-4823-8ad2-1f2b6065681a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.403013Z", "modified": "2026-06-02T15:57:33.403013Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (bjehnpiidogpaocjjfhnopdjcahigggm) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bjehnpiidogpaocjjfhnopdjcahigggm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bjehnpiidogpaocjjfhnopdjcahigggm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bjehnpiidogpaocjjfhnopdjcahigggm", "external_id": "bjehnpiidogpaocjjfhnopdjcahigggm"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6edbd14e-a0f6-42ea-a741-6f7cdfaed3f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.405379Z", "modified": "2026-06-02T15:57:33.405379Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (cahdpfhnokmnnjhoaoliabdbcbbokmgc) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cahdpfhnokmnnjhoaoliabdbcbbokmgc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cahdpfhnokmnnjhoaoliabdbcbbokmgc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cahdpfhnokmnnjhoaoliabdbcbbokmgc", "external_id": "cahdpfhnokmnnjhoaoliabdbcbbokmgc"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--18329c33-8e11-4a5b-9509-3faff12dd373", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.406689Z", "modified": "2026-06-02T15:57:33.406689Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (ceofheakaalaecnecdkdanhejojkpeai) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ceofheakaalaecnecdkdanhejojkpeai']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ceofheakaalaecnecdkdanhejojkpeai", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ceofheakaalaecnecdkdanhejojkpeai", "external_id": "ceofheakaalaecnecdkdanhejojkpeai"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--402afad3-3391-4847-bfbc-4f90fd522bdc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.407945Z", "modified": "2026-06-02T15:57:33.407945Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (cfgiodgnkinmacjkgjgdejeciohojglp) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cfgiodgnkinmacjkgjgdejeciohojglp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cfgiodgnkinmacjkgjgdejeciohojglp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cfgiodgnkinmacjkgjgdejeciohojglp", "external_id": "cfgiodgnkinmacjkgjgdejeciohojglp"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--115362c6-25ac-4858-bf7c-431536a98403", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.409116Z", "modified": "2026-06-02T15:57:33.409116Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (cicnbbdlbjaoioilpbdioeeaockgbhfi) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cicnbbdlbjaoioilpbdioeeaockgbhfi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cicnbbdlbjaoioilpbdioeeaockgbhfi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cicnbbdlbjaoioilpbdioeeaockgbhfi", "external_id": "cicnbbdlbjaoioilpbdioeeaockgbhfi"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d78981eb-eaf3-4e4c-80ad-7b70eaa9aaf9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.410249Z", "modified": "2026-06-02T15:57:33.410249Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (cjlabngphhjjdapemkdnpgkpebkpjbbe) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cjlabngphhjjdapemkdnpgkpebkpjbbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cjlabngphhjjdapemkdnpgkpebkpjbbe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cjlabngphhjjdapemkdnpgkpebkpjbbe", "external_id": "cjlabngphhjjdapemkdnpgkpebkpjbbe"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c2b6aed7-6804-4c84-97a4-a12b5e5da7fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.411383Z", "modified": "2026-06-02T15:57:33.411383Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (codgofkgobbmgglciccjabipdlgefnch) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/codgofkgobbmgglciccjabipdlgefnch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:codgofkgobbmgglciccjabipdlgefnch", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/codgofkgobbmgglciccjabipdlgefnch", "external_id": "codgofkgobbmgglciccjabipdlgefnch"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9069cb40-1400-4cf2-9bfa-76cfa01b9aec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.412691Z", "modified": "2026-06-02T15:57:33.412691Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (cphibdhgbdoekmkkcbbaoogedpfibeme) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cphibdhgbdoekmkkcbbaoogedpfibeme']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cphibdhgbdoekmkkcbbaoogedpfibeme", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cphibdhgbdoekmkkcbbaoogedpfibeme", "external_id": "cphibdhgbdoekmkkcbbaoogedpfibeme"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ada291ea-31c1-487e-b7bb-cace28b8c0ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.413779Z", "modified": "2026-06-02T15:57:33.413779Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (dakebdbeofhmlnmjlmhjdmmjmfohiicn) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dakebdbeofhmlnmjlmhjdmmjmfohiicn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dakebdbeofhmlnmjlmhjdmmjmfohiicn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dakebdbeofhmlnmjlmhjdmmjmfohiicn", "external_id": "dakebdbeofhmlnmjlmhjdmmjmfohiicn"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9c0b7e97-55df-476b-a6b7-1a750cb54426", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.414872Z", "modified": "2026-06-02T15:57:33.414872Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (dbfmnekepjoapopniengjbcpnbljalfg) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dbfmnekepjoapopniengjbcpnbljalfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dbfmnekepjoapopniengjbcpnbljalfg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dbfmnekepjoapopniengjbcpnbljalfg", "external_id": "dbfmnekepjoapopniengjbcpnbljalfg"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f75c0acc-4278-49a5-a0fb-1a5bb8864f1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.415985Z", "modified": "2026-06-02T15:57:33.415985Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (dekjibpkbhgbnmnfibnibnjoccaphfog) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dekjibpkbhgbnmnfibnibnjoccaphfog']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dekjibpkbhgbnmnfibnibnjoccaphfog", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dekjibpkbhgbnmnfibnibnjoccaphfog", "external_id": "dekjibpkbhgbnmnfibnibnjoccaphfog"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--47c2c410-63c9-487c-b078-475dee7f5401", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.417069Z", "modified": "2026-06-02T15:57:33.417069Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (dihekmadkkcgnffajefocfamnpimlhah) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dihekmadkkcgnffajefocfamnpimlhah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dihekmadkkcgnffajefocfamnpimlhah", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dihekmadkkcgnffajefocfamnpimlhah", "external_id": "dihekmadkkcgnffajefocfamnpimlhah"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--137b48c1-c877-4f95-9a5f-cb919d479448", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.418158Z", "modified": "2026-06-02T15:57:33.418158Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (dijcdmefkmlhnbkcejcmepheakikgpdg) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dijcdmefkmlhnbkcejcmepheakikgpdg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dijcdmefkmlhnbkcejcmepheakikgpdg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dijcdmefkmlhnbkcejcmepheakikgpdg", "external_id": "dijcdmefkmlhnbkcejcmepheakikgpdg"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dede0167-c7ff-4ae4-9893-ee1f5d019c3c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.419251Z", "modified": "2026-06-02T15:57:33.419251Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (djkddblnfgendjoklmfmocaboelkmdkm) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/djkddblnfgendjoklmfmocaboelkmdkm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:djkddblnfgendjoklmfmocaboelkmdkm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/djkddblnfgendjoklmfmocaboelkmdkm", "external_id": "djkddblnfgendjoklmfmocaboelkmdkm"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b01cdada-e01b-4965-891c-4ea6cacfc626", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.420532Z", "modified": "2026-06-02T15:57:33.420532Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (dkbpkjhegfanacodkmfjeackckmehkfp) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkbpkjhegfanacodkmfjeackckmehkfp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dkbpkjhegfanacodkmfjeackckmehkfp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkbpkjhegfanacodkmfjeackckmehkfp", "external_id": "dkbpkjhegfanacodkmfjeackckmehkfp"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4847da32-6341-4fe5-9d69-f51f850c1d29", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.421614Z", "modified": "2026-06-02T15:57:33.421614Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (dlfjoijnhjeagkenhbililbdiooginng) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dlfjoijnhjeagkenhbililbdiooginng']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dlfjoijnhjeagkenhbililbdiooginng", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dlfjoijnhjeagkenhbililbdiooginng", "external_id": "dlfjoijnhjeagkenhbililbdiooginng"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d59bda03-7cd6-4f2a-bccf-3f022c022e20", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.42269Z", "modified": "2026-06-02T15:57:33.42269Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (doeomodlafdbbnajjllemacdfphbbohl) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/doeomodlafdbbnajjllemacdfphbbohl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:doeomodlafdbbnajjllemacdfphbbohl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/doeomodlafdbbnajjllemacdfphbbohl", "external_id": "doeomodlafdbbnajjllemacdfphbbohl"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c41b7f49-93f2-426d-b71b-f27e395c081e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.423781Z", "modified": "2026-06-02T15:57:33.423781Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (dpdgjbnanmmlikideilnpfjjdbmneanf) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dpdgjbnanmmlikideilnpfjjdbmneanf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dpdgjbnanmmlikideilnpfjjdbmneanf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dpdgjbnanmmlikideilnpfjjdbmneanf", "external_id": "dpdgjbnanmmlikideilnpfjjdbmneanf"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7a0cecf1-cab3-4469-8ee5-15466998a857", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.424853Z", "modified": "2026-06-02T15:57:33.424853Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (ebhomdageggjbmomenipfbhcjamfkmbl) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ebhomdageggjbmomenipfbhcjamfkmbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ebhomdageggjbmomenipfbhcjamfkmbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ebhomdageggjbmomenipfbhcjamfkmbl", "external_id": "ebhomdageggjbmomenipfbhcjamfkmbl"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d9ae177f-4442-4adf-be15-af2fb50cd0d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.425929Z", "modified": "2026-06-02T15:57:33.425929Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (edojphplonjclmfckdiolpahpgcanjnh) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edojphplonjclmfckdiolpahpgcanjnh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:edojphplonjclmfckdiolpahpgcanjnh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edojphplonjclmfckdiolpahpgcanjnh", "external_id": "edojphplonjclmfckdiolpahpgcanjnh"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0c288a9b-43ad-4f30-b915-8dd057647fa2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.427009Z", "modified": "2026-06-02T15:57:33.427009Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (eijnkinhnplaekpllmgbbfieecdhcmcp) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eijnkinhnplaekpllmgbbfieecdhcmcp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:eijnkinhnplaekpllmgbbfieecdhcmcp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eijnkinhnplaekpllmgbbfieecdhcmcp", "external_id": "eijnkinhnplaekpllmgbbfieecdhcmcp"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aa313154-5f62-41d9-b1a3-6097fc0ede3c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.428275Z", "modified": "2026-06-02T15:57:33.428275Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (epepbcdeelckgplpmmmnmjplbeipgllo) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/epepbcdeelckgplpmmmnmjplbeipgllo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:epepbcdeelckgplpmmmnmjplbeipgllo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/epepbcdeelckgplpmmmnmjplbeipgllo", "external_id": "epepbcdeelckgplpmmmnmjplbeipgllo"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--344e4685-2b84-4d8d-8153-8c0d8cdc90cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.429362Z", "modified": "2026-06-02T15:57:33.429362Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (fllcifcfhgmmfpogmpedgbjccnjalpjo) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fllcifcfhgmmfpogmpedgbjccnjalpjo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fllcifcfhgmmfpogmpedgbjccnjalpjo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fllcifcfhgmmfpogmpedgbjccnjalpjo", "external_id": "fllcifcfhgmmfpogmpedgbjccnjalpjo"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--231e0366-65fe-4ecf-9543-833554c2d3ab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.43048Z", "modified": "2026-06-02T15:57:33.43048Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (fmgaogkbodhdhhbgkphhbokciiecllno) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmgaogkbodhdhhbgkphhbokciiecllno']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fmgaogkbodhdhhbgkphhbokciiecllno", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmgaogkbodhdhhbgkphhbokciiecllno", "external_id": "fmgaogkbodhdhhbgkphhbokciiecllno"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c46e62a7-3e43-4b39-9f16-60d476bdaaa0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.4316Z", "modified": "2026-06-02T15:57:33.4316Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (fmiefmaepcnjahoajkfckenfngfehhma) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmiefmaepcnjahoajkfckenfngfehhma']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fmiefmaepcnjahoajkfckenfngfehhma", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmiefmaepcnjahoajkfckenfngfehhma", "external_id": "fmiefmaepcnjahoajkfckenfngfehhma"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c5793bc3-b939-4483-8226-86fa9782b324", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.432697Z", "modified": "2026-06-02T15:57:33.432697Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (gndlcpbcmhbcaadppjjekgbhfhceeikm) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gndlcpbcmhbcaadppjjekgbhfhceeikm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gndlcpbcmhbcaadppjjekgbhfhceeikm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gndlcpbcmhbcaadppjjekgbhfhceeikm", "external_id": "gndlcpbcmhbcaadppjjekgbhfhceeikm"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--535c5de1-e4f2-4dce-8052-7770627d9b8e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.43377Z", "modified": "2026-06-02T15:57:33.43377Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (goiffchdhlcehhgdpdbocefkohlhmlom) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/goiffchdhlcehhgdpdbocefkohlhmlom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:goiffchdhlcehhgdpdbocefkohlhmlom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/goiffchdhlcehhgdpdbocefkohlhmlom", "external_id": "goiffchdhlcehhgdpdbocefkohlhmlom"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6aeca9f9-8b7b-452a-8e41-ac2a8f32d7b5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.434844Z", "modified": "2026-06-02T15:57:33.434844Z", "name": "Malicious Extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed)", "description": "Malicious browser extension: DarkSpectre ShadyPanda expansion / Zoom Stealer (name unconfirmed) (hbjeophpjnopmeheabcilmgdhnnjbmbo) DarkSpectre (China-attributed) ShadyPanda expansion cluster. 100+ extensions connected to same infinitynewtab.com/jt2x.com infrastructure. Mix of Zoom Stealer (meeting intelligence harvesting from 28+ conferencing platforms via WebSocket) and ShadyPanda affiliate fraud/surveillance. Individual extension names unconfirmed \u2014 ID is the stable identifier.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hbjeophpjnopmeheabcilmgdhnnjbmbo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hbjeophpjnopmeheabcilmgdhnnjbmbo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hbjeophpjnopmeheabcilmgdhnnjbmbo", "external_id": "hbjeophpjnopmeheabcilmgdhnnjbmbo"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--95f88ea9-2d65-46dd-b66f-eca6225e4347", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.436406Z", "modified": "2026-06-02T15:57:33.436406Z", "name": "Malicious Extension: VK Styles - Themes for vk.com", "description": "Malicious browser extension: VK Styles - Themes for vk.com (ceibjdigmfbbgcpkkdpmjokkokklodmc) VK Styles campaign (threat actor 2vk). 5 Chrome extensions targeting VKontakte users. Lead extension VK Styles - Themes for vk.com had 400,000 installs. Used VK profile metadata as dead-drop C2. Auto-subscribed users to attacker VK group (75% prob/session), reset account settings every 30 days, manipulated CSRF tokens. Active Jun 2025-Jan 2026. Extension removed Feb 6 2026. Campaign also named in relation to 500k+ hijacked VK accounts.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ceibjdigmfbbgcpkkdpmjokkokklodmc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-02-12T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ceibjdigmfbbgcpkkdpmjokkokklodmc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ceibjdigmfbbgcpkkdpmjokkokklodmc", "external_id": "ceibjdigmfbbgcpkkdpmjokkokklodmc"}, {"source_name": "Original Research", "url": "https://www.koi.ai/blog/vk-styles-500k-users-infected-by-chrome-extensions-that-hijack-vkontakte-accounts"}, {"source_name": "Article", "url": "https://therecord.media/500000-vkontakte-accounts-hijacked-chrome-extensions"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4a5fbb04-151c-4476-960f-17ce121e6017", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.437772Z", "modified": "2026-06-02T15:57:33.437772Z", "name": "Malicious Extension: Where is Cookie?", "description": "Malicious browser extension: Where is Cookie? (emedckhdnioeieppmeojgegjfkhdlaeo) Cyberhaven Dec 2024 OAuth phishing supply chain attack. Developer credentials compromised via fake 'Privacy Policy Extension' OAuth app. Malicious code exfiltrated Facebook access tokens, cookies, session tokens. Campaign active Mar 2024\u2013Dec 2024, C2: sclpfybn.com / tnagofsg.com. 36 total extensions confirmed compromised, ~2.6M users affected.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/emedckhdnioeieppmeojgegjfkhdlaeo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-01T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:emedckhdnioeieppmeojgegjfkhdlaeo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/emedckhdnioeieppmeojgegjfkhdlaeo", "external_id": "emedckhdnioeieppmeojgegjfkhdlaeo"}, {"source_name": "Original Research", "url": "https://rhisac.org/threat-intelligence/cyberhaven-extension-compromise-part-of-broader-campaign-affecting-multiple-chrome-extensions/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--36c5c124-021d-405f-9b3d-495c2525f505", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.438868Z", "modified": "2026-06-02T15:57:33.438868Z", "name": "Malicious Extension: Web3Password Manager", "description": "Malicious browser extension: Web3Password Manager (pdkmmfdfggfpibdjbbghggcllhhainjo) Cyberhaven Dec 2024 OAuth phishing supply chain attack. Developer credentials compromised via fake 'Privacy Policy Extension' OAuth app. Malicious code exfiltrated Facebook access tokens, cookies, session tokens. Campaign active Mar 2024\u2013Dec 2024, C2: sclpfybn.com / tnagofsg.com. 36 total extensions confirmed compromised, ~2.6M users affected.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdkmmfdfggfpibdjbbghggcllhhainjo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pdkmmfdfggfpibdjbbghggcllhhainjo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdkmmfdfggfpibdjbbghggcllhhainjo", "external_id": "pdkmmfdfggfpibdjbbghggcllhhainjo"}, {"source_name": "Original Research", "url": "https://rhisac.org/threat-intelligence/cyberhaven-extension-compromise-part-of-broader-campaign-affecting-multiple-chrome-extensions/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f8e34347-547d-427e-b243-08f666b43e32", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.439999Z", "modified": "2026-06-02T15:57:33.439999Z", "name": "Malicious Extension: GPT 4 Summary with OpenAI", "description": "Malicious browser extension: GPT 4 Summary with OpenAI (fbmlcbhdmilaggedifpihjgkkmdgeljh) Cyberhaven Dec 2024 OAuth phishing supply chain attack. Developer credentials compromised via fake 'Privacy Policy Extension' OAuth app. Malicious code exfiltrated Facebook access tokens, cookies, session tokens. Campaign active Mar 2024\u2013Dec 2024, C2: sclpfybn.com / tnagofsg.com. 36 total extensions confirmed compromised, ~2.6M users affected.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbmlcbhdmilaggedifpihjgkkmdgeljh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-12-30T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fbmlcbhdmilaggedifpihjgkkmdgeljh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbmlcbhdmilaggedifpihjgkkmdgeljh", "external_id": "fbmlcbhdmilaggedifpihjgkkmdgeljh"}, {"source_name": "Original Research", "url": "https://rhisac.org/threat-intelligence/cyberhaven-extension-compromise-part-of-broader-campaign-affecting-multiple-chrome-extensions/"}, {"source_name": "Article", "url": "https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--608ebb34-8b14-43e2-b9fd-680c308500ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.442305Z", "modified": "2026-06-02T15:57:33.442305Z", "name": "Malicious Extension: Unlock TikTok", "description": "Malicious browser extension: Unlock TikTok (jjdajogomggcjifnjgkpghcijgkbcjdi) RedDirection / Koi Security Jul 2025 campaign. Edge browser extensions. Sleeper agents that activate browser hijacking on each page navigation: capture URL, send to C2 with unique user ID, receive redirect instructions. C2 domains: admitab.com, edmitab.com, click.videocontrolls.com, etc. 2.3M total users across Chrome+Edge. Most removed from stores.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/jjdajogomggcjifnjgkpghcijgkbcjdi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-09T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jjdajogomggcjifnjgkpghcijgkbcjdi", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/jjdajogomggcjifnjgkpghcijgkbcjdi", "external_id": "jjdajogomggcjifnjgkpghcijgkbcjdi"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/07/millions-of-people-spied-on-by-malicious-browser-extensions-in-chrome-and-edge"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1ea3a474-54db-45cc-9c26-36f1a47969ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.443459Z", "modified": "2026-06-02T15:57:33.443459Z", "name": "Malicious Extension: Volume Booster", "description": "Malicious browser extension: Volume Booster (mmcnmppeeghenglmidpmjkaiamcacmgm) RedDirection / Koi Security Jul 2025 campaign. Edge browser extensions. Sleeper agents that activate browser hijacking on each page navigation: capture URL, send to C2 with unique user ID, receive redirect instructions. C2 domains: admitab.com, edmitab.com, click.videocontrolls.com, etc. 2.3M total users across Chrome+Edge. Most removed from stores.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/mmcnmppeeghenglmidpmjkaiamcacmgm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-09T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mmcnmppeeghenglmidpmjkaiamcacmgm", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/mmcnmppeeghenglmidpmjkaiamcacmgm", "external_id": "mmcnmppeeghenglmidpmjkaiamcacmgm"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/07/millions-of-people-spied-on-by-malicious-browser-extensions-in-chrome-and-edge"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--81ba5a2e-7e61-41cf-ba1c-af45e81ba726", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.444762Z", "modified": "2026-06-02T15:57:33.444762Z", "name": "Malicious Extension: Web Sound Equalizer", "description": "Malicious browser extension: Web Sound Equalizer (ojdkklpgpacpicaobnhankbalkkgaafp) RedDirection / Koi Security Jul 2025 campaign. Edge browser extensions. Sleeper agents that activate browser hijacking on each page navigation: capture URL, send to C2 with unique user ID, receive redirect instructions. C2 domains: admitab.com, edmitab.com, click.videocontrolls.com, etc. 2.3M total users across Chrome+Edge. Most removed from stores.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/ojdkklpgpacpicaobnhankbalkkgaafp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-09T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ojdkklpgpacpicaobnhankbalkkgaafp", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/ojdkklpgpacpicaobnhankbalkkgaafp", "external_id": "ojdkklpgpacpicaobnhankbalkkgaafp"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/07/millions-of-people-spied-on-by-malicious-browser-extensions-in-chrome-and-edge"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b5ec2c10-1844-4234-9487-5a1b0e108104", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.445864Z", "modified": "2026-06-02T15:57:33.445864Z", "name": "Malicious Extension: Header Value", "description": "Malicious browser extension: Header Value (lodeighbngipjjedfelnboplhgediclp) RedDirection / Koi Security Jul 2025 campaign. Edge browser extensions. Sleeper agents that activate browser hijacking on each page navigation: capture URL, send to C2 with unique user ID, receive redirect instructions. C2 domains: admitab.com, edmitab.com, click.videocontrolls.com, etc. 2.3M total users across Chrome+Edge. Most removed from stores.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/lodeighbngipjjedfelnboplhgediclp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-09T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lodeighbngipjjedfelnboplhgediclp", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/lodeighbngipjjedfelnboplhgediclp", "external_id": "lodeighbngipjjedfelnboplhgediclp"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/07/millions-of-people-spied-on-by-malicious-browser-extensions-in-chrome-and-edge"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--77a80772-48dd-4f81-b058-a405dbde2900", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.446948Z", "modified": "2026-06-02T15:57:33.446948Z", "name": "Malicious Extension: Flash Player", "description": "Malicious browser extension: Flash Player (hkjagicdaogfgdifaklcgajmgefjllmd) RedDirection / Koi Security Jul 2025 campaign. Edge browser extensions. Sleeper agents that activate browser hijacking on each page navigation: capture URL, send to C2 with unique user ID, receive redirect instructions. C2 domains: admitab.com, edmitab.com, click.videocontrolls.com, etc. 2.3M total users across Chrome+Edge. Most removed from stores.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/hkjagicdaogfgdifaklcgajmgefjllmd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-09T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hkjagicdaogfgdifaklcgajmgefjllmd", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/hkjagicdaogfgdifaklcgajmgefjllmd", "external_id": "hkjagicdaogfgdifaklcgajmgefjllmd"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/07/millions-of-people-spied-on-by-malicious-browser-extensions-in-chrome-and-edge"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--18d1ac69-085e-4f7b-aa97-95c4a3d813aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.448056Z", "modified": "2026-06-02T15:57:33.448056Z", "name": "Malicious Extension: Youtube Unblocked", "description": "Malicious browser extension: Youtube Unblocked (gflkbgebojohihfnnplhbdakoipdbpdm) RedDirection / Koi Security Jul 2025 campaign. Edge browser extensions. Sleeper agents that activate browser hijacking on each page navigation: capture URL, send to C2 with unique user ID, receive redirect instructions. C2 domains: admitab.com, edmitab.com, click.videocontrolls.com, etc. 2.3M total users across Chrome+Edge. Most removed from stores.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/gflkbgebojohihfnnplhbdakoipdbpdm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-09T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gflkbgebojohihfnnplhbdakoipdbpdm", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/gflkbgebojohihfnnplhbdakoipdbpdm", "external_id": "gflkbgebojohihfnnplhbdakoipdbpdm"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/07/millions-of-people-spied-on-by-malicious-browser-extensions-in-chrome-and-edge"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--55c69568-c9ac-4468-b7cb-8c9e2d0da820", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.449148Z", "modified": "2026-06-02T15:57:33.449148Z", "name": "Malicious Extension: SearchGPT", "description": "Malicious browser extension: SearchGPT (kpilmncnoafddjpnbhepaiilgkdcieaf) RedDirection / Koi Security Jul 2025 campaign. Edge browser extensions. Sleeper agents that activate browser hijacking on each page navigation: capture URL, send to C2 with unique user ID, receive redirect instructions. C2 domains: admitab.com, edmitab.com, click.videocontrolls.com, etc. 2.3M total users across Chrome+Edge. Most removed from stores.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/kpilmncnoafddjpnbhepaiilgkdcieaf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-09T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kpilmncnoafddjpnbhepaiilgkdcieaf", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/kpilmncnoafddjpnbhepaiilgkdcieaf", "external_id": "kpilmncnoafddjpnbhepaiilgkdcieaf"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/07/millions-of-people-spied-on-by-malicious-browser-extensions-in-chrome-and-edge"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--03e8d00d-0ff4-4174-b23a-4c18754232e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.450234Z", "modified": "2026-06-02T15:57:33.450234Z", "name": "Malicious Extension: Unlock Discord", "description": "Malicious browser extension: Unlock Discord (caibdnkmpnjhjdfnomfhijhmebigcelo) RedDirection / Koi Security Jul 2025 campaign. Edge browser extensions. Sleeper agents that activate browser hijacking on each page navigation: capture URL, send to C2 with unique user ID, receive redirect instructions. C2 domains: admitab.com, edmitab.com, click.videocontrolls.com, etc. 2.3M total users across Chrome+Edge. Most removed from stores.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://microsoftedge.microsoft.com/addons/detail/caibdnkmpnjhjdfnomfhijhmebigcelo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-07-09T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:caibdnkmpnjhjdfnomfhijhmebigcelo", "browser:edge"], "external_references": [{"source_name": "Edge Add-ons", "url": "https://microsoftedge.microsoft.com/addons/detail/caibdnkmpnjhjdfnomfhijhmebigcelo", "external_id": "caibdnkmpnjhjdfnomfhijhmebigcelo"}, {"source_name": "Original Research", "url": "https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5"}, {"source_name": "Article", "url": "https://www.malwarebytes.com/blog/news/2025/07/millions-of-people-spied-on-by-malicious-browser-extensions-in-chrome-and-edge"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--294f2bc0-ebb2-43d2-94d1-4eeb6133d73b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.451649Z", "modified": "2026-06-02T15:57:33.451649Z", "name": "Malicious Extension: Fire Shield Extension Protection", "description": "Malicious browser extension: Fire Shield Extension Protection (ndajnaaobjaganokllcgbapngenfbgkc) Secure Annex unknow.com spyware campaign (Apr 2025). 300,000 users. 57 total extensions linked by shared unknow[.]com domain in background services code. Heavily obfuscated, unlisted from Chrome Web Store search. Capabilities: cookie theft, browsing history tracking, C2 remote control, tab management, script injection. Most removed after Tuckner report. Full list in private Secure Annex spreadsheet.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ndajnaaobjaganokllcgbapngenfbgkc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-04-10T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ndajnaaobjaganokllcgbapngenfbgkc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ndajnaaobjaganokllcgbapngenfbgkc", "external_id": "ndajnaaobjaganokllcgbapngenfbgkc"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/searching-for-something-unknow/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aaca950f-9024-4df7-bfbd-73d687ce45a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.452904Z", "modified": "2026-06-02T15:57:33.452904Z", "name": "Malicious Extension: Total Safety for Chrome", "description": "Malicious browser extension: Total Safety for Chrome (jeahgicmhigopdgilnmclihdjjlhnmop) Secure Annex unknow.com spyware campaign (Apr 2025). 300,000 users. 57 total extensions linked by shared unknow[.]com domain in background services code. Heavily obfuscated, unlisted from Chrome Web Store search. Capabilities: cookie theft, browsing history tracking, C2 remote control, tab management, script injection. Most removed after Tuckner report. Full list in private Secure Annex spreadsheet.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jeahgicmhigopdgilnmclihdjjlhnmop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-04-10T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jeahgicmhigopdgilnmclihdjjlhnmop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jeahgicmhigopdgilnmclihdjjlhnmop", "external_id": "jeahgicmhigopdgilnmclihdjjlhnmop"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/searching-for-something-unknow/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--427de524-877f-4bd9-b85b-2058000c7ca0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.453997Z", "modified": "2026-06-02T15:57:33.453997Z", "name": "Malicious Extension: Cuponomia - Coupon and Cashback", "description": "Malicious browser extension: Cuponomia - Coupon and Cashback (gidejehfgombmkfflghejpncblgfkagj) Secure Annex unknow.com spyware campaign (Apr 2025). 700,000 users. 57 total extensions linked by shared unknow[.]com domain in background services code. Heavily obfuscated, unlisted from Chrome Web Store search. Capabilities: cookie theft, browsing history tracking, C2 remote control, tab management, script injection. Most removed after Tuckner report. Full list in private Secure Annex spreadsheet. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gidejehfgombmkfflghejpncblgfkagj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-04-10T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gidejehfgombmkfflghejpncblgfkagj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gidejehfgombmkfflghejpncblgfkagj", "external_id": "gidejehfgombmkfflghejpncblgfkagj"}, {"source_name": "Original Research", "url": "https://secureannex.com/blog/searching-for-something-unknow/"}, {"source_name": "Article", "url": "https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de1365bb-9578-4943-98f2-8c20e326ae8a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.455342Z", "modified": "2026-06-02T15:57:33.455342Z", "name": "Malicious Extension: Freemybrowser", "description": "Malicious browser extension: Freemybrowser (bibmocmlcdhadgblaekimealfcnafgfn) adindex ad fraud campaign (Palant Feb 2025). 10,000 users. Part of cluster sharing malicious remote code execution functionality. Downloads JS payload from Firebase/internetdownloadmanager.top, disables CSP on all pages, replays recorded browsing sessions to commit ad fraud for adindex advertisers. C2: internetdownloadmanager.top, sslcertifications.org. Malicious update removed after researcher contact. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bibmocmlcdhadgblaekimealfcnafgfn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bibmocmlcdhadgblaekimealfcnafgfn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bibmocmlcdhadgblaekimealfcnafgfn", "external_id": "bibmocmlcdhadgblaekimealfcnafgfn"}, {"source_name": "Article", "url": "https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a3cbc5ea-e75e-4617-878f-a28933d870f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.456379Z", "modified": "2026-06-02T15:57:33.456379Z", "name": "Malicious Extension: AutoHD for Twitch\u2122", "description": "Malicious browser extension: AutoHD for Twitch\u2122 (didbenpmfaidkhohcliedfmgbepkakam) adindex ad fraud campaign (Palant Feb 2025). 195 users. Part of cluster sharing malicious remote code execution functionality. Downloads JS payload from Firebase/internetdownloadmanager.top, disables CSP on all pages, replays recorded browsing sessions to commit ad fraud for adindex advertisers. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/didbenpmfaidkhohcliedfmgbepkakam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:didbenpmfaidkhohcliedfmgbepkakam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/didbenpmfaidkhohcliedfmgbepkakam", "external_id": "didbenpmfaidkhohcliedfmgbepkakam"}, {"source_name": "Article", "url": "https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2b277a61-d5a3-4ab0-83fc-3320b4883ac6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.457401Z", "modified": "2026-06-02T15:57:33.457401Z", "name": "Malicious Extension: Free simple Adult Blocker with password", "description": "Malicious browser extension: Free simple Adult Blocker with password (fgfoepffhjiinifbddlalpiamnfkdnim) adindex ad fraud campaign (Palant Feb 2025). 1,000 users. Part of cluster sharing malicious remote code execution functionality. Downloads JS payload from Firebase/internetdownloadmanager.top, disables CSP on all pages, replays recorded browsing sessions to commit ad fraud for adindex advertisers. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fgfoepffhjiinifbddlalpiamnfkdnim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fgfoepffhjiinifbddlalpiamnfkdnim", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fgfoepffhjiinifbddlalpiamnfkdnim", "external_id": "fgfoepffhjiinifbddlalpiamnfkdnim"}, {"source_name": "Article", "url": "https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5a2d07b4-a2b8-474a-8579-444e6bd5816f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.458417Z", "modified": "2026-06-02T15:57:33.458417Z", "name": "Malicious Extension: Convert PDF to JPEG/PNG", "description": "Malicious browser extension: Convert PDF to JPEG/PNG (fkbmahbmakfabmbbjepgldgodbphahgc) adindex ad fraud campaign (Palant Feb 2025). 20,000 users. Ownership transfer 2024 followed by privilege expansion Sep 2024. Part of cluster sharing malicious remote code execution functionality. Downloads JS payload from Firebase/internetdownloadmanager.top, disables CSP on all pages, replays recorded browsing sessions to commit ad fraud for adindex advertisers.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fkbmahbmakfabmbbjepgldgodbphahgc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fkbmahbmakfabmbbjepgldgodbphahgc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fkbmahbmakfabmbbjepgldgodbphahgc", "external_id": "fkbmahbmakfabmbbjepgldgodbphahgc"}, {"source_name": "Article", "url": "https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6a8510aa-cff6-41ce-b18e-7a6efcd67bc4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.459447Z", "modified": "2026-06-02T15:57:33.459447Z", "name": "Malicious Extension: Download Manager Integration Checklist", "description": "Malicious browser extension: Download Manager Integration Checklist (ghkcpcihdonjljjddkmjccibagkjohpi) adindex ad fraud campaign (Palant Feb 2025). 70,000 users. Featured. Primary subject of analysis. Ownership transfer 2024. Downloads JS payload from Firebase/internetdownloadmanager.top, disables CSP on all pages, uses Bloom filter to target adindex advertiser domains, replays recorded browsing sessions via WebSocket C2 to commit ad fraud. Previously called IDM Integration Module. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ghkcpcihdonjljjddkmjccibagkjohpi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ghkcpcihdonjljjddkmjccibagkjohpi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ghkcpcihdonjljjddkmjccibagkjohpi", "external_id": "ghkcpcihdonjljjddkmjccibagkjohpi"}, {"source_name": "Article", "url": "https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c55c23cc-90e6-4139-b539-c56d804bd4a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.460627Z", "modified": "2026-06-02T15:57:33.460627Z", "name": "Malicious Extension: Auto Resolution Quality for YouTube\u2122", "description": "Malicious browser extension: Auto Resolution Quality for YouTube\u2122 (hdangknebhddccoocjodjkbgbbedeaam) adindex ad fraud campaign (Palant Feb 2025). 223 users. Appears non-malicious at time of report but shares code traits with malicious cluster. Developed by eokoko GmbH whose director is same adindex developer behind campaign. Included as associated IOC. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdangknebhddccoocjodjkbgbbedeaam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdangknebhddccoocjodjkbgbbedeaam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdangknebhddccoocjodjkbgbbedeaam", "external_id": "hdangknebhddccoocjodjkbgbbedeaam"}, {"source_name": "Article", "url": "https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a3fd7a6a-ef30-4c00-9e42-5b0b2a666278", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.461642Z", "modified": "2026-06-02T15:57:33.461642Z", "name": "Malicious Extension: Adblock.mx - Adblock for Chrome", "description": "Malicious browser extension: Adblock.mx - Adblock for Chrome (hmaeodbfmgikoddffcfoedogkkiifhfe) adindex ad fraud campaign (Palant Feb 2025). 1,000 users. Featured. Part of cluster sharing malicious remote code execution functionality. Downloads JS payload from Firebase/internetdownloadmanager.top, disables CSP on all pages, replays recorded browsing sessions to commit ad fraud for adindex advertisers. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmaeodbfmgikoddffcfoedogkkiifhfe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmaeodbfmgikoddffcfoedogkkiifhfe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmaeodbfmgikoddffcfoedogkkiifhfe", "external_id": "hmaeodbfmgikoddffcfoedogkkiifhfe"}, {"source_name": "Article", "url": "https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--926c9c28-bdb1-44b3-a43c-b2171a552656", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.462662Z", "modified": "2026-06-02T15:57:33.462662Z", "name": "Malicious Extension: Auto Quality for YouTube\u2122", "description": "Malicious browser extension: Auto Quality for YouTube\u2122 (iaddfgegjgjelgkanamleadckkpnjpjc) adindex ad fraud campaign (Palant Feb 2025). 100,000 users. Largest in cluster. Associated with MegaXT website whose owner is adindex developer. Running remote code since at least 2021. Part of cluster sharing malicious remote code execution functionality. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iaddfgegjgjelgkanamleadckkpnjpjc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iaddfgegjgjelgkanamleadckkpnjpjc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iaddfgegjgjelgkanamleadckkpnjpjc", "external_id": "iaddfgegjgjelgkanamleadckkpnjpjc"}, {"source_name": "Article", "url": "https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1bf3807c-834c-4e17-8a61-5cf2ecb3e993", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.46369Z", "modified": "2026-06-02T15:57:33.46369Z", "name": "Malicious Extension: Anti phising safer browsing for chrome", "description": "Malicious browser extension: Anti phising safer browsing for chrome (jkokgpghakemlglpcdajghjjgliaamgc) adindex ad fraud campaign (Palant Feb 2025). 7,000 users. Featured. Part of cluster sharing malicious remote code execution functionality. Downloads JS payload from Firebase/internetdownloadmanager.top, disables CSP on all pages, replays recorded browsing sessions to commit ad fraud for adindex advertisers. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jkokgpghakemlglpcdajghjjgliaamgc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jkokgpghakemlglpcdajghjjgliaamgc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jkokgpghakemlglpcdajghjjgliaamgc", "external_id": "jkokgpghakemlglpcdajghjjgliaamgc"}, {"source_name": "Article", "url": "https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f700bfe7-6c8f-4919-9c76-68d37da774f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.464704Z", "modified": "2026-06-02T15:57:33.464704Z", "name": "Malicious Extension: Darktheme for google translate", "description": "Malicious browser extension: Darktheme for google translate (nmcamjpjiefpjagnjmkedchjkmedadhc) adindex ad fraud campaign (Palant Feb 2025). 40,000 users. Featured. Ownership transfer 2024. Part of cluster sharing malicious remote code execution functionality. Downloads JS payload from Firebase/internetdownloadmanager.top, disables CSP on all pages, replays recorded browsing sessions to commit ad fraud for adindex advertisers. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nmcamjpjiefpjagnjmkedchjkmedadhc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-02-03T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nmcamjpjiefpjagnjmkedchjkmedadhc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nmcamjpjiefpjagnjmkedchjkmedadhc", "external_id": "nmcamjpjiefpjagnjmkedchjkmedadhc"}, {"source_name": "Article", "url": "https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7f4384b1-1e2f-41b3-befb-86aa4e060697", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.466019Z", "modified": "2026-06-02T15:57:33.466019Z", "name": "Malicious Extension: Click & Pick", "description": "Malicious browser extension: Click & Pick (acbcnnccgmpbkoeblinmoadogmmgodoo) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acbcnnccgmpbkoeblinmoadogmmgodoo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:acbcnnccgmpbkoeblinmoadogmmgodoo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acbcnnccgmpbkoeblinmoadogmmgodoo", "external_id": "acbcnnccgmpbkoeblinmoadogmmgodoo"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8a72a1d8-6498-4358-88e2-e969d02598f8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.467039Z", "modified": "2026-06-02T15:57:33.467039Z", "name": "Malicious Extension: AdBlock for Youtube: Skip-n-Watch", "description": "Malicious browser extension: AdBlock for Youtube: Skip-n-Watch (coebfgijooginjcfgmmgiibomdcjnomi) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/coebfgijooginjcfgmmgiibomdcjnomi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:coebfgijooginjcfgmmgiibomdcjnomi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/coebfgijooginjcfgmmgiibomdcjnomi", "external_id": "coebfgijooginjcfgmmgiibomdcjnomi"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ea5a76cd-c01e-4f8b-ade2-ad3ebb1b1ee6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.46829Z", "modified": "2026-06-02T15:57:33.46829Z", "name": "Malicious Extension: Dopni - Automatic Cashback Service", "description": "Malicious browser extension: Dopni - Automatic Cashback Service (ekafoahfmdgaeefeeneiijbehnbocbij) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekafoahfmdgaeefeeneiijbehnbocbij']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekafoahfmdgaeefeeneiijbehnbocbij", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekafoahfmdgaeefeeneiijbehnbocbij", "external_id": "ekafoahfmdgaeefeeneiijbehnbocbij"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0606c075-dc7a-498c-a15d-a151b8b3b7a1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.469388Z", "modified": "2026-06-02T15:57:33.469388Z", "name": "Malicious Extension: SkipAds Plus", "description": "Malicious browser extension: SkipAds Plus (emnhnjiiloghpnekjifmoimflkdmjhgp) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/emnhnjiiloghpnekjifmoimflkdmjhgp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:emnhnjiiloghpnekjifmoimflkdmjhgp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/emnhnjiiloghpnekjifmoimflkdmjhgp", "external_id": "emnhnjiiloghpnekjifmoimflkdmjhgp"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f2594480-b9e0-4137-847e-9346b32c30d8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.470463Z", "modified": "2026-06-02T15:57:33.470463Z", "name": "Malicious Extension: 1-Click Color Picker: Instant Eyedropper (hex, rgb, hsl)", "description": "Malicious browser extension: 1-Click Color Picker: Instant Eyedropper (hex, rgb, hsl) (fmpgmcidlaojgncjlhjkhfbjchafcfoe) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmpgmcidlaojgncjlhjkhfbjchafcfoe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmpgmcidlaojgncjlhjkhfbjchafcfoe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmpgmcidlaojgncjlhjkhfbjchafcfoe", "external_id": "fmpgmcidlaojgncjlhjkhfbjchafcfoe"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2f63c747-b591-446f-a128-9c3d05d3c6a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.471585Z", "modified": "2026-06-02T15:57:33.471585Z", "name": "Malicious Extension: Better Color Picker - pick any color in Chrome", "description": "Malicious browser extension: Better Color Picker - pick any color in Chrome (gpibachbddnihfkbjcfggbejjgjdijeb) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gpibachbddnihfkbjcfggbejjgjdijeb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gpibachbddnihfkbjcfggbejjgjdijeb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gpibachbddnihfkbjcfggbejjgjdijeb", "external_id": "gpibachbddnihfkbjcfggbejjgjdijeb"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b93cf189-132f-4618-b26e-c5d5d161134b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.472681Z", "modified": "2026-06-02T15:57:33.472681Z", "name": "Malicious Extension: Easy Dark Mode", "description": "Malicious browser extension: Easy Dark Mode (ibbkokjdcfjakihkpihlffljabiepdag) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ibbkokjdcfjakihkpihlffljabiepdag']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ibbkokjdcfjakihkpihlffljabiepdag", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ibbkokjdcfjakihkpihlffljabiepdag", "external_id": "ibbkokjdcfjakihkpihlffljabiepdag"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--06fb5913-f3b1-439a-b040-05226634e23c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.473776Z", "modified": "2026-06-02T15:57:33.473776Z", "name": "Malicious Extension: Manuals Viewer", "description": "Malicious browser extension: Manuals Viewer (ieihbaicbgpebhkfebnfkdhkpdemljfb) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ieihbaicbgpebhkfebnfkdhkpdemljfb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ieihbaicbgpebhkfebnfkdhkpdemljfb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ieihbaicbgpebhkfebnfkdhkpdemljfb", "external_id": "ieihbaicbgpebhkfebnfkdhkpdemljfb"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--caa693e5-a7f5-4c89-b796-93b810f7778e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.474838Z", "modified": "2026-06-02T15:57:33.474838Z", "name": "Malicious Extension: ScreenCapX - Full Page Screenshot", "description": "Malicious browser extension: ScreenCapX - Full Page Screenshot (ihfedmikeegmkebekpjflhnlmfbafbfe) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ihfedmikeegmkebekpjflhnlmfbafbfe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ihfedmikeegmkebekpjflhnlmfbafbfe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ihfedmikeegmkebekpjflhnlmfbafbfe", "external_id": "ihfedmikeegmkebekpjflhnlmfbafbfe"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8a45d31a-c773-4e37-96b0-3a364bdf9a04", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.476137Z", "modified": "2026-06-02T15:57:33.476137Z", "name": "Malicious Extension: Capture It - Easy Screenshot Tool (Full Page, Selected, Visible Area)", "description": "Malicious browser extension: Capture It - Easy Screenshot Tool (Full Page, Selected, Visible Area) (lkalpedlpidbenfnnldoboegepndcddk) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lkalpedlpidbenfnnldoboegepndcddk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lkalpedlpidbenfnnldoboegepndcddk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lkalpedlpidbenfnnldoboegepndcddk", "external_id": "lkalpedlpidbenfnnldoboegepndcddk"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--126207e7-08d6-4fa7-82a8-25554c83ee66", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.477211Z", "modified": "2026-06-02T15:57:33.477211Z", "name": "Malicious Extension: AdBlock - Ads and Youtube", "description": "Malicious browser extension: AdBlock - Ads and Youtube (nonajfcfdpeheinkafjiefpdhfalffof) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nonajfcfdpeheinkafjiefpdhfalffof']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nonajfcfdpeheinkafjiefpdhfalffof", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nonajfcfdpeheinkafjiefpdhfalffof", "external_id": "nonajfcfdpeheinkafjiefpdhfalffof"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c8232e58-6cfe-4491-85ec-ed29cd4677c1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.478569Z", "modified": "2026-06-02T15:57:33.478569Z", "name": "Malicious Extension: Manual Finder 2024", "description": "Malicious browser extension: Manual Finder 2024 (ocbfgbpocngolfigkhfehckgeihdhgll) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ocbfgbpocngolfigkhfehckgeihdhgll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ocbfgbpocngolfigkhfehckgeihdhgll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ocbfgbpocngolfigkhfehckgeihdhgll", "external_id": "ocbfgbpocngolfigkhfehckgeihdhgll"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c025e9b0-075b-4a7a-b1af-b66f46f2552f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.479831Z", "modified": "2026-06-02T15:57:33.479831Z", "name": "Malicious Extension: Volume Booster - Super Sound Booster", "description": "Malicious browser extension: Volume Booster - Super Sound Booster (ojkoofedgcdebdnajjeodlooojdphnlj) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojkoofedgcdebdnajjeodlooojdphnlj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ojkoofedgcdebdnajjeodlooojdphnlj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojkoofedgcdebdnajjeodlooojdphnlj", "external_id": "ojkoofedgcdebdnajjeodlooojdphnlj"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1d5bd2ff-2849-4a88-8d13-8b018e74aa69", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.481034Z", "modified": "2026-06-02T15:57:33.481034Z", "name": "Malicious Extension: Font Expert: Identify Fonts from Images & Websites", "description": "Malicious browser extension: Font Expert: Identify Fonts from Images & Websites (pjlheckmodimboibhpdcgkpkbpjfhooe) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pjlheckmodimboibhpdcgkpkbpjfhooe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pjlheckmodimboibhpdcgkpkbpjfhooe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pjlheckmodimboibhpdcgkpkbpjfhooe", "external_id": "pjlheckmodimboibhpdcgkpkbpjfhooe"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de7a4f99-8f38-4a5d-b607-dc23a72d37b2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.482224Z", "modified": "2026-06-02T15:57:33.482224Z", "name": "Malicious Extension: Auto Refresh Plus", "description": "Malicious browser extension: Auto Refresh Plus (ffejlioijcokmblckiijnjcmfidjppdn) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ffejlioijcokmblckiijnjcmfidjppdn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ffejlioijcokmblckiijnjcmfidjppdn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ffejlioijcokmblckiijnjcmfidjppdn", "external_id": "ffejlioijcokmblckiijnjcmfidjppdn"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cab6e992-da3a-47d9-a2a3-530837710db4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.4834Z", "modified": "2026-06-02T15:57:33.4834Z", "name": "Malicious Extension: Smart Auto Refresh", "description": "Malicious browser extension: Smart Auto Refresh (fkjngjgmgbfelejhbjblhjkehchifpcj) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fkjngjgmgbfelejhbjblhjkehchifpcj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fkjngjgmgbfelejhbjblhjkehchifpcj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fkjngjgmgbfelejhbjblhjkehchifpcj", "external_id": "fkjngjgmgbfelejhbjblhjkehchifpcj"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--86586dbb-b850-481c-a8dc-be7f0afc022a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.485804Z", "modified": "2026-06-02T15:57:33.485804Z", "name": "Malicious Extension: Autoskip for Youtube\u2122 Ads", "description": "Malicious browser extension: Autoskip for Youtube\u2122 Ads (hmbnhhcgiecenbbkgdoaoafjpeaboine) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmbnhhcgiecenbbkgdoaoafjpeaboine']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmbnhhcgiecenbbkgdoaoafjpeaboine", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmbnhhcgiecenbbkgdoaoafjpeaboine", "external_id": "hmbnhhcgiecenbbkgdoaoafjpeaboine"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2695fd3c-7db3-4214-97ce-d557b867eebb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.486907Z", "modified": "2026-06-02T15:57:33.486907Z", "name": "Malicious Extension: Smart Adblocker", "description": "Malicious browser extension: Smart Adblocker (iojpcjjdfhlcbgjnpngcmaojmlokmeii) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iojpcjjdfhlcbgjnpngcmaojmlokmeii']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iojpcjjdfhlcbgjnpngcmaojmlokmeii", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iojpcjjdfhlcbgjnpngcmaojmlokmeii", "external_id": "iojpcjjdfhlcbgjnpngcmaojmlokmeii"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3c47d985-f438-4aed-a7fc-0fbe3730cd63", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.488007Z", "modified": "2026-06-02T15:57:33.488007Z", "name": "Malicious Extension: Adblock for Browser", "description": "Malicious browser extension: Adblock for Browser (jcbjcocinigpbgfpnhlpagidbmlngnnn) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jcbjcocinigpbgfpnhlpagidbmlngnnn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jcbjcocinigpbgfpnhlpagidbmlngnnn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jcbjcocinigpbgfpnhlpagidbmlngnnn", "external_id": "jcbjcocinigpbgfpnhlpagidbmlngnnn"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--34bbd01d-08df-453f-833f-79d445780b15", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.48906Z", "modified": "2026-06-02T15:57:33.48906Z", "name": "Malicious Extension: Free adblocker", "description": "Malicious browser extension: Free adblocker (njjbfkooniaeodkimaidbpginjcmhmbm) Two overlapping malicious extension clusters: Phoenix Invicta extensions circumvent Manifest V3 remote code restrictions by downloading server-side configurations to inject HTML/JS into web pages, strip CSP headers via declarativeNetRequest abuse, and inject hidden ad frames over search results. The Netflix Party cluster (previously flagged by McAfee) spies on browsing history by sending full page URLs with unique user IDs to remote servers and performs affiliate fraud and cookie stuffing via dy", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njjbfkooniaeodkimaidbpginjcmhmbm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-01-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njjbfkooniaeodkimaidbpginjcmhmbm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njjbfkooniaeodkimaidbpginjcmhmbm", "external_id": "njjbfkooniaeodkimaidbpginjcmhmbm"}, {"source_name": "Article", "url": "https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--010a16be-926e-4131-a3fb-3405ecd74051", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.490352Z", "modified": "2026-06-02T15:57:33.490352Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hmlnefhgicedcmebmkjdcogieefbaagl) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmlnefhgicedcmebmkjdcogieefbaagl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.490315Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmlnefhgicedcmebmkjdcogieefbaagl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmlnefhgicedcmebmkjdcogieefbaagl", "external_id": "hmlnefhgicedcmebmkjdcogieefbaagl"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bfe586a3-9677-4705-9aa2-f9f19a0218a1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.491655Z", "modified": "2026-06-02T15:57:33.491655Z", "name": "Malicious Extension: Slot Machine The Fruits", "description": "Malicious browser extension: Slot Machine The Fruits (jodocbbdcdclkhjkibnlfhbmllcpfkfo) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jodocbbdcdclkhjkibnlfhbmllcpfkfo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.491618Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jodocbbdcdclkhjkibnlfhbmllcpfkfo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jodocbbdcdclkhjkibnlfhbmllcpfkfo", "external_id": "jodocbbdcdclkhjkibnlfhbmllcpfkfo"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5993042a-58df-432a-a9ca-b4342da36fbd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.492653Z", "modified": "2026-06-02T15:57:33.492653Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nkacmelgoeejhjgmmgflbcdhonpaplcg) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nkacmelgoeejhjgmmgflbcdhonpaplcg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.492615Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nkacmelgoeejhjgmmgflbcdhonpaplcg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nkacmelgoeejhjgmmgflbcdhonpaplcg", "external_id": "nkacmelgoeejhjgmmgflbcdhonpaplcg"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e05afefc-4bab-4538-becd-b6525540a3c6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.493834Z", "modified": "2026-06-02T15:57:33.493834Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (obifanppcpchlehkjipahhphbcbjekfa) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obifanppcpchlehkjipahhphbcbjekfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.493796Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obifanppcpchlehkjipahhphbcbjekfa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obifanppcpchlehkjipahhphbcbjekfa", "external_id": "obifanppcpchlehkjipahhphbcbjekfa"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--28b181d4-d388-4f30-8f72-df22c92f4e42", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.494837Z", "modified": "2026-06-02T15:57:33.494837Z", "name": "Malicious Extension: Car Rush", "description": "Malicious browser extension: Car Rush (hlmdnedepbbihmbddepemmbkenbnoegd) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hlmdnedepbbihmbddepemmbkenbnoegd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.4948Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hlmdnedepbbihmbddepemmbkenbnoegd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hlmdnedepbbihmbddepemmbkenbnoegd", "external_id": "hlmdnedepbbihmbddepemmbkenbnoegd"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e2058e6c-7b58-4d12-a585-29473c8af671", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.495876Z", "modified": "2026-06-02T15:57:33.495876Z", "name": "Malicious Extension: YouSide", "description": "Malicious browser extension: YouSide (mmecpiobcdbjkaijljohghhpfgngpjmk) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmecpiobcdbjkaijljohghhpfgngpjmk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-04-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmecpiobcdbjkaijljohghhpfgngpjmk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmecpiobcdbjkaijljohghhpfgngpjmk", "external_id": "mmecpiobcdbjkaijljohghhpfgngpjmk"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3744cb2f-6deb-4283-9125-114001255f56", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.496879Z", "modified": "2026-06-02T15:57:33.496879Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lmgenhmehbcolpikplhkoelmagdhoojn) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmgenhmehbcolpikplhkoelmagdhoojn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.496835Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmgenhmehbcolpikplhkoelmagdhoojn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmgenhmehbcolpikplhkoelmagdhoojn", "external_id": "lmgenhmehbcolpikplhkoelmagdhoojn"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--69c341c0-f1fb-4aaa-ae3f-61eb2b90d1ad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.49787Z", "modified": "2026-06-02T15:57:33.49787Z", "name": "Malicious Extension: Slot Machine Space Adventure", "description": "Malicious browser extension: Slot Machine Space Adventure (ojkbafekojdcedacileemekjdfdpkbkf) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojkbafekojdcedacileemekjdfdpkbkf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.497833Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ojkbafekojdcedacileemekjdfdpkbkf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojkbafekojdcedacileemekjdfdpkbkf", "external_id": "ojkbafekojdcedacileemekjdfdpkbkf"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b86cae8b-d2f0-46cb-8ebe-1d2ca7b5713b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.498861Z", "modified": "2026-06-02T15:57:33.498861Z", "name": "Malicious Extension: Dice King \u2013 Classic Craps And Roll Game", "description": "Malicious browser extension: Dice King \u2013 Classic Craps And Roll Game (gbaoddbbpompjhmilbgiaapkkakldlpc) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gbaoddbbpompjhmilbgiaapkkakldlpc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.49882Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gbaoddbbpompjhmilbgiaapkkakldlpc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gbaoddbbpompjhmilbgiaapkkakldlpc", "external_id": "gbaoddbbpompjhmilbgiaapkkakldlpc"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9a2226c4-e58d-4c8b-a7b4-80ef9552150e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.499873Z", "modified": "2026-06-02T15:57:33.499873Z", "name": "Malicious Extension: Frogtastic", "description": "Malicious browser extension: Frogtastic (alkfljfjkpiccfgbeocbbjjladigcleg) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/alkfljfjkpiccfgbeocbbjjladigcleg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.499832Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:alkfljfjkpiccfgbeocbbjjladigcleg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/alkfljfjkpiccfgbeocbbjjladigcleg", "external_id": "alkfljfjkpiccfgbeocbbjjladigcleg"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b6940108-ea22-4195-8e6a-3f222ab81af1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.501016Z", "modified": "2026-06-02T15:57:33.501016Z", "name": "Malicious Extension: Page Locker", "description": "Malicious browser extension: Page Locker (ldmnhdllijbchflpbmnlgndfnlgmkgif) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldmnhdllijbchflpbmnlgndfnlgmkgif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.500978Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ldmnhdllijbchflpbmnlgndfnlgmkgif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldmnhdllijbchflpbmnlgndfnlgmkgif", "external_id": "ldmnhdllijbchflpbmnlgndfnlgmkgif"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--23a0f3a5-cf04-4c0b-b4eb-61937b42ed31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.502009Z", "modified": "2026-06-02T15:57:33.502009Z", "name": "Malicious Extension: Billiards Pro", "description": "Malicious browser extension: Billiards Pro (clpgopiimdjcilllcjncdkoeikkkcfbi) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/clpgopiimdjcilllcjncdkoeikkkcfbi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.501971Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:clpgopiimdjcilllcjncdkoeikkkcfbi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/clpgopiimdjcilllcjncdkoeikkkcfbi", "external_id": "clpgopiimdjcilllcjncdkoeikkkcfbi"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0b3550bb-c859-4f8d-9764-040ea7607b35", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.502997Z", "modified": "2026-06-02T15:57:33.502997Z", "name": "Malicious Extension: Web Client for game Cricket Batter Challenge", "description": "Malicious browser extension: Web Client for game Cricket Batter Challenge (dcamdpfclondppklabgkfaofjccpioil) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dcamdpfclondppklabgkfaofjccpioil']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.502953Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dcamdpfclondppklabgkfaofjccpioil", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dcamdpfclondppklabgkfaofjccpioil", "external_id": "dcamdpfclondppklabgkfaofjccpioil"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1c3d6ae1-f4f4-4a78-b16d-a8b5375ea855", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.503999Z", "modified": "2026-06-02T15:57:33.503999Z", "name": "Malicious Extension: 3D Roulette Casino Game", "description": "Malicious browser extension: 3D Roulette Casino Game (ogbaedmbbmmipljceodeimlckohbnfan) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ogbaedmbbmmipljceodeimlckohbnfan']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.503961Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ogbaedmbbmmipljceodeimlckohbnfan", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ogbaedmbbmmipljceodeimlckohbnfan", "external_id": "ogbaedmbbmmipljceodeimlckohbnfan"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--09c53286-9ae8-4bc3-b7fb-905f6b56f655", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.504984Z", "modified": "2026-06-02T15:57:33.504984Z", "name": "Malicious Extension: Tanks Game", "description": "Malicious browser extension: Tanks Game (kmiidcaojgeepjlccoalkdimgpfnbagj) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kmiidcaojgeepjlccoalkdimgpfnbagj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.504948Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kmiidcaojgeepjlccoalkdimgpfnbagj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kmiidcaojgeepjlccoalkdimgpfnbagj", "external_id": "kmiidcaojgeepjlccoalkdimgpfnbagj"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f2d03283-5b41-42a4-924a-e73054ac819c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.505973Z", "modified": "2026-06-02T15:57:33.505973Z", "name": "Malicious Extension: Farm - Slot Machine", "description": "Malicious browser extension: Farm - Slot Machine (ndajcmifndknmkckdcdefkpgcodciggk) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ndajcmifndknmkckdcdefkpgcodciggk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.505935Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ndajcmifndknmkckdcdefkpgcodciggk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ndajcmifndknmkckdcdefkpgcodciggk", "external_id": "ndajcmifndknmkckdcdefkpgcodciggk"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--683531be-db8c-4cbb-8b21-d423c0db5e3f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.506955Z", "modified": "2026-06-02T15:57:33.506955Z", "name": "Malicious Extension: Crazy Freekick", "description": "Malicious browser extension: Crazy Freekick (bbjdlbemjklojnbifkgameepcafflmem) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbjdlbemjklojnbifkgameepcafflmem']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.506918Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bbjdlbemjklojnbifkgameepcafflmem", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbjdlbemjklojnbifkgameepcafflmem", "external_id": "bbjdlbemjklojnbifkgameepcafflmem"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7ceeae85-9a8c-4fb4-9f7e-24218e07e1b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.508105Z", "modified": "2026-06-02T15:57:33.508105Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gipmochingljoikdjakkdolfcbphmlom) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gipmochingljoikdjakkdolfcbphmlom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.508067Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gipmochingljoikdjakkdolfcbphmlom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gipmochingljoikdjakkdolfcbphmlom", "external_id": "gipmochingljoikdjakkdolfcbphmlom"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--edeec493-cee6-449c-961c-987b69243d61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.509127Z", "modified": "2026-06-02T15:57:33.509127Z", "name": "Malicious Extension: Premium Horse Racing", "description": "Malicious browser extension: Premium Horse Racing (klglejfbdeipgklgaepnodpjcnhaihkd) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/klglejfbdeipgklgaepnodpjcnhaihkd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.509077Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:klglejfbdeipgklgaepnodpjcnhaihkd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/klglejfbdeipgklgaepnodpjcnhaihkd", "external_id": "klglejfbdeipgklgaepnodpjcnhaihkd"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--07073ea9-9ec6-4b93-9329-006526bf922e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.51012Z", "modified": "2026-06-02T15:57:33.51012Z", "name": "Malicious Extension: Black Beard Slot Machine", "description": "Malicious browser extension: Black Beard Slot Machine (alllblhkgghelnejlggmmgjbkdabidie) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/alllblhkgghelnejlggmmgjbkdabidie']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.510077Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:alllblhkgghelnejlggmmgjbkdabidie", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/alllblhkgghelnejlggmmgjbkdabidie", "external_id": "alllblhkgghelnejlggmmgjbkdabidie"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1e9da284-93fb-44b5-8469-9ccde716ac0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.511116Z", "modified": "2026-06-02T15:57:33.511116Z", "name": "Malicious Extension: Game SkySpeedster", "description": "Malicious browser extension: Game SkySpeedster (cbnekafldflkmngbgmbnfmchjaelnhem) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbnekafldflkmngbgmbnfmchjaelnhem']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.511069Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cbnekafldflkmngbgmbnfmchjaelnhem", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbnekafldflkmngbgmbnfmchjaelnhem", "external_id": "cbnekafldflkmngbgmbnfmchjaelnhem"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bfb7b7af-a683-44ca-9856-a45c3e894966", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.512102Z", "modified": "2026-06-02T15:57:33.512102Z", "name": "Malicious Extension: Three Card Poker", "description": "Malicious browser extension: Three Card Poker (cmeoegkmpbpcoabhlklbamfeidebgmdf) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cmeoegkmpbpcoabhlklbamfeidebgmdf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.512064Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cmeoegkmpbpcoabhlklbamfeidebgmdf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cmeoegkmpbpcoabhlklbamfeidebgmdf", "external_id": "cmeoegkmpbpcoabhlklbamfeidebgmdf"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--60c8aaab-3333-4641-86ef-39e20b2dbd1f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.51309Z", "modified": "2026-06-02T15:57:33.51309Z", "name": "Malicious Extension: Gold of Egypt - Slot Machine", "description": "Malicious browser extension: Gold of Egypt - Slot Machine (pllkanemicadpcmkfodglahcocfdgkhj) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pllkanemicadpcmkfodglahcocfdgkhj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.513054Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pllkanemicadpcmkfodglahcocfdgkhj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pllkanemicadpcmkfodglahcocfdgkhj", "external_id": "pllkanemicadpcmkfodglahcocfdgkhj"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--df7f1a88-9811-4651-bdde-7a41022a1f51", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.514066Z", "modified": "2026-06-02T15:57:33.514066Z", "name": "Malicious Extension: Chrome Client for Downhill Ski - SideGame", "description": "Malicious browser extension: Chrome Client for Downhill Ski - SideGame (ocflhkadmmnlbieoiiekfcdcmjcfeahe) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ocflhkadmmnlbieoiiekfcdcmjcfeahe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.514029Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ocflhkadmmnlbieoiiekfcdcmjcfeahe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ocflhkadmmnlbieoiiekfcdcmjcfeahe", "external_id": "ocflhkadmmnlbieoiiekfcdcmjcfeahe"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--18558e14-a366-41d8-914d-fcebd5ae6579", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.515219Z", "modified": "2026-06-02T15:57:33.515219Z", "name": "Malicious Extension: Page Auto Refresh", "description": "Malicious browser extension: Page Auto Refresh (lnajjhohknhgemncbaomjjjpmpdigedg) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lnajjhohknhgemncbaomjjjpmpdigedg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.515175Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lnajjhohknhgemncbaomjjjpmpdigedg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lnajjhohknhgemncbaomjjjpmpdigedg", "external_id": "lnajjhohknhgemncbaomjjjpmpdigedg"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--64678ff7-cadb-4caf-997e-13adc00bbeef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.516224Z", "modified": "2026-06-02T15:57:33.516224Z", "name": "Malicious Extension: Slot Car Racing", "description": "Malicious browser extension: Slot Car Racing (bdnanfggeppmkfhkgmpojkhanoplkacc) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bdnanfggeppmkfhkgmpojkhanoplkacc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.516187Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bdnanfggeppmkfhkgmpojkhanoplkacc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bdnanfggeppmkfhkgmpojkhanoplkacc", "external_id": "bdnanfggeppmkfhkgmpojkhanoplkacc"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--737dbf85-90d6-4195-b745-ad3df50d97ea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.517201Z", "modified": "2026-06-02T15:57:33.517201Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eoklnfefipnjfeknpmigmogeeepddcch) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eoklnfefipnjfeknpmigmogeeepddcch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.517164Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eoklnfefipnjfeknpmigmogeeepddcch", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eoklnfefipnjfeknpmigmogeeepddcch", "external_id": "eoklnfefipnjfeknpmigmogeeepddcch"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d5c0002d-09a8-47eb-ad2d-cbfaab76a4ec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.518189Z", "modified": "2026-06-02T15:57:33.518189Z", "name": "Malicious Extension: Slot Arabian", "description": "Malicious browser extension: Slot Arabian (akkkopcadaalekbdgpdikhdablkgjagd) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akkkopcadaalekbdgpdikhdablkgjagd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.518152Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:akkkopcadaalekbdgpdikhdablkgjagd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akkkopcadaalekbdgpdikhdablkgjagd", "external_id": "akkkopcadaalekbdgpdikhdablkgjagd"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f75e18ae-7b30-44cc-a840-6b6037976419", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.519184Z", "modified": "2026-06-02T15:57:33.519184Z", "name": "Malicious Extension: Rail Maze Puzzle", "description": "Malicious browser extension: Rail Maze Puzzle (nelbpdjegmhhgpfcjclhdmkcglimkjpp) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nelbpdjegmhhgpfcjclhdmkcglimkjpp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.519146Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nelbpdjegmhhgpfcjclhdmkcglimkjpp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nelbpdjegmhhgpfcjclhdmkcglimkjpp", "external_id": "nelbpdjegmhhgpfcjclhdmkcglimkjpp"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6f77391f-e83f-4f8b-853f-38d623d162ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.520163Z", "modified": "2026-06-02T15:57:33.520163Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jmopjanoebpdbopigcbpjhiigmjolikk) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jmopjanoebpdbopigcbpjhiigmjolikk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.520126Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jmopjanoebpdbopigcbpjhiigmjolikk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jmopjanoebpdbopigcbpjhiigmjolikk", "external_id": "jmopjanoebpdbopigcbpjhiigmjolikk"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--01a54ecc-eac2-4c1f-bea8-2c8726b9e0cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.521146Z", "modified": "2026-06-02T15:57:33.521146Z", "name": "Malicious Extension: Tarot Side Panel", "description": "Malicious browser extension: Tarot Side Panel (fibgndhgobbaaekmnneapojgkcehaeac) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fibgndhgobbaaekmnneapojgkcehaeac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.521103Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fibgndhgobbaaekmnneapojgkcehaeac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fibgndhgobbaaekmnneapojgkcehaeac", "external_id": "fibgndhgobbaaekmnneapojgkcehaeac"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b97f982e-7b0c-497d-9cb8-7fa1ce5585a1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.522278Z", "modified": "2026-06-02T15:57:33.522278Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fjfhejmbhpabkacpoddjbcfandjoacmb) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fjfhejmbhpabkacpoddjbcfandjoacmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.522241Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fjfhejmbhpabkacpoddjbcfandjoacmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fjfhejmbhpabkacpoddjbcfandjoacmb", "external_id": "fjfhejmbhpabkacpoddjbcfandjoacmb"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c2ae6257-4105-499a-8ba0-d85a0cecf1ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.523288Z", "modified": "2026-06-02T15:57:33.523288Z", "name": "Malicious Extension: Flicking Soccer", "description": "Malicious browser extension: Flicking Soccer (hbobdcfpgonejphpemijgjddanoipbkj) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hbobdcfpgonejphpemijgjddanoipbkj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.52325Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hbobdcfpgonejphpemijgjddanoipbkj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hbobdcfpgonejphpemijgjddanoipbkj", "external_id": "hbobdcfpgonejphpemijgjddanoipbkj"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--520c7b37-187b-4930-8c80-1b0b81c9ddf8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.524269Z", "modified": "2026-06-02T15:57:33.524269Z", "name": "Malicious Extension: Black Ninja - Slot Machine", "description": "Malicious browser extension: Black Ninja - Slot Machine (nodobilhjanebkafmpihkpoabiggnnfl) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nodobilhjanebkafmpihkpoabiggnnfl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.524231Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nodobilhjanebkafmpihkpoabiggnnfl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nodobilhjanebkafmpihkpoabiggnnfl", "external_id": "nodobilhjanebkafmpihkpoabiggnnfl"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c2d48095-bfb5-4038-b944-eea64528e9cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.525239Z", "modified": "2026-06-02T15:57:33.525239Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jddinhnhplibccfmniaakhffpjpnaglp) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jddinhnhplibccfmniaakhffpjpnaglp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.525203Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jddinhnhplibccfmniaakhffpjpnaglp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jddinhnhplibccfmniaakhffpjpnaglp", "external_id": "jddinhnhplibccfmniaakhffpjpnaglp"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9adf2b6f-07c2-40f3-bf7f-13c76bf49eaa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.526235Z", "modified": "2026-06-02T15:57:33.526235Z", "name": "Malicious Extension: Web Client for Telegram\u2122 - Teleside", "description": "Malicious browser extension: Web Client for Telegram\u2122 - Teleside (mdcfennpfgkngnibjbpnpaafcjnhcjno) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mdcfennpfgkngnibjbpnpaafcjnhcjno']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.526198Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mdcfennpfgkngnibjbpnpaafcjnhcjno", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mdcfennpfgkngnibjbpnpaafcjnhcjno", "external_id": "mdcfennpfgkngnibjbpnpaafcjnhcjno"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e4c12d15-70bd-4ecc-ab1c-e06702e313a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.527239Z", "modified": "2026-06-02T15:57:33.527239Z", "name": "Malicious Extension: Hidden Kitty Game", "description": "Malicious browser extension: Hidden Kitty Game (medkneifmjcpgmmibfppjpfjbkgbgebl) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/medkneifmjcpgmmibfppjpfjbkgbgebl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.527197Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:medkneifmjcpgmmibfppjpfjbkgbgebl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/medkneifmjcpgmmibfppjpfjbkgbgebl", "external_id": "medkneifmjcpgmmibfppjpfjbkgbgebl"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9530567b-fdff-4d19-bc90-45253a8a8383", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.528221Z", "modified": "2026-06-02T15:57:33.528221Z", "name": "Malicious Extension: Greyhound Racing \u2013 Dog Race Simulator", "description": "Malicious browser extension: Greyhound Racing \u2013 Dog Race Simulator (glofhphmolanicdaddgkmhfmjidjkaem) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/glofhphmolanicdaddgkmhfmjidjkaem']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.528184Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:glofhphmolanicdaddgkmhfmjidjkaem", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/glofhphmolanicdaddgkmhfmjidjkaem", "external_id": "glofhphmolanicdaddgkmhfmjidjkaem"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de969165-8009-4435-9153-18fb53564be8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.529357Z", "modified": "2026-06-02T15:57:33.529357Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nbgligggjfgkpphhghhjdoiefbimgooc) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nbgligggjfgkpphhghhjdoiefbimgooc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.52932Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nbgligggjfgkpphhghhjdoiefbimgooc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nbgligggjfgkpphhghhjdoiefbimgooc", "external_id": "nbgligggjfgkpphhghhjdoiefbimgooc"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e6631cd1-a692-4277-b32f-b8a235451c85", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.530339Z", "modified": "2026-06-02T15:57:33.530339Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kjnakdbpijigdbfepipnbafnhbcfdkga) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjnakdbpijigdbfepipnbafnhbcfdkga']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.530302Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjnakdbpijigdbfepipnbafnhbcfdkga", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjnakdbpijigdbfepipnbafnhbcfdkga", "external_id": "kjnakdbpijigdbfepipnbafnhbcfdkga"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4ec375cc-6598-4ac2-a73f-785a7d945a9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.531326Z", "modified": "2026-06-02T15:57:33.531326Z", "name": "Malicious Extension: Metal Calculator", "description": "Malicious browser extension: Metal Calculator (ncpdkpcgmdhhnmcjgiiifdhefmekdcnf) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ncpdkpcgmdhhnmcjgiiifdhefmekdcnf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.531289Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ncpdkpcgmdhhnmcjgiiifdhefmekdcnf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ncpdkpcgmdhhnmcjgiiifdhefmekdcnf", "external_id": "ncpdkpcgmdhhnmcjgiiifdhefmekdcnf"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--04368310-f9c0-43c0-bfd2-1b5a7b9c8d41", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.532309Z", "modified": "2026-06-02T15:57:33.532309Z", "name": "Malicious Extension: Street Basketball", "description": "Malicious browser extension: Street Basketball (fddajeklkkggbnppabbhkdmnkdjindlo) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fddajeklkkggbnppabbhkdmnkdjindlo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.532271Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fddajeklkkggbnppabbhkdmnkdjindlo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fddajeklkkggbnppabbhkdmnkdjindlo", "external_id": "fddajeklkkggbnppabbhkdmnkdjindlo"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4c016db0-4257-4c5f-ae29-97283c201b6a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.533294Z", "modified": "2026-06-02T15:57:33.533294Z", "name": "Malicious Extension: Pyramid Solitaire", "description": "Malicious browser extension: Pyramid Solitaire (oanpifaoclmgmflmddlgkikfaggejobn) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oanpifaoclmgmflmddlgkikfaggejobn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.533251Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:oanpifaoclmgmflmddlgkikfaggejobn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oanpifaoclmgmflmddlgkikfaggejobn", "external_id": "oanpifaoclmgmflmddlgkikfaggejobn"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4fb65878-74d0-4958-9920-0da13a655d4e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.534267Z", "modified": "2026-06-02T15:57:33.534267Z", "name": "Malicious Extension: InterAlt", "description": "Malicious browser extension: InterAlt (pkghgkfjhjghinikeanecbgjehojfhdg) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pkghgkfjhjghinikeanecbgjehojfhdg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.53423Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pkghgkfjhjghinikeanecbgjehojfhdg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pkghgkfjhjghinikeanecbgjehojfhdg", "external_id": "pkghgkfjhjghinikeanecbgjehojfhdg"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ace2e2a1-9867-40a1-8879-5f80ee30cf24", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.535259Z", "modified": "2026-06-02T15:57:33.535259Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kahcolfecjbejjjadhjafmihdnifonjf) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kahcolfecjbejjjadhjafmihdnifonjf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.535223Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kahcolfecjbejjjadhjafmihdnifonjf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kahcolfecjbejjjadhjafmihdnifonjf", "external_id": "kahcolfecjbejjjadhjafmihdnifonjf"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--414b4b34-171f-4997-b82f-10d7c10e8d09", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.536405Z", "modified": "2026-06-02T15:57:33.536405Z", "name": "Malicious Extension: Whack 'em All", "description": "Malicious browser extension: Whack 'em All (pdgaknahllnfldmclpcllpieafkaibmf) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdgaknahllnfldmclpcllpieafkaibmf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.536368Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pdgaknahllnfldmclpcllpieafkaibmf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdgaknahllnfldmclpcllpieafkaibmf", "external_id": "pdgaknahllnfldmclpcllpieafkaibmf"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2222ff05-9957-4029-a79c-ffca2c2ebe8f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.537404Z", "modified": "2026-06-02T15:57:33.537404Z", "name": "Malicious Extension: Slot The Gold Pot", "description": "Malicious browser extension: Slot The Gold Pot (dpdemambcedffmnkfmkephnhhnclmcio) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dpdemambcedffmnkfmkephnhhnclmcio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.537367Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dpdemambcedffmnkfmkephnhhnclmcio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dpdemambcedffmnkfmkephnhhnclmcio", "external_id": "dpdemambcedffmnkfmkephnhhnclmcio"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--64c5956b-0f92-4f90-9d16-75b15ecb8bda", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.538386Z", "modified": "2026-06-02T15:57:33.538386Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aecccajigpipkpioaidignbgbeekglkd) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aecccajigpipkpioaidignbgbeekglkd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.538348Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aecccajigpipkpioaidignbgbeekglkd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aecccajigpipkpioaidignbgbeekglkd", "external_id": "aecccajigpipkpioaidignbgbeekglkd"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3a915861-75cc-4d88-801c-19d691cafb1e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.539406Z", "modified": "2026-06-02T15:57:33.539406Z", "name": "Malicious Extension: Goalkeeper Challenge", "description": "Malicious browser extension: Goalkeeper Challenge (ijfmkphjcogaealhjgijjfjlkpdhhojk) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ijfmkphjcogaealhjgijjfjlkpdhhojk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.539363Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ijfmkphjcogaealhjgijjfjlkpdhhojk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ijfmkphjcogaealhjgijjfjlkpdhhojk", "external_id": "ijfmkphjcogaealhjgijjfjlkpdhhojk"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--695fadeb-0f1f-4cfa-a720-32c2fef0531a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.540391Z", "modified": "2026-06-02T15:57:33.540391Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eljfpgehlncincemdmmnebmnlcmfamhm) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eljfpgehlncincemdmmnebmnlcmfamhm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.540354Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eljfpgehlncincemdmmnebmnlcmfamhm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eljfpgehlncincemdmmnebmnlcmfamhm", "external_id": "eljfpgehlncincemdmmnebmnlcmfamhm"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6c0c7c24-9f7c-4e2f-8920-e2d29cc23aa8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.541369Z", "modified": "2026-06-02T15:57:33.541369Z", "name": "Malicious Extension: Christmas Eve - Slot Machine", "description": "Malicious browser extension: Christmas Eve - Slot Machine (ibelidmkbnjmmpjgfibbdbkamgcbnjdm) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ibelidmkbnjmmpjgfibbdbkamgcbnjdm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.541332Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ibelidmkbnjmmpjgfibbdbkamgcbnjdm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ibelidmkbnjmmpjgfibbdbkamgcbnjdm", "external_id": "ibelidmkbnjmmpjgfibbdbkamgcbnjdm"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--68f4fc77-b415-41a7-93f6-e480328c1c7f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.542349Z", "modified": "2026-06-02T15:57:33.542349Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nmegibgeklckejdlfhoadhhbgcdjnojb) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nmegibgeklckejdlfhoadhhbgcdjnojb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.542311Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nmegibgeklckejdlfhoadhhbgcdjnojb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nmegibgeklckejdlfhoadhhbgcdjnojb", "external_id": "nmegibgeklckejdlfhoadhhbgcdjnojb"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--83c220e2-089d-40d8-b14f-e33e5a1e2066", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.543494Z", "modified": "2026-06-02T15:57:33.543494Z", "name": "Malicious Extension: Slot Machine Mr Chicken", "description": "Malicious browser extension: Slot Machine Mr Chicken (odeccdcabdffpebnfancpkepjeecempn) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/odeccdcabdffpebnfancpkepjeecempn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.543457Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:odeccdcabdffpebnfancpkepjeecempn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/odeccdcabdffpebnfancpkepjeecempn", "external_id": "odeccdcabdffpebnfancpkepjeecempn"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--34a0530d-b1c6-49fc-9dac-65b36a5259bd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.544478Z", "modified": "2026-06-02T15:57:33.544478Z", "name": "Malicious Extension: Speed test for Chrome - wifi speed test", "description": "Malicious browser extension: Speed test for Chrome - wifi speed test (bpljfbcejldmgeoodnogeefaihjdgbam) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bpljfbcejldmgeoodnogeefaihjdgbam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.544441Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bpljfbcejldmgeoodnogeefaihjdgbam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bpljfbcejldmgeoodnogeefaihjdgbam", "external_id": "bpljfbcejldmgeoodnogeefaihjdgbam"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f496ce72-b93d-45a0-b2f4-762b4bec41b4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.545463Z", "modified": "2026-06-02T15:57:33.545463Z", "name": "Malicious Extension: Slot Machine Zeus Treasures", "description": "Malicious browser extension: Slot Machine Zeus Treasures (dljlpildgknddpnahppkihgodokfjbnd) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dljlpildgknddpnahppkihgodokfjbnd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.545423Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dljlpildgknddpnahppkihgodokfjbnd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dljlpildgknddpnahppkihgodokfjbnd", "external_id": "dljlpildgknddpnahppkihgodokfjbnd"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e32a7594-7152-4d07-9db9-e801c95d3ec3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.546451Z", "modified": "2026-06-02T15:57:33.546451Z", "name": "Malicious Extension: Horse Racing", "description": "Malicious browser extension: Horse Racing (dlpiookhionidajbiopmaajeckifeehn) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dlpiookhionidajbiopmaajeckifeehn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.546414Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dlpiookhionidajbiopmaajeckifeehn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dlpiookhionidajbiopmaajeckifeehn", "external_id": "dlpiookhionidajbiopmaajeckifeehn"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--acdf458f-419d-4fe0-9723-93a89588fab1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.547439Z", "modified": "2026-06-02T15:57:33.547439Z", "name": "Malicious Extension: Master Chess", "description": "Malicious browser extension: Master Chess (cdpiopekjeonfjeocbfebemgocjciepp) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cdpiopekjeonfjeocbfebemgocjciepp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.547403Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cdpiopekjeonfjeocbfebemgocjciepp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cdpiopekjeonfjeocbfebemgocjciepp", "external_id": "cdpiopekjeonfjeocbfebemgocjciepp"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2f53bfd3-747f-4027-b005-af175641cfcb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.548425Z", "modified": "2026-06-02T15:57:33.548425Z", "name": "Malicious Extension: MASTER CHECKERS", "description": "Malicious browser extension: MASTER CHECKERS (hiofkndodabpioiheinoiojjobadpgmj) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hiofkndodabpioiheinoiojjobadpgmj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.548388Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hiofkndodabpioiheinoiojjobadpgmj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hiofkndodabpioiheinoiojjobadpgmj", "external_id": "hiofkndodabpioiheinoiojjobadpgmj"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--06c203df-64a6-45a3-999d-ed4e4915d6ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.549537Z", "modified": "2026-06-02T15:57:33.549537Z", "name": "Malicious Extension: Watercraft Rush", "description": "Malicious browser extension: Watercraft Rush (hkbihmjhjmehlocilifheeaeiljabenb) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hkbihmjhjmehlocilifheeaeiljabenb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.549493Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hkbihmjhjmehlocilifheeaeiljabenb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hkbihmjhjmehlocilifheeaeiljabenb", "external_id": "hkbihmjhjmehlocilifheeaeiljabenb"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--13b47900-eddb-407d-9d53-ce31a075cee2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.550898Z", "modified": "2026-06-02T15:57:33.550898Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (flkdjodmoefccepdihipjdlianmkmhgc) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flkdjodmoefccepdihipjdlianmkmhgc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.550857Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:flkdjodmoefccepdihipjdlianmkmhgc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flkdjodmoefccepdihipjdlianmkmhgc", "external_id": "flkdjodmoefccepdihipjdlianmkmhgc"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aae0da71-922d-4fbf-8cb1-7dba30e78feb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.552007Z", "modified": "2026-06-02T15:57:33.552007Z", "name": "Malicious Extension: BlackJack 3D", "description": "Malicious browser extension: BlackJack 3D (imjmnghlhiimodfkdkgnfplhlobehnpm) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/imjmnghlhiimodfkdkgnfplhlobehnpm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.55196Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:imjmnghlhiimodfkdkgnfplhlobehnpm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/imjmnghlhiimodfkdkgnfplhlobehnpm", "external_id": "imjmnghlhiimodfkdkgnfplhlobehnpm"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7680bd93-f94a-45e8-908f-cd0f1e5b3e1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.553045Z", "modified": "2026-06-02T15:57:33.553045Z", "name": "Malicious Extension: High or Low Casino Game", "description": "Malicious browser extension: High or Low Casino Game (ijccacgjefefdpglhclnbpfjlcbagafm) Socket April 2026 MaaS campaign. C2 infrastructure at cloudapi[.]stream. Steals Google OAuth identity and session data. Part of 108-extension coordinated campaign identified by Socket Threat Research Team (socket.dev, Apr 2026). Stage 5A confirmed. | Original note: Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ijccacgjefefdpglhclnbpfjlcbagafm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.553005Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ijccacgjefefdpglhclnbpfjlcbagafm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ijccacgjefefdpglhclnbpfjlcbagafm", "external_id": "ijccacgjefefdpglhclnbpfjlcbagafm"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5dd1a0ec-a28f-404d-ab08-f5b0112bebaa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.554055Z", "modified": "2026-06-02T15:57:33.554055Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oejhnncfanbaogjlbknmlgjpleachclf) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oejhnncfanbaogjlbknmlgjpleachclf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.554018Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oejhnncfanbaogjlbknmlgjpleachclf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oejhnncfanbaogjlbknmlgjpleachclf", "external_id": "oejhnncfanbaogjlbknmlgjpleachclf"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0db5c5dd-c7d2-4fa2-9b5d-6a0ead77d050", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.555045Z", "modified": "2026-06-02T15:57:33.555045Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (haochenfmhglpholokliifmlpafilfdc) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/haochenfmhglpholokliifmlpafilfdc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.555007Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:haochenfmhglpholokliifmlpafilfdc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/haochenfmhglpholokliifmlpafilfdc", "external_id": "haochenfmhglpholokliifmlpafilfdc"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--533a3bb6-7f3c-4e57-b71e-fc207d8307d8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.556047Z", "modified": "2026-06-02T15:57:33.556047Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mheomooihiffmcgldolenemmplpgoahn) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mheomooihiffmcgldolenemmplpgoahn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.55601Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mheomooihiffmcgldolenemmplpgoahn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mheomooihiffmcgldolenemmplpgoahn", "external_id": "mheomooihiffmcgldolenemmplpgoahn"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cdc91774-48c7-4d0c-9882-8d58d3fcc2a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.557037Z", "modified": "2026-06-02T15:57:33.557037Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mmbbjakjlpmndjlbhihlddgcdppblpka) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmbbjakjlpmndjlbhihlddgcdppblpka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.556991Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmbbjakjlpmndjlbhihlddgcdppblpka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmbbjakjlpmndjlbhihlddgcdppblpka", "external_id": "mmbbjakjlpmndjlbhihlddgcdppblpka"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--52375095-4eb7-4657-9e0d-0ddb5ad3e2be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.558201Z", "modified": "2026-06-02T15:57:33.558201Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (akifdnfipbeoonhoeabdicnlcdhghmpn) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akifdnfipbeoonhoeabdicnlcdhghmpn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.558159Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:akifdnfipbeoonhoeabdicnlcdhghmpn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akifdnfipbeoonhoeabdicnlcdhghmpn", "external_id": "akifdnfipbeoonhoeabdicnlcdhghmpn"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c65a90c9-2e53-4c35-ab9f-dbac3ba154ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.559204Z", "modified": "2026-06-02T15:57:33.559204Z", "name": "Malicious Extension: Formula Rush Racing Game", "description": "Malicious browser extension: Formula Rush Racing Game (akebbllmckjphjiojeioooidhnddnplj) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akebbllmckjphjiojeioooidhnddnplj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.559166Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:akebbllmckjphjiojeioooidhnddnplj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akebbllmckjphjiojeioooidhnddnplj", "external_id": "akebbllmckjphjiojeioooidhnddnplj"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--df782a1b-a969-4ff9-ba65-03e92074b714", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.560199Z", "modified": "2026-06-02T15:57:33.560199Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lmcpbhamfpbonaenickjclacodolkbdl) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmcpbhamfpbonaenickjclacodolkbdl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.560162Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmcpbhamfpbonaenickjclacodolkbdl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmcpbhamfpbonaenickjclacodolkbdl", "external_id": "lmcpbhamfpbonaenickjclacodolkbdl"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9f243204-ca5a-4ef7-bbc1-23aafffc99cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.561181Z", "modified": "2026-06-02T15:57:33.561181Z", "name": "Malicious Extension: Straight 4", "description": "Malicious browser extension: Straight 4 (dohenclhhdfljpjlnpjnephpccbdgmmb) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dohenclhhdfljpjlnpjnephpccbdgmmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.561143Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dohenclhhdfljpjlnpjnephpccbdgmmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dohenclhhdfljpjlnpjnephpccbdgmmb", "external_id": "dohenclhhdfljpjlnpjnephpccbdgmmb"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--77176776-4305-4b2e-9349-5d0fa9ad2e93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.562153Z", "modified": "2026-06-02T15:57:33.562153Z", "name": "Malicious Extension: Hockey Shootout", "description": "Malicious browser extension: Hockey Shootout (cehdkmmfadpplgchnbjgdngdcjmhlfcc) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cehdkmmfadpplgchnbjgdngdcjmhlfcc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.562116Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cehdkmmfadpplgchnbjgdngdcjmhlfcc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cehdkmmfadpplgchnbjgdngdcjmhlfcc", "external_id": "cehdkmmfadpplgchnbjgdngdcjmhlfcc"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fd55d147-e8b4-43ab-bcb0-903338ed7452", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.563145Z", "modified": "2026-06-02T15:57:33.563145Z", "name": "Malicious Extension: Game Crypto Merge", "description": "Malicious browser extension: Game Crypto Merge (ljbgkfbiifhpgpipepnfefijldolkhlm) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljbgkfbiifhpgpipepnfefijldolkhlm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.563095Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljbgkfbiifhpgpipepnfefijldolkhlm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljbgkfbiifhpgpipepnfefijldolkhlm", "external_id": "ljbgkfbiifhpgpipepnfefijldolkhlm"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--09302f6d-dcc0-46fc-a295-0ea5deafbbef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.564202Z", "modified": "2026-06-02T15:57:33.564202Z", "name": "Malicious Extension: Web Client for TikTok", "description": "Malicious browser extension: Web Client for TikTok (cbfhnceafaenchbefokkngcbnejached) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbfhnceafaenchbefokkngcbnejached']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-04-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cbfhnceafaenchbefokkngcbnejached", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbfhnceafaenchbefokkngcbnejached", "external_id": "cbfhnceafaenchbefokkngcbnejached"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a0b356ae-4b77-49b3-9b99-6d063e2ba66e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.565352Z", "modified": "2026-06-02T15:57:33.565352Z", "name": "Malicious Extension: Slot Ramses", "description": "Malicious browser extension: Slot Ramses (gbhhgipmedccnankkjchgcidiigmioio) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gbhhgipmedccnankkjchgcidiigmioio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.565315Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gbhhgipmedccnankkjchgcidiigmioio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gbhhgipmedccnankkjchgcidiigmioio", "external_id": "gbhhgipmedccnankkjchgcidiigmioio"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a127b65e-b645-418e-9f1b-08cecc4229c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.566339Z", "modified": "2026-06-02T15:57:33.566339Z", "name": "Malicious Extension: Mini Golf World", "description": "Malicious browser extension: Mini Golf World (kblomapfkjidbbbdllmofkcakcenkmec) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kblomapfkjidbbbdllmofkcakcenkmec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.566302Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kblomapfkjidbbbdllmofkcakcenkmec", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kblomapfkjidbbbdllmofkcakcenkmec", "external_id": "kblomapfkjidbbbdllmofkcakcenkmec"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--229aa6fb-f11e-42cc-a694-2e791edec6a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.567329Z", "modified": "2026-06-02T15:57:33.567329Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bnchgibgpgmlickioneccggfobljmhjc) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bnchgibgpgmlickioneccggfobljmhjc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.567291Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bnchgibgpgmlickioneccggfobljmhjc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bnchgibgpgmlickioneccggfobljmhjc", "external_id": "bnchgibgpgmlickioneccggfobljmhjc"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--44a32e90-6554-4031-bedc-29373712ce32", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.568308Z", "modified": "2026-06-02T15:57:33.568308Z", "name": "Malicious Extension: Gold Rush - Slot Machine", "description": "Malicious browser extension: Gold Rush - Slot Machine (kbmindomjiejdikjaagfdbdfpnlanobi) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kbmindomjiejdikjaagfdbdfpnlanobi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.568271Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kbmindomjiejdikjaagfdbdfpnlanobi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kbmindomjiejdikjaagfdbdfpnlanobi", "external_id": "kbmindomjiejdikjaagfdbdfpnlanobi"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4207f424-a4f9-48c8-b238-df3fb10fec63", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.569282Z", "modified": "2026-06-02T15:57:33.569282Z", "name": "Malicious Extension: Video Poker Jacks or Better", "description": "Malicious browser extension: Video Poker Jacks or Better (peflgkmfmoijonfgcjdlpnnfdegnlaji) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/peflgkmfmoijonfgcjdlpnnfdegnlaji']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.569245Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:peflgkmfmoijonfgcjdlpnnfdegnlaji", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/peflgkmfmoijonfgcjdlpnnfdegnlaji", "external_id": "peflgkmfmoijonfgcjdlpnnfdegnlaji"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1aea5d56-eeb9-4769-96c0-44ea96f238d4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.570259Z", "modified": "2026-06-02T15:57:33.570259Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hdmppejcahhppjhkncagagopecddokpi) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdmppejcahhppjhkncagagopecddokpi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.570215Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdmppejcahhppjhkncagagopecddokpi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdmppejcahhppjhkncagagopecddokpi", "external_id": "hdmppejcahhppjhkncagagopecddokpi"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--72988324-c6cd-42ae-8733-ed8a73680275", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.571259Z", "modified": "2026-06-02T15:57:33.571259Z", "name": "Malicious Extension: 3D Soccer Slot Machine", "description": "Malicious browser extension: 3D Soccer Slot Machine (kknakidneabpfgepadgpkibalcnabnnh) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kknakidneabpfgepadgpkibalcnabnnh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.571221Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kknakidneabpfgepadgpkibalcnabnnh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kknakidneabpfgepadgpkibalcnabnnh", "external_id": "kknakidneabpfgepadgpkibalcnabnnh"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--df2b5353-5cfb-48b0-a7a8-fa4dcb4db303", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.573307Z", "modified": "2026-06-02T15:57:33.573307Z", "name": "Malicious Extension: Slot Machine Ultimate Soccer", "description": "Malicious browser extension: Slot Machine Ultimate Soccer (hnpbijogiiaegambgpaenjbcbgaeimlf) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hnpbijogiiaegambgpaenjbcbgaeimlf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.573269Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hnpbijogiiaegambgpaenjbcbgaeimlf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hnpbijogiiaegambgpaenjbcbgaeimlf", "external_id": "hnpbijogiiaegambgpaenjbcbgaeimlf"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cf9f5926-fe69-4088-aa21-c40ba072767c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.574339Z", "modified": "2026-06-02T15:57:33.574339Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lefndgfmmbdklidbkeifpgclmpnhcilg) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lefndgfmmbdklidbkeifpgclmpnhcilg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.574301Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lefndgfmmbdklidbkeifpgclmpnhcilg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lefndgfmmbdklidbkeifpgclmpnhcilg", "external_id": "lefndgfmmbdklidbkeifpgclmpnhcilg"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--db6dd6e6-998f-4b77-a79a-96175fc61c8c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.575359Z", "modified": "2026-06-02T15:57:33.575359Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (amkkjdjjgiiamenbopfpdmjcleecjjgg) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/amkkjdjjgiiamenbopfpdmjcleecjjgg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.575322Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:amkkjdjjgiiamenbopfpdmjcleecjjgg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/amkkjdjjgiiamenbopfpdmjcleecjjgg", "external_id": "amkkjdjjgiiamenbopfpdmjcleecjjgg"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--17ffef65-63e7-4e53-9c9e-229fe45b1edb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.576368Z", "modified": "2026-06-02T15:57:33.576368Z", "name": "Malicious Extension: Classic Backgammon", "description": "Malicious browser extension: Classic Backgammon (jnmmbmkmbkcccpihjgnhjmhhkokfdnfe) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jnmmbmkmbkcccpihjgnhjmhhkokfdnfe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.57633Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jnmmbmkmbkcccpihjgnhjmhhkokfdnfe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jnmmbmkmbkcccpihjgnhjmhhkokfdnfe", "external_id": "jnmmbmkmbkcccpihjgnhjmhhkokfdnfe"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--45d390e1-12c1-4e04-aa59-9ec5e8c6c9bc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.577361Z", "modified": "2026-06-02T15:57:33.577361Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lfkknbmaifjomagejflmjklcmpadmmdg) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lfkknbmaifjomagejflmjklcmpadmmdg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.577317Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lfkknbmaifjomagejflmjklcmpadmmdg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lfkknbmaifjomagejflmjklcmpadmmdg", "external_id": "lfkknbmaifjomagejflmjklcmpadmmdg"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8f61ef98-119c-4ee4-b237-6b34fc2e0d7b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.578342Z", "modified": "2026-06-02T15:57:33.578342Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cljengcehefhflhoahaambmkknjekjib) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cljengcehefhflhoahaambmkknjekjib']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.578304Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cljengcehefhflhoahaambmkknjekjib", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cljengcehefhflhoahaambmkknjekjib", "external_id": "cljengcehefhflhoahaambmkknjekjib"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a2c52b19-843d-4809-b327-df3457091190", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.579331Z", "modified": "2026-06-02T15:57:33.579331Z", "name": "Malicious Extension: Mahjong Deluxe", "description": "Malicious browser extension: Mahjong Deluxe (amnaljnjmgajgajelnplfmidgjgbjfhe) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/amnaljnjmgajgajelnplfmidgjgbjfhe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.579287Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:amnaljnjmgajgajelnplfmidgjgbjfhe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/amnaljnjmgajgajelnplfmidgjgbjfhe", "external_id": "amnaljnjmgajgajelnplfmidgjgbjfhe"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cffc02f7-fcaa-417b-90ec-076a4328d949", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.580466Z", "modified": "2026-06-02T15:57:33.580466Z", "name": "Malicious Extension: Bingo", "description": "Malicious browser extension: Bingo (dbohcpohlgnhgjmfkakoniiplglpfhcb) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dbohcpohlgnhgjmfkakoniiplglpfhcb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.580428Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dbohcpohlgnhgjmfkakoniiplglpfhcb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dbohcpohlgnhgjmfkakoniiplglpfhcb", "external_id": "dbohcpohlgnhgjmfkakoniiplglpfhcb"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--27d63bdf-8f53-414e-ade3-530628bb4063", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.58145Z", "modified": "2026-06-02T15:57:33.58145Z", "name": "Malicious Extension: Rugby Rush", "description": "Malicious browser extension: Rugby Rush (cpnfioldnmhaihohppoaebillnambcgn) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cpnfioldnmhaihohppoaebillnambcgn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.581413Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cpnfioldnmhaihohppoaebillnambcgn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cpnfioldnmhaihohppoaebillnambcgn", "external_id": "cpnfioldnmhaihohppoaebillnambcgn"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1c092bd9-e870-4f06-82f8-8e813a29f7db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.582429Z", "modified": "2026-06-02T15:57:33.582429Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (enmmilgindjmffoljaojkcgloakmloen) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/enmmilgindjmffoljaojkcgloakmloen']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.582391Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:enmmilgindjmffoljaojkcgloakmloen", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/enmmilgindjmffoljaojkcgloakmloen", "external_id": "enmmilgindjmffoljaojkcgloakmloen"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d574fbca-799d-429e-868e-d72c174ebe7d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.583421Z", "modified": "2026-06-02T15:57:33.583421Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (maeccdadgnadblfddcmanhpofobhgfme) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/maeccdadgnadblfddcmanhpofobhgfme']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.583377Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:maeccdadgnadblfddcmanhpofobhgfme", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/maeccdadgnadblfddcmanhpofobhgfme", "external_id": "maeccdadgnadblfddcmanhpofobhgfme"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b426daf5-06bc-4426-a89e-9e95e0554d5d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.584463Z", "modified": "2026-06-02T15:57:33.584463Z", "name": "Malicious Extension: SideYou", "description": "Malicious browser extension: SideYou (bfoofgelpmalhcmedaaeogahlmbkopfd) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bfoofgelpmalhcmedaaeogahlmbkopfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-04-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bfoofgelpmalhcmedaaeogahlmbkopfd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bfoofgelpmalhcmedaaeogahlmbkopfd", "external_id": "bfoofgelpmalhcmedaaeogahlmbkopfd"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6eed1b5e-51da-41b2-8f90-4ab8252222b2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.585457Z", "modified": "2026-06-02T15:57:33.585457Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ihbkmfoadnfjgkpdmgcboiehapkiflme) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ihbkmfoadnfjgkpdmgcboiehapkiflme']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.585414Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ihbkmfoadnfjgkpdmgcboiehapkiflme", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ihbkmfoadnfjgkpdmgcboiehapkiflme", "external_id": "ihbkmfoadnfjgkpdmgcboiehapkiflme"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9cca5a73-e4fd-4517-822a-3f4fdf35c5b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.586438Z", "modified": "2026-06-02T15:57:33.586438Z", "name": "Malicious Extension: Clear Cache Plus", "description": "Malicious browser extension: Clear Cache Plus (bgdkbjcdecedfoejdfgeafdodjgfohno) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bgdkbjcdecedfoejdfgeafdodjgfohno']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.586402Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bgdkbjcdecedfoejdfgeafdodjgfohno", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bgdkbjcdecedfoejdfgeafdodjgfohno", "external_id": "bgdkbjcdecedfoejdfgeafdodjgfohno"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1742c6bb-9f6a-4ea1-9d97-065fd6993db6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.587583Z", "modified": "2026-06-02T15:57:33.587583Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cmlbghnlnbjkdgfjlegkbjmadpbmlgjb) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cmlbghnlnbjkdgfjlegkbjmadpbmlgjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.587546Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cmlbghnlnbjkdgfjlegkbjmadpbmlgjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cmlbghnlnbjkdgfjlegkbjmadpbmlgjb", "external_id": "cmlbghnlnbjkdgfjlegkbjmadpbmlgjb"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4c67218f-95a2-41e1-86a5-f739f9bc9211", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.588574Z", "modified": "2026-06-02T15:57:33.588574Z", "name": "Malicious Extension: Pirat Slot", "description": "Malicious browser extension: Pirat Slot (kbnkkecifeppobnemkielnpagifkobki) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kbnkkecifeppobnemkielnpagifkobki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.588529Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kbnkkecifeppobnemkielnpagifkobki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kbnkkecifeppobnemkielnpagifkobki", "external_id": "kbnkkecifeppobnemkielnpagifkobki"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--62c89f36-a391-4849-936a-aa1e73913ee9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.589556Z", "modified": "2026-06-02T15:57:33.589556Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cnibdhllkgidlgmaoanhkemjeklneolk) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cnibdhllkgidlgmaoanhkemjeklneolk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.589515Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cnibdhllkgidlgmaoanhkemjeklneolk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cnibdhllkgidlgmaoanhkemjeklneolk", "external_id": "cnibdhllkgidlgmaoanhkemjeklneolk"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e9d58ee9-6b9e-4af4-a168-6dad70585b4e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.590527Z", "modified": "2026-06-02T15:57:33.590527Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ijpgccpmogehkjhdmomckpkfcpbjlmnj) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ijpgccpmogehkjhdmomckpkfcpbjlmnj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.59049Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ijpgccpmogehkjhdmomckpkfcpbjlmnj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ijpgccpmogehkjhdmomckpkfcpbjlmnj", "external_id": "ijpgccpmogehkjhdmomckpkfcpbjlmnj"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5665bb7e-98b9-4fd3-9ea2-dc45551a25a0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.591504Z", "modified": "2026-06-02T15:57:33.591504Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (phfkdailnomcbcknpdmokejhellbecjb) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/phfkdailnomcbcknpdmokejhellbecjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.591467Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:phfkdailnomcbcknpdmokejhellbecjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/phfkdailnomcbcknpdmokejhellbecjb", "external_id": "phfkdailnomcbcknpdmokejhellbecjb"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cdc2961e-d5a2-4079-95fb-d3c96c437570", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.592482Z", "modified": "2026-06-02T15:57:33.592482Z", "name": "Malicious Extension: American Roulette Royale", "description": "Malicious browser extension: American Roulette Royale (ejlcbfmhjbkgohopdkijfgggbikgbacb) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ejlcbfmhjbkgohopdkijfgggbikgbacb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.592445Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ejlcbfmhjbkgohopdkijfgggbikgbacb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ejlcbfmhjbkgohopdkijfgggbikgbacb", "external_id": "ejlcbfmhjbkgohopdkijfgggbikgbacb"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fe2af9e2-ff30-41bf-a77c-d8f2e77cf24d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.593505Z", "modified": "2026-06-02T15:57:33.593505Z", "name": "Malicious Extension: Text Translation", "description": "Malicious browser extension: Text Translation (ogogpebnagniggbnkbpjioobomdbmdcj) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ogogpebnagniggbnkbpjioobomdbmdcj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-04-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ogogpebnagniggbnkbpjioobomdbmdcj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ogogpebnagniggbnkbpjioobomdbmdcj", "external_id": "ogogpebnagniggbnkbpjioobomdbmdcj"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ecf5696d-ad0b-4f0c-8bdb-e77faa99aa99", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.594641Z", "modified": "2026-06-02T15:57:33.594641Z", "name": "Malicious Extension: Battleship War", "description": "Malicious browser extension: Battleship War (gfhcdakcnpahfdealajmhcapnhhablbp) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gfhcdakcnpahfdealajmhcapnhhablbp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.594604Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gfhcdakcnpahfdealajmhcapnhhablbp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gfhcdakcnpahfdealajmhcapnhhablbp", "external_id": "gfhcdakcnpahfdealajmhcapnhhablbp"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c409e8d7-6971-49f5-b1fd-a77c6600b67e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.59565Z", "modified": "2026-06-02T15:57:33.59565Z", "name": "Malicious Extension: Penalty Kicks", "description": "Malicious browser extension: Penalty Kicks (mmbkmjmlnhocfcnjmbchmflamalekbnb) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmbkmjmlnhocfcnjmbchmflamalekbnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.595607Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmbkmjmlnhocfcnjmbchmflamalekbnb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmbkmjmlnhocfcnjmbchmflamalekbnb", "external_id": "mmbkmjmlnhocfcnjmbchmflamalekbnb"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1aa84837-3a08-4fe1-b233-9cbf4f1aed65", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.596647Z", "modified": "2026-06-02T15:57:33.596647Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gaafhblhbnkekenogcjniofhbicchlke) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gaafhblhbnkekenogcjniofhbicchlke']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.59661Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gaafhblhbnkekenogcjniofhbicchlke", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gaafhblhbnkekenogcjniofhbicchlke", "external_id": "gaafhblhbnkekenogcjniofhbicchlke"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e2fd6216-cd41-4768-be36-f71a9ff0fc14", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.597634Z", "modified": "2026-06-02T15:57:33.597634Z", "name": "Malicious Extension: Caribbean Stud Poker", "description": "Malicious browser extension: Caribbean Stud Poker (lcijkepobdokkgmefebkiejhealgblle) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lcijkepobdokkgmefebkiejhealgblle']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.597597Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lcijkepobdokkgmefebkiejhealgblle", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lcijkepobdokkgmefebkiejhealgblle", "external_id": "lcijkepobdokkgmefebkiejhealgblle"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8ef751ea-9ab5-4e3c-89ce-77bd9319d418", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.598613Z", "modified": "2026-06-02T15:57:33.598613Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dmaibhbbpmdihedidicfeigilkbobcog) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dmaibhbbpmdihedidicfeigilkbobcog']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.598576Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dmaibhbbpmdihedidicfeigilkbobcog", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dmaibhbbpmdihedidicfeigilkbobcog", "external_id": "dmaibhbbpmdihedidicfeigilkbobcog"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fc9ff78e-2287-49a0-965d-0a7db8aab524", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.599614Z", "modified": "2026-06-02T15:57:33.599614Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (heljkmdknlfhiecpknceodpbokeipigo) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/heljkmdknlfhiecpknceodpbokeipigo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.599577Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:heljkmdknlfhiecpknceodpbokeipigo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/heljkmdknlfhiecpknceodpbokeipigo", "external_id": "heljkmdknlfhiecpknceodpbokeipigo"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ac81a339-9d78-469a-9d75-a93e2cef6df6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.600585Z", "modified": "2026-06-02T15:57:33.600585Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fmajpchoiahphjiligpmghnhmabolhoh) Source: https://github.com/chartingshow/crypto-firewall/issues/1554 \u2014 metadata pending", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmajpchoiahphjiligpmghnhmabolhoh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.600548Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmajpchoiahphjiligpmghnhmabolhoh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmajpchoiahphjiligpmghnhmabolhoh", "external_id": "fmajpchoiahphjiligpmghnhmabolhoh"}, {"source_name": "Article", "url": "https://github.com/chartingshow/crypto-firewall/issues/1554"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--94e03a56-ef79-41be-bafa-4cc5cadc131e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.602017Z", "modified": "2026-06-02T15:57:33.602017Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aaakfiobbojanlacpbeejjimehmpoffh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aaakfiobbojanlacpbeejjimehmpoffh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.60198Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aaakfiobbojanlacpbeejjimehmpoffh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aaakfiobbojanlacpbeejjimehmpoffh", "external_id": "aaakfiobbojanlacpbeejjimehmpoffh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bd422575-3fef-4f7a-82df-61c27a66a492", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.602997Z", "modified": "2026-06-02T15:57:33.602997Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aacfibelemnkkbkelbhdbfhokeemfaho) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aacfibelemnkkbkelbhdbfhokeemfaho']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.60296Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aacfibelemnkkbkelbhdbfhokeemfaho", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aacfibelemnkkbkelbhdbfhokeemfaho", "external_id": "aacfibelemnkkbkelbhdbfhokeemfaho"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d6c9228c-6754-411b-996e-2a5bd3510efb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.603986Z", "modified": "2026-06-02T15:57:33.603986Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aafibkjcplagpjkhkeamkpaellnglepe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aafibkjcplagpjkhkeamkpaellnglepe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.603949Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aafibkjcplagpjkhkeamkpaellnglepe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aafibkjcplagpjkhkeamkpaellnglepe", "external_id": "aafibkjcplagpjkhkeamkpaellnglepe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7b67ecd2-e5e5-4343-b6eb-aa91922cf2b9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.60496Z", "modified": "2026-06-02T15:57:33.60496Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aaiolimgbncdaldgbbjkidiijidchhjo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aaiolimgbncdaldgbbjkidiijidchhjo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.604923Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aaiolimgbncdaldgbbjkidiijidchhjo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aaiolimgbncdaldgbbjkidiijidchhjo", "external_id": "aaiolimgbncdaldgbbjkidiijidchhjo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2c1608cc-7b02-432b-ba6c-f56d99a719f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.606234Z", "modified": "2026-06-02T15:57:33.606234Z", "name": "Malicious Extension: WAME", "description": "Malicious browser extension: WAME (aajdkangkldmljmoaoehmbnchdjkgojk) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aajdkangkldmljmoaoehmbnchdjkgojk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.606197Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:aajdkangkldmljmoaoehmbnchdjkgojk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aajdkangkldmljmoaoehmbnchdjkgojk", "external_id": "aajdkangkldmljmoaoehmbnchdjkgojk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b4fb2899-9913-4973-9513-b2290e35b5b2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.60722Z", "modified": "2026-06-02T15:57:33.60722Z", "name": "Malicious Extension: Clothing Brand Name Generator", "description": "Malicious browser extension: Clothing Brand Name Generator (abbngaojehjekanfdipifimgmppiojpl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/abbngaojehjekanfdipifimgmppiojpl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.607183Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:abbngaojehjekanfdipifimgmppiojpl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/abbngaojehjekanfdipifimgmppiojpl", "external_id": "abbngaojehjekanfdipifimgmppiojpl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5eaecbcd-fac6-4142-81d7-2c531b1a99be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.608209Z", "modified": "2026-06-02T15:57:33.608209Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (abigbbblmfhbgbjjdolageghdkdibeap) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/abigbbblmfhbgbjjdolageghdkdibeap']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.608173Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:abigbbblmfhbgbjjdolageghdkdibeap", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/abigbbblmfhbgbjjdolageghdkdibeap", "external_id": "abigbbblmfhbgbjjdolageghdkdibeap"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--547fa920-684b-4f92-969b-7c182720d67c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.609337Z", "modified": "2026-06-02T15:57:33.609337Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (abkebhncjihnoblbkcmhogfdpdmdklhg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/abkebhncjihnoblbkcmhogfdpdmdklhg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.609301Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:abkebhncjihnoblbkcmhogfdpdmdklhg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/abkebhncjihnoblbkcmhogfdpdmdklhg", "external_id": "abkebhncjihnoblbkcmhogfdpdmdklhg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3f65d1e8-0b55-49ec-8842-f1ba66c689b7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.610327Z", "modified": "2026-06-02T15:57:33.610327Z", "name": "Malicious Extension: WAVENDY", "description": "Malicious browser extension: WAVENDY (abkolnpebgghiglkkdjcgjgbpnddmfmp) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/abkolnpebgghiglkkdjcgjgbpnddmfmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.61029Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:abkolnpebgghiglkkdjcgjgbpnddmfmp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/abkolnpebgghiglkkdjcgjgbpnddmfmp", "external_id": "abkolnpebgghiglkkdjcgjgbpnddmfmp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f60ae476-1982-414a-a9ba-b7dec498c97a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.611323Z", "modified": "2026-06-02T15:57:33.611323Z", "name": "Malicious Extension: Eddye", "description": "Malicious browser extension: Eddye (abpcbpoghgmfjkkdoeknbldhkklpcmfn) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/abpcbpoghgmfjkkdoeknbldhkklpcmfn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.611286Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:abpcbpoghgmfjkkdoeknbldhkklpcmfn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/abpcbpoghgmfjkkdoeknbldhkklpcmfn", "external_id": "abpcbpoghgmfjkkdoeknbldhkklpcmfn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4a4f508a-0cf3-43ac-9747-4509bad64d2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.612312Z", "modified": "2026-06-02T15:57:33.612312Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (acaeafediijmccnjlokgcdiojiljfpbe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acaeafediijmccnjlokgcdiojiljfpbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.612275Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:acaeafediijmccnjlokgcdiojiljfpbe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acaeafediijmccnjlokgcdiojiljfpbe", "external_id": "acaeafediijmccnjlokgcdiojiljfpbe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--392ed533-9832-4f2a-bce6-05de25c1514b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.613286Z", "modified": "2026-06-02T15:57:33.613286Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (acchdggcflgidjdcnhnnkfengdcmldae) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acchdggcflgidjdcnhnnkfengdcmldae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.61325Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:acchdggcflgidjdcnhnnkfengdcmldae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acchdggcflgidjdcnhnnkfengdcmldae", "external_id": "acchdggcflgidjdcnhnnkfengdcmldae"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3caa54e8-92a2-4ce7-974d-ecdbfe95a0f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.614268Z", "modified": "2026-06-02T15:57:33.614268Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (achcinfieogfidhjekdbbmapmffifchl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/achcinfieogfidhjekdbbmapmffifchl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.614232Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:achcinfieogfidhjekdbbmapmffifchl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/achcinfieogfidhjekdbbmapmffifchl", "external_id": "achcinfieogfidhjekdbbmapmffifchl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2512bbba-0d56-4274-bef6-007949f90e9d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.615252Z", "modified": "2026-06-02T15:57:33.615252Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aciamgifeoagmcojlibbdhoabolgdopo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aciamgifeoagmcojlibbdhoabolgdopo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.615214Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aciamgifeoagmcojlibbdhoabolgdopo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aciamgifeoagmcojlibbdhoabolgdopo", "external_id": "aciamgifeoagmcojlibbdhoabolgdopo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7c076fb1-9849-4df3-9bba-fa21e18706ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.616385Z", "modified": "2026-06-02T15:57:33.616385Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (acmiibcdcmaghndcahglamnhnlmcmlng) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acmiibcdcmaghndcahglamnhnlmcmlng']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.616349Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:acmiibcdcmaghndcahglamnhnlmcmlng", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acmiibcdcmaghndcahglamnhnlmcmlng", "external_id": "acmiibcdcmaghndcahglamnhnlmcmlng"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--11c9e9a6-c443-40e5-8aea-653dc72a96f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.617381Z", "modified": "2026-06-02T15:57:33.617381Z", "name": "Malicious Extension: WhatSeller", "description": "Malicious browser extension: WhatSeller (acncpfocelnijeegfclfigffjgancfod) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acncpfocelnijeegfclfigffjgancfod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.617345Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:acncpfocelnijeegfclfigffjgancfod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acncpfocelnijeegfclfigffjgancfod", "external_id": "acncpfocelnijeegfclfigffjgancfod"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0f46d05c-e161-4d42-a393-1cda1898d2a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.618358Z", "modified": "2026-06-02T15:57:33.618358Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (acogeoajdpgplfhidldckbjkkpgeebod) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acogeoajdpgplfhidldckbjkkpgeebod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.618322Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:acogeoajdpgplfhidldckbjkkpgeebod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acogeoajdpgplfhidldckbjkkpgeebod", "external_id": "acogeoajdpgplfhidldckbjkkpgeebod"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1577a1b4-7e0f-43ec-9a2f-dadadaec9e38", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.619432Z", "modified": "2026-06-02T15:57:33.619432Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (acojldicjlifbkkfaijnomogffamiadi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acojldicjlifbkkfaijnomogffamiadi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.619393Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:acojldicjlifbkkfaijnomogffamiadi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acojldicjlifbkkfaijnomogffamiadi", "external_id": "acojldicjlifbkkfaijnomogffamiadi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dca7faef-090b-41d6-8125-524464a39e4c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.620479Z", "modified": "2026-06-02T15:57:33.620479Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (addnfehdcokmboamjapbiihagbppejnb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/addnfehdcokmboamjapbiihagbppejnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.620442Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:addnfehdcokmboamjapbiihagbppejnb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/addnfehdcokmboamjapbiihagbppejnb", "external_id": "addnfehdcokmboamjapbiihagbppejnb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--470a06d2-b5be-4966-81d9-6802a4f28218", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.621461Z", "modified": "2026-06-02T15:57:33.621461Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (adjcpjpdmmlcledcenjinjnhnjcnciih) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/adjcpjpdmmlcledcenjinjnhnjcnciih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.621424Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:adjcpjpdmmlcledcenjinjnhnjcnciih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/adjcpjpdmmlcledcenjinjnhnjcnciih", "external_id": "adjcpjpdmmlcledcenjinjnhnjcnciih"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--000713c6-5f93-4f7a-beff-44a123fa7604", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.62244Z", "modified": "2026-06-02T15:57:33.62244Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (adjiklnjodbiaioggfpbpkhbfcnhgkfe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/adjiklnjodbiaioggfpbpkhbfcnhgkfe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.622402Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:adjiklnjodbiaioggfpbpkhbfcnhgkfe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/adjiklnjodbiaioggfpbpkhbfcnhgkfe", "external_id": "adjiklnjodbiaioggfpbpkhbfcnhgkfe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2e869a78-fc0d-4eba-89d5-477ec154f01d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.623584Z", "modified": "2026-06-02T15:57:33.623584Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (adjiljljjoeielcjmafljkicjncjpbha) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/adjiljljjoeielcjmafljkicjncjpbha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.623548Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:adjiljljjoeielcjmafljkicjncjpbha", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/adjiljljjoeielcjmafljkicjncjpbha", "external_id": "adjiljljjoeielcjmafljkicjncjpbha"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--683d855d-7bae-4b41-a17f-ae363f3d32ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.624582Z", "modified": "2026-06-02T15:57:33.624582Z", "name": "Malicious Extension: zapboost", "description": "Malicious browser extension: zapboost (adjmmdjciklooaidchgnmbdjmmgobcnc) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/adjmmdjciklooaidchgnmbdjmmgobcnc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.624545Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:adjmmdjciklooaidchgnmbdjmmgobcnc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/adjmmdjciklooaidchgnmbdjmmgobcnc", "external_id": "adjmmdjciklooaidchgnmbdjmmgobcnc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--480dd671-0a62-4b3a-96be-72a412a96930", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.625568Z", "modified": "2026-06-02T15:57:33.625568Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (adjpoipklnhlapjijccnemdhkcphcegd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/adjpoipklnhlapjijccnemdhkcphcegd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.625531Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:adjpoipklnhlapjijccnemdhkcphcegd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/adjpoipklnhlapjijccnemdhkcphcegd", "external_id": "adjpoipklnhlapjijccnemdhkcphcegd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2b038dac-3939-4bc1-92f6-a83915134b00", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.626553Z", "modified": "2026-06-02T15:57:33.626553Z", "name": "Malicious Extension: Chill Super Mario Pixel Live Wallpaper", "description": "Malicious browser extension: Chill Super Mario Pixel Live Wallpaper (aeggcdnlgoodafmelonmibaaclbeejol) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aeggcdnlgoodafmelonmibaaclbeejol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.626516Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aeggcdnlgoodafmelonmibaaclbeejol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aeggcdnlgoodafmelonmibaaclbeejol", "external_id": "aeggcdnlgoodafmelonmibaaclbeejol"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0932b6c8-3339-4416-b5fd-e352869b5167", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.627561Z", "modified": "2026-06-02T15:57:33.627561Z", "name": "Malicious Extension: Agencia Guedes", "description": "Malicious browser extension: Agencia Guedes (aehakeblnhhdddmglmolkjcdjblghjbm) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aehakeblnhhdddmglmolkjcdjblghjbm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.627525Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:aehakeblnhhdddmglmolkjcdjblghjbm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aehakeblnhhdddmglmolkjcdjblghjbm", "external_id": "aehakeblnhhdddmglmolkjcdjblghjbm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--093d86c4-de1f-48d0-8bfb-e50c72b02c7b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.628536Z", "modified": "2026-06-02T15:57:33.628536Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aehjmdkbfemaefoebbihbfcmhehgimcl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aehjmdkbfemaefoebbihbfcmhehgimcl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.628499Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aehjmdkbfemaefoebbihbfcmhehgimcl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aehjmdkbfemaefoebbihbfcmhehgimcl", "external_id": "aehjmdkbfemaefoebbihbfcmhehgimcl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e740ab52-092d-42b6-bd67-f37364da96a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.629508Z", "modified": "2026-06-02T15:57:33.629508Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aeibljandkelbcaaemkdnbaacppjdmom) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aeibljandkelbcaaemkdnbaacppjdmom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.629471Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aeibljandkelbcaaemkdnbaacppjdmom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aeibljandkelbcaaemkdnbaacppjdmom", "external_id": "aeibljandkelbcaaemkdnbaacppjdmom"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5dfdc8e7-4d84-4240-a475-ab7c6f086efa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.63064Z", "modified": "2026-06-02T15:57:33.63064Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aeljhijhiagepppblonkhhnnmmknmnll) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aeljhijhiagepppblonkhhnnmmknmnll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.630603Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aeljhijhiagepppblonkhhnnmmknmnll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aeljhijhiagepppblonkhhnnmmknmnll", "external_id": "aeljhijhiagepppblonkhhnnmmknmnll"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aca7c0ce-ec43-491e-99a7-98f09eae9fc3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.631647Z", "modified": "2026-06-02T15:57:33.631647Z", "name": "Malicious Extension: G5 Chat", "description": "Malicious browser extension: G5 Chat (afdhcpnimkgccfjcelgkiipidhebddjh) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/afdhcpnimkgccfjcelgkiipidhebddjh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.63161Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:afdhcpnimkgccfjcelgkiipidhebddjh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/afdhcpnimkgccfjcelgkiipidhebddjh", "external_id": "afdhcpnimkgccfjcelgkiipidhebddjh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0d00f1b5-1269-4f17-8713-96a792f9bd06", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.632632Z", "modified": "2026-06-02T15:57:33.632632Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (afefmfbcccnppcaiebpmbpmddhilkkdi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/afefmfbcccnppcaiebpmbpmddhilkkdi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.632595Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:afefmfbcccnppcaiebpmbpmddhilkkdi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/afefmfbcccnppcaiebpmbpmddhilkkdi", "external_id": "afefmfbcccnppcaiebpmbpmddhilkkdi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8e9a142f-b3d3-4c2e-9d36-0ff9822b29c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.633606Z", "modified": "2026-06-02T15:57:33.633606Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (afiomadkjmmfgknhgkpbmbdffjippidf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/afiomadkjmmfgknhgkpbmbdffjippidf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.633568Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:afiomadkjmmfgknhgkpbmbdffjippidf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/afiomadkjmmfgknhgkpbmbdffjippidf", "external_id": "afiomadkjmmfgknhgkpbmbdffjippidf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e377ae7b-c514-4b42-ab8d-de7841366851", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.634578Z", "modified": "2026-06-02T15:57:33.634578Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (afipijkhaioeopfolgnagcicgpdlcink) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/afipijkhaioeopfolgnagcicgpdlcink']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.634541Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:afipijkhaioeopfolgnagcicgpdlcink", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/afipijkhaioeopfolgnagcicgpdlcink", "external_id": "afipijkhaioeopfolgnagcicgpdlcink"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ae2f314b-df9c-4774-8848-3aa9a13f4e73", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.635569Z", "modified": "2026-06-02T15:57:33.635569Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (afjenpabhpfodjpncbiiahbknnghabdc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/afjenpabhpfodjpncbiiahbknnghabdc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.635526Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:afjenpabhpfodjpncbiiahbknnghabdc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/afjenpabhpfodjpncbiiahbknnghabdc", "external_id": "afjenpabhpfodjpncbiiahbknnghabdc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6635c0de-db95-4c00-ab79-f64eb9724929", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.636548Z", "modified": "2026-06-02T15:57:33.636548Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aflgdgiaihhpkimnpjgeokkcpndllejm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aflgdgiaihhpkimnpjgeokkcpndllejm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.636511Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aflgdgiaihhpkimnpjgeokkcpndllejm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aflgdgiaihhpkimnpjgeokkcpndllejm", "external_id": "aflgdgiaihhpkimnpjgeokkcpndllejm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e5eb243d-052f-4ffa-9572-fd7468efb534", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.63769Z", "modified": "2026-06-02T15:57:33.63769Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (afooldonhjnhddgnfahlepchipjennab) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/afooldonhjnhddgnfahlepchipjennab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.637654Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:afooldonhjnhddgnfahlepchipjennab", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/afooldonhjnhddgnfahlepchipjennab", "external_id": "afooldonhjnhddgnfahlepchipjennab"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--979126e3-f881-45cd-900d-f3f3ae65b712", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.638676Z", "modified": "2026-06-02T15:57:33.638676Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (agdlpnhabjfcbeiempefhpgikapcapjb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/agdlpnhabjfcbeiempefhpgikapcapjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.638639Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:agdlpnhabjfcbeiempefhpgikapcapjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/agdlpnhabjfcbeiempefhpgikapcapjb", "external_id": "agdlpnhabjfcbeiempefhpgikapcapjb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c8e2dc0e-30ae-47f1-b910-a7144c97210f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.639666Z", "modified": "2026-06-02T15:57:33.639666Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aghafppaelpjbjajpgcogcojcbmappoi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aghafppaelpjbjajpgcogcojcbmappoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.63963Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aghafppaelpjbjajpgcogcojcbmappoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aghafppaelpjbjajpgcogcojcbmappoi", "external_id": "aghafppaelpjbjajpgcogcojcbmappoi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--66cae2c8-020b-4253-a2f3-09a65fd8703e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.640648Z", "modified": "2026-06-02T15:57:33.640648Z", "name": "Malicious Extension: Ground News - Bias Checker", "description": "Malicious browser extension: Ground News - Bias Checker (agleiimpggapjekcdhdjbmegjbbkleie) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/agleiimpggapjekcdhdjbmegjbbkleie']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.640612Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:agleiimpggapjekcdhdjbmegjbbkleie", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/agleiimpggapjekcdhdjbmegjbbkleie", "external_id": "agleiimpggapjekcdhdjbmegjbbkleie"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ae3ff9c7-a9c6-4b4c-8b58-bc543806e7cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.641619Z", "modified": "2026-06-02T15:57:33.641619Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (agmjobjagbllceafphmfgokobflfbbbc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/agmjobjagbllceafphmfgokobflfbbbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.641581Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:agmjobjagbllceafphmfgokobflfbbbc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/agmjobjagbllceafphmfgokobflfbbbc", "external_id": "agmjobjagbllceafphmfgokobflfbbbc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--72096d84-8b2d-488f-9841-ba02d6cbc17a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.642586Z", "modified": "2026-06-02T15:57:33.642586Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ahebpkbnckhgjmndfjejibjjahjdlhdb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ahebpkbnckhgjmndfjejibjjahjdlhdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.64255Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ahebpkbnckhgjmndfjejibjjahjdlhdb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ahebpkbnckhgjmndfjejibjjahjdlhdb", "external_id": "ahebpkbnckhgjmndfjejibjjahjdlhdb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--926467da-b353-4c60-a44e-874bb517328b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.64358Z", "modified": "2026-06-02T15:57:33.64358Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ahgccenjociolkbpgbfibmfclcfnlaei) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ahgccenjociolkbpgbfibmfclcfnlaei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.643543Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ahgccenjociolkbpgbfibmfclcfnlaei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ahgccenjociolkbpgbfibmfclcfnlaei", "external_id": "ahgccenjociolkbpgbfibmfclcfnlaei"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3c46d8e2-2c14-4c4c-8939-6be6b9f6bb1e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.644734Z", "modified": "2026-06-02T15:57:33.644734Z", "name": "Malicious Extension: What Vision", "description": "Malicious browser extension: What Vision (ahgellbcclklfinhliakcdgjnebickel) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ahgellbcclklfinhliakcdgjnebickel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.644697Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ahgellbcclklfinhliakcdgjnebickel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ahgellbcclklfinhliakcdgjnebickel", "external_id": "ahgellbcclklfinhliakcdgjnebickel"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cf780c0e-739c-4477-93bd-e1eba7e74be8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.645728Z", "modified": "2026-06-02T15:57:33.645728Z", "name": "Malicious Extension: Dental Chat - Gest\u00e3o de leads e pacientes no Whatsapp para Cl\u00ednicas", "description": "Malicious browser extension: Dental Chat - Gest\u00e3o de leads e pacientes no Whatsapp para Cl\u00ednicas (ahiieliljkcgmghicbgidblclkbklmka) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ahiieliljkcgmghicbgidblclkbklmka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.645691Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ahiieliljkcgmghicbgidblclkbklmka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ahiieliljkcgmghicbgidblclkbklmka", "external_id": "ahiieliljkcgmghicbgidblclkbklmka"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a4bcfc9d-dada-4759-af51-815ca78b7149", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.646704Z", "modified": "2026-06-02T15:57:33.646704Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ahlaffpjeohpmfhljdoedgccdegnnhga) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ahlaffpjeohpmfhljdoedgccdegnnhga']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.646668Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ahlaffpjeohpmfhljdoedgccdegnnhga", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ahlaffpjeohpmfhljdoedgccdegnnhga", "external_id": "ahlaffpjeohpmfhljdoedgccdegnnhga"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1fde722f-0c76-45d7-9b06-7127113816f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.647982Z", "modified": "2026-06-02T15:57:33.647982Z", "name": "Malicious Extension: Amazon Seller Assistant - 10Xprofit Amazon Seller Tools (FBA & FBM)", "description": "Malicious browser extension: Amazon Seller Assistant - 10Xprofit Amazon Seller Tools (FBA & FBM) (ahlnchhkedmjbdocaamkbmhppnligmoh) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=62). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ahlnchhkedmjbdocaamkbmhppnligmoh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.647946Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ahlnchhkedmjbdocaamkbmhppnligmoh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ahlnchhkedmjbdocaamkbmhppnligmoh", "external_id": "ahlnchhkedmjbdocaamkbmhppnligmoh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e8c30164-d0ef-42e0-8aa5-f9f5b21ecbdc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.648958Z", "modified": "2026-06-02T15:57:33.648958Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ahoephlgjcidmeimpjoikglacolnnoce) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ahoephlgjcidmeimpjoikglacolnnoce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.648921Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ahoephlgjcidmeimpjoikglacolnnoce", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ahoephlgjcidmeimpjoikglacolnnoce", "external_id": "ahoephlgjcidmeimpjoikglacolnnoce"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ede1d805-7276-4c2a-8b48-1a9b542f6072", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.650369Z", "modified": "2026-06-02T15:57:33.650369Z", "name": "Malicious Extension: Star Wars Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Star Wars Cursor \u2605 Custom Cursor for Chrome\u2122 (ahofgjkfjljcliehioeefaanagffnffa) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ahofgjkfjljcliehioeefaanagffnffa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.650326Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ahofgjkfjljcliehioeefaanagffnffa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ahofgjkfjljcliehioeefaanagffnffa", "external_id": "ahofgjkfjljcliehioeefaanagffnffa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8904a3d3-1941-4313-ac5d-b72a3e9ee91f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.651523Z", "modified": "2026-06-02T15:57:33.651523Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aiaaeimmjjeceodjpficfnjckenedbon) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aiaaeimmjjeceodjpficfnjckenedbon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.651483Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aiaaeimmjjeceodjpficfnjckenedbon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aiaaeimmjjeceodjpficfnjckenedbon", "external_id": "aiaaeimmjjeceodjpficfnjckenedbon"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bb5fd404-2e68-48cb-8e41-4b66c1bc13c7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.652797Z", "modified": "2026-06-02T15:57:33.652797Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aibfeemadfncnhephomomdicckopkgoe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aibfeemadfncnhephomomdicckopkgoe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.652759Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aibfeemadfncnhephomomdicckopkgoe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aibfeemadfncnhephomomdicckopkgoe", "external_id": "aibfeemadfncnhephomomdicckopkgoe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--69daa6a6-2d7f-4e04-99b4-9e79942f518e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.653855Z", "modified": "2026-06-02T15:57:33.653855Z", "name": "Malicious Extension: KASAPP", "description": "Malicious browser extension: KASAPP (aidmcapfnmaopagoclmgncjeegknibpd) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aidmcapfnmaopagoclmgncjeegknibpd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.653817Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:aidmcapfnmaopagoclmgncjeegknibpd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aidmcapfnmaopagoclmgncjeegknibpd", "external_id": "aidmcapfnmaopagoclmgncjeegknibpd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--415ecc3d-6cf8-45a3-8462-8050dc036727", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.654864Z", "modified": "2026-06-02T15:57:33.654864Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aifdgjjifbkmabkfeekkkhdckfbnmnjb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aifdgjjifbkmabkfeekkkhdckfbnmnjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.654826Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aifdgjjifbkmabkfeekkkhdckfbnmnjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aifdgjjifbkmabkfeekkkhdckfbnmnjb", "external_id": "aifdgjjifbkmabkfeekkkhdckfbnmnjb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--10f9e285-25aa-405d-85c8-16a230a5a375", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.655873Z", "modified": "2026-06-02T15:57:33.655873Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aiimlpjcnmhmbdlmkhloapmlookboonb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aiimlpjcnmhmbdlmkhloapmlookboonb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.655835Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aiimlpjcnmhmbdlmkhloapmlookboonb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aiimlpjcnmhmbdlmkhloapmlookboonb", "external_id": "aiimlpjcnmhmbdlmkhloapmlookboonb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a6c53af7-f947-43a0-a524-06e5d7eb8b1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.656862Z", "modified": "2026-06-02T15:57:33.656862Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aijflmhdfglijpfjhoihebemdheglpgd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aijflmhdfglijpfjhoihebemdheglpgd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.656825Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aijflmhdfglijpfjhoihebemdheglpgd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aijflmhdfglijpfjhoihebemdheglpgd", "external_id": "aijflmhdfglijpfjhoihebemdheglpgd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de395703-7081-4907-87dd-c56fa928cfc1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.657856Z", "modified": "2026-06-02T15:57:33.657856Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ailnbbigginhlppdboejnjhcmldkolio) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ailnbbigginhlppdboejnjhcmldkolio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.657819Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ailnbbigginhlppdboejnjhcmldkolio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ailnbbigginhlppdboejnjhcmldkolio", "external_id": "ailnbbigginhlppdboejnjhcmldkolio"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--366836f9-cc8d-41a4-8d34-b71f0b9d04d5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.658838Z", "modified": "2026-06-02T15:57:33.658838Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ajbkmeegjnmaggkhmibgckapjkohajim) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ajbkmeegjnmaggkhmibgckapjkohajim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.658796Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ajbkmeegjnmaggkhmibgckapjkohajim", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ajbkmeegjnmaggkhmibgckapjkohajim", "external_id": "ajbkmeegjnmaggkhmibgckapjkohajim"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8171ad5b-e49a-4cba-beeb-95d80f6a4693", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.661172Z", "modified": "2026-06-02T15:57:33.661172Z", "name": "Malicious Extension: Avengers Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Avengers Cursor \u2605 Custom Cursor for Chrome\u2122 (ajcnllagebcaahcdfbappndlmhmpdhif) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ajcnllagebcaahcdfbappndlmhmpdhif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.66113Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ajcnllagebcaahcdfbappndlmhmpdhif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ajcnllagebcaahcdfbappndlmhmpdhif", "external_id": "ajcnllagebcaahcdfbappndlmhmpdhif"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ce8f3024-ac4f-4c2b-9c0c-fa72da95dfcd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.662293Z", "modified": "2026-06-02T15:57:33.662293Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ajfanjhcdgaohcbphpaceglgpgaaohod) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ajfanjhcdgaohcbphpaceglgpgaaohod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.662253Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ajfanjhcdgaohcbphpaceglgpgaaohod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ajfanjhcdgaohcbphpaceglgpgaaohod", "external_id": "ajfanjhcdgaohcbphpaceglgpgaaohod"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ad7efff6-f720-4db5-b91e-7ecbedd86e6c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.663398Z", "modified": "2026-06-02T15:57:33.663398Z", "name": "Malicious Extension: PROSPECTA CRM", "description": "Malicious browser extension: PROSPECTA CRM (ajihoihfamedkfcknpgcelpbhdnadabg) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ajihoihfamedkfcknpgcelpbhdnadabg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.663358Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ajihoihfamedkfcknpgcelpbhdnadabg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ajihoihfamedkfcknpgcelpbhdnadabg", "external_id": "ajihoihfamedkfcknpgcelpbhdnadabg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--af0630f9-967f-43d4-90bf-87996bc80c3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.664467Z", "modified": "2026-06-02T15:57:33.664467Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ajkecebnopfapmeojaldoikepcdkdeoa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ajkecebnopfapmeojaldoikepcdkdeoa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.664429Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ajkecebnopfapmeojaldoikepcdkdeoa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ajkecebnopfapmeojaldoikepcdkdeoa", "external_id": "ajkecebnopfapmeojaldoikepcdkdeoa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--53dd6443-8668-44e3-8a31-85236e5cebf5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.665489Z", "modified": "2026-06-02T15:57:33.665489Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ajnffcojjhbikdpopdabjnfccngejkmk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ajnffcojjhbikdpopdabjnfccngejkmk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.665453Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ajnffcojjhbikdpopdabjnfccngejkmk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ajnffcojjhbikdpopdabjnfccngejkmk", "external_id": "ajnffcojjhbikdpopdabjnfccngejkmk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9ee3c02f-9d87-4206-b27f-7c4b4dcc5b35", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.666497Z", "modified": "2026-06-02T15:57:33.666497Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ajnjbiommbedjhfkihijpojaekbnifno) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ajnjbiommbedjhfkihijpojaekbnifno']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.66646Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ajnjbiommbedjhfkihijpojaekbnifno", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ajnjbiommbedjhfkihijpojaekbnifno", "external_id": "ajnjbiommbedjhfkihijpojaekbnifno"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3815f527-0ed0-43df-815f-f12a49b1e07e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.66751Z", "modified": "2026-06-02T15:57:33.66751Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ajogkbkdomdjamjipaoapkkfkdcbjeom) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ajogkbkdomdjamjipaoapkkfkdcbjeom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.667471Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ajogkbkdomdjamjipaoapkkfkdcbjeom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ajogkbkdomdjamjipaoapkkfkdcbjeom", "external_id": "ajogkbkdomdjamjipaoapkkfkdcbjeom"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0c6c1aa7-9412-4f55-9142-fc67725aab99", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.715079Z", "modified": "2026-06-02T15:57:33.715079Z", "name": "Malicious Extension: Giant Coupons Official Extension", "description": "Malicious browser extension: Giant Coupons Official Extension (akdajpomgjgldidenledjjiemgkjcchc) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=102). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akdajpomgjgldidenledjjiemgkjcchc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.715031Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:akdajpomgjgldidenledjjiemgkjcchc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akdajpomgjgldidenledjjiemgkjcchc", "external_id": "akdajpomgjgldidenledjjiemgkjcchc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a88a271f-86fb-46f6-b0a7-91eb9526408d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.71634Z", "modified": "2026-06-02T15:57:33.71634Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (akeliekmeaifanbdfknjoelhmmeblggh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akeliekmeaifanbdfknjoelhmmeblggh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.716298Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:akeliekmeaifanbdfknjoelhmmeblggh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akeliekmeaifanbdfknjoelhmmeblggh", "external_id": "akeliekmeaifanbdfknjoelhmmeblggh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4fcc706c-a4ae-4121-8ce4-fac626f2b6a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.717389Z", "modified": "2026-06-02T15:57:33.717389Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (akialmafcdmkelghnomeneinkcllnoih) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akialmafcdmkelghnomeneinkcllnoih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.717351Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:akialmafcdmkelghnomeneinkcllnoih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akialmafcdmkelghnomeneinkcllnoih", "external_id": "akialmafcdmkelghnomeneinkcllnoih"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9c8c7d08-6272-493f-a3d6-cc19c08349a4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.718399Z", "modified": "2026-06-02T15:57:33.718399Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (akncjgblpooaigmieecjiigaebgblnaj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akncjgblpooaigmieecjiigaebgblnaj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.718359Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:akncjgblpooaigmieecjiigaebgblnaj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akncjgblpooaigmieecjiigaebgblnaj", "external_id": "akncjgblpooaigmieecjiigaebgblnaj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--05f44f4c-7a07-4a5c-92da-9061a2b1489c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.719416Z", "modified": "2026-06-02T15:57:33.719416Z", "name": "Malicious Extension: Hourly to salary calculator\u200b", "description": "Malicious browser extension: Hourly to salary calculator\u200b (albakpncdngcejcjdahomfbkakbmafgb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/albakpncdngcejcjdahomfbkakbmafgb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.719377Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:albakpncdngcejcjdahomfbkakbmafgb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/albakpncdngcejcjdahomfbkakbmafgb", "external_id": "albakpncdngcejcjdahomfbkakbmafgb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c98be2b7-7b90-4a8f-95b7-cc21d63d2852", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.720426Z", "modified": "2026-06-02T15:57:33.720426Z", "name": "Malicious Extension: Instagram Saved Posts Downloader", "description": "Malicious browser extension: Instagram Saved Posts Downloader (alkgglonfjgmdolnjafmbmldmmalhdoi) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=52). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/alkgglonfjgmdolnjafmbmldmmalhdoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.720387Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:alkgglonfjgmdolnjafmbmldmmalhdoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/alkgglonfjgmdolnjafmbmldmmalhdoi", "external_id": "alkgglonfjgmdolnjafmbmldmmalhdoi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--69d16e0e-f596-42f2-ae9e-0cd864079c88", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.721575Z", "modified": "2026-06-02T15:57:33.721575Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (alknmfpopohfpdpafdmobclioihdkhjh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/alknmfpopohfpdpafdmobclioihdkhjh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.721537Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:alknmfpopohfpdpafdmobclioihdkhjh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/alknmfpopohfpdpafdmobclioihdkhjh", "external_id": "alknmfpopohfpdpafdmobclioihdkhjh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f00dd806-82eb-492b-a236-3056c6b32a15", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.722586Z", "modified": "2026-06-02T15:57:33.722586Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (allabgknbmoecnnnnkiddmpapchmhiii) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/allabgknbmoecnnnnkiddmpapchmhiii']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.722547Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:allabgknbmoecnnnnkiddmpapchmhiii", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/allabgknbmoecnnnnkiddmpapchmhiii", "external_id": "allabgknbmoecnnnnkiddmpapchmhiii"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--365e8574-ff1e-4192-8eca-87eda9090cec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.72361Z", "modified": "2026-06-02T15:57:33.72361Z", "name": "Malicious Extension: Urban Browser Guard", "description": "Malicious browser extension: Urban Browser Guard (almalgbpmcfpdaopimbdchdliminoign) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=232). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/almalgbpmcfpdaopimbdchdliminoign']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.723572Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:almalgbpmcfpdaopimbdchdliminoign", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/almalgbpmcfpdaopimbdchdliminoign", "external_id": "almalgbpmcfpdaopimbdchdliminoign"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c9f71608-cc1c-4c5f-b507-538af30f81cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.724604Z", "modified": "2026-06-02T15:57:33.724604Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (alogdolelipkojjgggejccalcbdioolg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/alogdolelipkojjgggejccalcbdioolg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.724566Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:alogdolelipkojjgggejccalcbdioolg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/alogdolelipkojjgggejccalcbdioolg", "external_id": "alogdolelipkojjgggejccalcbdioolg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9a71565f-dc92-4372-8360-3600194b9613", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.725591Z", "modified": "2026-06-02T15:57:33.725591Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (alpceejdpbhambbcjlhjclhgbkpkildc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/alpceejdpbhambbcjlhjclhgbkpkildc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.725552Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:alpceejdpbhambbcjlhjclhgbkpkildc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/alpceejdpbhambbcjlhjclhgbkpkildc", "external_id": "alpceejdpbhambbcjlhjclhgbkpkildc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3cb60610-f57e-4fdc-b0f6-d5731ffb1bcf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.726583Z", "modified": "2026-06-02T15:57:33.726583Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (amfamndhbbiaafhpclielacfailgflbi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/amfamndhbbiaafhpclielacfailgflbi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.726546Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:amfamndhbbiaafhpclielacfailgflbi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/amfamndhbbiaafhpclielacfailgflbi", "external_id": "amfamndhbbiaafhpclielacfailgflbi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fbc90e71-ccf7-4e2f-b20d-8e7328bd8e2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.727585Z", "modified": "2026-06-02T15:57:33.727585Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (amomdmnemaieioenimcelcagpdbdbigi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/amomdmnemaieioenimcelcagpdbdbigi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.727547Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:amomdmnemaieioenimcelcagpdbdbigi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/amomdmnemaieioenimcelcagpdbdbigi", "external_id": "amomdmnemaieioenimcelcagpdbdbigi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e456f27e-65ea-43e8-8916-81ad5908d63a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.728743Z", "modified": "2026-06-02T15:57:33.728743Z", "name": "Malicious Extension: Plants vs. Zombies Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Plants vs. Zombies Cursor \u2605 Custom Cursor for Chrome\u2122 (amomkbhjghmegifhopipecfioeelecal) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/amomkbhjghmegifhopipecfioeelecal']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.728705Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:amomkbhjghmegifhopipecfioeelecal", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/amomkbhjghmegifhopipecfioeelecal", "external_id": "amomkbhjghmegifhopipecfioeelecal"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0263c73e-74f2-48d2-a8b0-99e8aeef1eec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.729774Z", "modified": "2026-06-02T15:57:33.729774Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (anbjdcdemclgpcafgdehfmmakkhnopen) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/anbjdcdemclgpcafgdehfmmakkhnopen']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.72973Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:anbjdcdemclgpcafgdehfmmakkhnopen", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/anbjdcdemclgpcafgdehfmmakkhnopen", "external_id": "anbjdcdemclgpcafgdehfmmakkhnopen"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c0052b88-e4cb-4042-b8db-38fb3c7f0618", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.731063Z", "modified": "2026-06-02T15:57:33.731063Z", "name": "Malicious Extension: Brawl Stars Cursor - Custom Game Cursor for Chrome", "description": "Malicious browser extension: Brawl Stars Cursor - Custom Game Cursor for Chrome (anjoapnmcdcndaagonoiindlklkpmnmh) Pixatab new tab hijacking cluster. Content scripts on all URLs, connects to pixatab[.]xyz/constructor/ for new tab replacement. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/anjoapnmcdcndaagonoiindlklkpmnmh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.731022Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:anjoapnmcdcndaagonoiindlklkpmnmh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/anjoapnmcdcndaagonoiindlklkpmnmh", "external_id": "anjoapnmcdcndaagonoiindlklkpmnmh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d0d3919d-c654-46b9-800b-49472263c6cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.732068Z", "modified": "2026-06-02T15:57:33.732068Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (anklpeamdnlccnkcopainlcdoonggdeo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/anklpeamdnlccnkcopainlcdoonggdeo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.73203Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:anklpeamdnlccnkcopainlcdoonggdeo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/anklpeamdnlccnkcopainlcdoonggdeo", "external_id": "anklpeamdnlccnkcopainlcdoonggdeo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--96e1b034-62ea-475f-b90b-6643df828bef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.733052Z", "modified": "2026-06-02T15:57:33.733052Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (annaoohlkckgfpabedmnbleidfjabnho) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/annaoohlkckgfpabedmnbleidfjabnho']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.733014Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:annaoohlkckgfpabedmnbleidfjabnho", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/annaoohlkckgfpabedmnbleidfjabnho", "external_id": "annaoohlkckgfpabedmnbleidfjabnho"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b3e3e48a-c5ee-4bdc-bf9e-5359844e302b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.734044Z", "modified": "2026-06-02T15:57:33.734044Z", "name": "Malicious Extension: Cat Cursor \u2665 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Cat Cursor \u2665 Custom Cursor for Chrome\u2122 (aobjbhiaoljpdpeappmepnhdhklkijjp) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aobjbhiaoljpdpeappmepnhdhklkijjp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.734006Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aobjbhiaoljpdpeappmepnhdhklkijjp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aobjbhiaoljpdpeappmepnhdhklkijjp", "external_id": "aobjbhiaoljpdpeappmepnhdhklkijjp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2ce00e97-1200-4a12-a2d5-ae820a30ecd2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.735043Z", "modified": "2026-06-02T15:57:33.735043Z", "name": "Malicious Extension: YOUSELLER - Facilidade, produtividade em escala.", "description": "Malicious browser extension: YOUSELLER - Facilidade, produtividade em escala. (aocojboaoklgedadlpaallelnanhcpgm) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aocojboaoklgedadlpaallelnanhcpgm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.735Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:aocojboaoklgedadlpaallelnanhcpgm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aocojboaoklgedadlpaallelnanhcpgm", "external_id": "aocojboaoklgedadlpaallelnanhcpgm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ad78b136-ffd2-4b85-8f4b-20f4cd02e5b6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.73621Z", "modified": "2026-06-02T15:57:33.73621Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aodbopgpdbbeeifnpefojenoaffmpoba) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aodbopgpdbbeeifnpefojenoaffmpoba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.736172Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aodbopgpdbbeeifnpefojenoaffmpoba", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aodbopgpdbbeeifnpefojenoaffmpoba", "external_id": "aodbopgpdbbeeifnpefojenoaffmpoba"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c8e75ead-b09d-4386-a188-9f70d0e1c366", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.737205Z", "modified": "2026-06-02T15:57:33.737205Z", "name": "Malicious Extension: Grok 4", "description": "Malicious browser extension: Grok 4 (aoemlgniakbojcecmjefonjkgnceklpg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aoemlgniakbojcecmjefonjkgnceklpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.737168Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aoemlgniakbojcecmjefonjkgnceklpg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aoemlgniakbojcecmjefonjkgnceklpg", "external_id": "aoemlgniakbojcecmjefonjkgnceklpg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--78fd3e93-de08-4c5d-ba10-0df9401466bf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.738191Z", "modified": "2026-06-02T15:57:33.738191Z", "name": "Malicious Extension: HTML validator", "description": "Malicious browser extension: HTML validator (aofddmgnidinflambjlfkpboeamdldbd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aofddmgnidinflambjlfkpboeamdldbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.738153Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aofddmgnidinflambjlfkpboeamdldbd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aofddmgnidinflambjlfkpboeamdldbd", "external_id": "aofddmgnidinflambjlfkpboeamdldbd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fd33ac25-91c1-4b95-8855-d0ea1e9c1df9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.739185Z", "modified": "2026-06-02T15:57:33.739185Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aofpakobackjejhebnldmfiiglifmnga) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aofpakobackjejhebnldmfiiglifmnga']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.739145Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aofpakobackjejhebnldmfiiglifmnga", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aofpakobackjejhebnldmfiiglifmnga", "external_id": "aofpakobackjejhebnldmfiiglifmnga"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1ad96486-d1b5-4c80-a455-de30b572e1b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.740183Z", "modified": "2026-06-02T15:57:33.740183Z", "name": "Malicious Extension: Amazon ASIN Copy", "description": "Malicious browser extension: Amazon ASIN Copy (aohfjaadlbiifnnajpobdhokecjokhab) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=72). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aohfjaadlbiifnnajpobdhokecjokhab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.740145Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aohfjaadlbiifnnajpobdhokecjokhab", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aohfjaadlbiifnnajpobdhokecjokhab", "external_id": "aohfjaadlbiifnnajpobdhokecjokhab"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--104d622f-0df7-4f73-b11f-19a43c4d5edb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.741244Z", "modified": "2026-06-02T15:57:33.741244Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aojfikafhpoabphhjdogjlkjflgbdmff) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aojfikafhpoabphhjdogjlkjflgbdmff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.7412Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aojfikafhpoabphhjdogjlkjflgbdmff", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aojfikafhpoabphhjdogjlkjflgbdmff", "external_id": "aojfikafhpoabphhjdogjlkjflgbdmff"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7ab410a4-c0e1-46f6-90e7-99e597da35ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.74226Z", "modified": "2026-06-02T15:57:33.74226Z", "name": "Malicious Extension: EcoIndex.fr", "description": "Malicious browser extension: EcoIndex.fr (apeadjelacokohnkfclnhjlihklpclmp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/apeadjelacokohnkfclnhjlihklpclmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.742221Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:apeadjelacokohnkfclnhjlihklpclmp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/apeadjelacokohnkfclnhjlihklpclmp", "external_id": "apeadjelacokohnkfclnhjlihklpclmp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bb79d360-c024-412e-9763-4c6b86455e84", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.743448Z", "modified": "2026-06-02T15:57:33.743448Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (apejngmlbbanbmfaemoekpbobghbgmem) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/apejngmlbbanbmfaemoekpbobghbgmem']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.743409Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:apejngmlbbanbmfaemoekpbobghbgmem", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/apejngmlbbanbmfaemoekpbobghbgmem", "external_id": "apejngmlbbanbmfaemoekpbobghbgmem"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c5b7d70e-5c96-484f-8eaa-2cf5405fd7e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.744454Z", "modified": "2026-06-02T15:57:33.744454Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (apfijngnajkcaejadecbcjkgikabibln) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/apfijngnajkcaejadecbcjkgikabibln']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.744417Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:apfijngnajkcaejadecbcjkgikabibln", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/apfijngnajkcaejadecbcjkgikabibln", "external_id": "apfijngnajkcaejadecbcjkgikabibln"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--42340c30-536b-47f7-ae40-ca9dde6b142d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.745444Z", "modified": "2026-06-02T15:57:33.745444Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (apkldlbgpmenoilgjldmbkipidboplae) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/apkldlbgpmenoilgjldmbkipidboplae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.745407Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:apkldlbgpmenoilgjldmbkipidboplae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/apkldlbgpmenoilgjldmbkipidboplae", "external_id": "apkldlbgpmenoilgjldmbkipidboplae"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--152cc190-3df6-4fd2-b3ef-b694b3969199", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.746434Z", "modified": "2026-06-02T15:57:33.746434Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (aplhgigkopkholapijailboandapfaim) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aplhgigkopkholapijailboandapfaim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.746397Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aplhgigkopkholapijailboandapfaim", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aplhgigkopkholapijailboandapfaim", "external_id": "aplhgigkopkholapijailboandapfaim"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d17d2d98-d2ff-4d43-8b29-8698c3ca85c3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.747467Z", "modified": "2026-06-02T15:57:33.747467Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (apoklfecapckgpbbcpaiebemaghmkncf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/apoklfecapckgpbbcpaiebemaghmkncf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.747407Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:apoklfecapckgpbbcpaiebemaghmkncf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/apoklfecapckgpbbcpaiebemaghmkncf", "external_id": "apoklfecapckgpbbcpaiebemaghmkncf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1794a3af-d79d-4f3c-919b-6b5f80952751", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.748494Z", "modified": "2026-06-02T15:57:33.748494Z", "name": "Malicious Extension: Super Mario Bros Classic Game", "description": "Malicious browser extension: Super Mario Bros Classic Game (baaekoloipdmhgffglokngoonljoachp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/baaekoloipdmhgffglokngoonljoachp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.748457Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:baaekoloipdmhgffglokngoonljoachp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/baaekoloipdmhgffglokngoonljoachp", "external_id": "baaekoloipdmhgffglokngoonljoachp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--89ba4f9f-c48a-47ae-8903-16f3dc4fbd10", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.749499Z", "modified": "2026-06-02T15:57:33.749499Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (baahncfnjojaofhdmdfkpeadigoemkif) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/baahncfnjojaofhdmdfkpeadigoemkif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.749462Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:baahncfnjojaofhdmdfkpeadigoemkif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/baahncfnjojaofhdmdfkpeadigoemkif", "external_id": "baahncfnjojaofhdmdfkpeadigoemkif"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a02566dc-80bd-418f-9413-991880769e89", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.750676Z", "modified": "2026-06-02T15:57:33.750676Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bafbmfpfepdlgnfkgfbobplkkaoakjcl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bafbmfpfepdlgnfkgfbobplkkaoakjcl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.750638Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bafbmfpfepdlgnfkgfbobplkkaoakjcl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bafbmfpfepdlgnfkgfbobplkkaoakjcl", "external_id": "bafbmfpfepdlgnfkgfbobplkkaoakjcl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dbd5490f-82e1-476e-b0b4-726ae67da9a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.7517Z", "modified": "2026-06-02T15:57:33.7517Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bakeonpbbnlejfcdgkkdhdagfadmplak) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bakeonpbbnlejfcdgkkdhdagfadmplak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.751661Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bakeonpbbnlejfcdgkkdhdagfadmplak", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bakeonpbbnlejfcdgkkdhdagfadmplak", "external_id": "bakeonpbbnlejfcdgkkdhdagfadmplak"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8b5fbfbb-0e46-488f-8b8b-0eb50a65cbfc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.752692Z", "modified": "2026-06-02T15:57:33.752692Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bamfpcdkpoafmifcjlcdoehajoiabbbj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bamfpcdkpoafmifcjlcdoehajoiabbbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.752654Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bamfpcdkpoafmifcjlcdoehajoiabbbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bamfpcdkpoafmifcjlcdoehajoiabbbj", "external_id": "bamfpcdkpoafmifcjlcdoehajoiabbbj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bed7aefb-d8d2-454f-a73e-f48a62997a36", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.753702Z", "modified": "2026-06-02T15:57:33.753702Z", "name": "Malicious Extension: Vieu Chrome Extension - Get introduced to your buyers", "description": "Malicious browser extension: Vieu Chrome Extension - Get introduced to your buyers (bamkikhlhhnpdkehbjpepjkjgcdcdlfi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bamkikhlhhnpdkehbjpepjkjgcdcdlfi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.75366Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bamkikhlhhnpdkehbjpepjkjgcdcdlfi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bamkikhlhhnpdkehbjpepjkjgcdcdlfi", "external_id": "bamkikhlhhnpdkehbjpepjkjgcdcdlfi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a933e99f-f4ad-4dfa-b37e-3ac132df9ae5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.754704Z", "modified": "2026-06-02T15:57:33.754704Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bankpannefgoifckfjjllibjeaeifpbd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bankpannefgoifckfjjllibjeaeifpbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.754667Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bankpannefgoifckfjjllibjeaeifpbd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bankpannefgoifckfjjllibjeaeifpbd", "external_id": "bankpannefgoifckfjjllibjeaeifpbd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1c6666f1-a1ec-4702-bfc9-25970e615051", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.755718Z", "modified": "2026-06-02T15:57:33.755718Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (baoiojchledkgjokogfbhlbjloofkadp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/baoiojchledkgjokogfbhlbjloofkadp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.75568Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:baoiojchledkgjokogfbhlbjloofkadp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/baoiojchledkgjokogfbhlbjloofkadp", "external_id": "baoiojchledkgjokogfbhlbjloofkadp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6b2ff33b-64a0-442d-8735-2fd4f75d2e2e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.756712Z", "modified": "2026-06-02T15:57:33.756712Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (baonbjckakcpgliaafcodddkoednpjgf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/baonbjckakcpgliaafcodddkoednpjgf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.756675Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:baonbjckakcpgliaafcodddkoednpjgf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/baonbjckakcpgliaafcodddkoednpjgf", "external_id": "baonbjckakcpgliaafcodddkoednpjgf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--511d7773-45d8-46f8-b3ec-1319340606a4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.757865Z", "modified": "2026-06-02T15:57:33.757865Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bbaafnkdoccobnobbnolojjblgofofaa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbaafnkdoccobnobbnolojjblgofofaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.757827Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bbaafnkdoccobnobbnolojjblgofofaa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbaafnkdoccobnobbnolojjblgofofaa", "external_id": "bbaafnkdoccobnobbnolojjblgofofaa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e2d2a05d-fa0f-4f51-8db3-840deb3f9b93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.758874Z", "modified": "2026-06-02T15:57:33.758874Z", "name": "Malicious Extension: MI CIERRO", "description": "Malicious browser extension: MI CIERRO (bbbifilhkmefbakdfjnamkneldmocibp) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbbifilhkmefbakdfjnamkneldmocibp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.758837Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bbbifilhkmefbakdfjnamkneldmocibp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbbifilhkmefbakdfjnamkneldmocibp", "external_id": "bbbifilhkmefbakdfjnamkneldmocibp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--528470eb-dd4a-4f11-834a-3ce6b3caacc8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.759887Z", "modified": "2026-06-02T15:57:33.759887Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bbddldccjdblblaoagchfccnpcjinnde) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbddldccjdblblaoagchfccnpcjinnde']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.75984Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bbddldccjdblblaoagchfccnpcjinnde", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbddldccjdblblaoagchfccnpcjinnde", "external_id": "bbddldccjdblblaoagchfccnpcjinnde"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d3b99d97-f4e3-4a51-a700-bba4f27dc6eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.760878Z", "modified": "2026-06-02T15:57:33.760878Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bbdejfjnpbdjbdnibpmiegbdfbngbahn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbdejfjnpbdjbdnibpmiegbdfbngbahn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.760841Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bbdejfjnpbdjbdnibpmiegbdfbngbahn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbdejfjnpbdjbdnibpmiegbdfbngbahn", "external_id": "bbdejfjnpbdjbdnibpmiegbdfbngbahn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3da7b5ef-7412-4740-96bf-4bbde442b6ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.76186Z", "modified": "2026-06-02T15:57:33.76186Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bbdioggpbhhodagchciaeaggdponnhpa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbdioggpbhhodagchciaeaggdponnhpa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.761821Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bbdioggpbhhodagchciaeaggdponnhpa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbdioggpbhhodagchciaeaggdponnhpa", "external_id": "bbdioggpbhhodagchciaeaggdponnhpa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6f25285f-021e-42d7-a579-48ff911a115e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.762845Z", "modified": "2026-06-02T15:57:33.762845Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bbdpihagclfjiodkbebbheamdhifhcgl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbdpihagclfjiodkbebbheamdhifhcgl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.762807Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bbdpihagclfjiodkbebbheamdhifhcgl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbdpihagclfjiodkbebbheamdhifhcgl", "external_id": "bbdpihagclfjiodkbebbheamdhifhcgl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1eacdbe7-0bae-4f1f-a2ce-13e58c541e87", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.763837Z", "modified": "2026-06-02T15:57:33.763837Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bbhaganppipihlhjgaaeeeefbaoihcgi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbhaganppipihlhjgaaeeeefbaoihcgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.7638Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bbhaganppipihlhjgaaeeeefbaoihcgi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbhaganppipihlhjgaaeeeefbaoihcgi", "external_id": "bbhaganppipihlhjgaaeeeefbaoihcgi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2ef5d5d9-f7da-4c9a-8e17-a4bec0f56701", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.764992Z", "modified": "2026-06-02T15:57:33.764992Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bboeoilakaofjkdmekpgeigieokkpgfn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bboeoilakaofjkdmekpgeigieokkpgfn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.764954Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bboeoilakaofjkdmekpgeigieokkpgfn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bboeoilakaofjkdmekpgeigieokkpgfn", "external_id": "bboeoilakaofjkdmekpgeigieokkpgfn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2db1e546-897b-4fb7-b9a0-1e04ae84b032", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.765993Z", "modified": "2026-06-02T15:57:33.765993Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bcphmaoebeamddbmdiajimehnjmageip) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bcphmaoebeamddbmdiajimehnjmageip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.765949Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bcphmaoebeamddbmdiajimehnjmageip", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bcphmaoebeamddbmdiajimehnjmageip", "external_id": "bcphmaoebeamddbmdiajimehnjmageip"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--727db8e7-2f93-46f1-b5c1-092dcd0b16f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.766987Z", "modified": "2026-06-02T15:57:33.766987Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bdcimkinofohfmldheklgfbjkfehfdhl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bdcimkinofohfmldheklgfbjkfehfdhl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.76695Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bdcimkinofohfmldheklgfbjkfehfdhl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bdcimkinofohfmldheklgfbjkfehfdhl", "external_id": "bdcimkinofohfmldheklgfbjkfehfdhl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7b0ccc50-c39d-437a-a183-823da0053155", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.768012Z", "modified": "2026-06-02T15:57:33.768012Z", "name": "Malicious Extension: WhatsSelling", "description": "Malicious browser extension: WhatsSelling (bdcoljfgfbdkmjeabhnpgddpiopccleo) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bdcoljfgfbdkmjeabhnpgddpiopccleo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.767974Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bdcoljfgfbdkmjeabhnpgddpiopccleo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bdcoljfgfbdkmjeabhnpgddpiopccleo", "external_id": "bdcoljfgfbdkmjeabhnpgddpiopccleo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7b1a0f13-190a-40b8-b8d3-2c0305cafaeb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.769021Z", "modified": "2026-06-02T15:57:33.769021Z", "name": "Malicious Extension: ZAZMAX", "description": "Malicious browser extension: ZAZMAX (bddkejibhlhebhfpbhjbgfnpkmgoboaj) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bddkejibhlhebhfpbhjbgfnpkmgoboaj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.768984Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bddkejibhlhebhfpbhjbgfnpkmgoboaj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bddkejibhlhebhfpbhjbgfnpkmgoboaj", "external_id": "bddkejibhlhebhfpbhjbgfnpkmgoboaj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7602bef8-8e4f-408b-b8da-27bbcb353dbb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.770005Z", "modified": "2026-06-02T15:57:33.770005Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bdfejgnkjilbfajogjdjoelflfjjlbce) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bdfejgnkjilbfajogjdjoelflfjjlbce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.769967Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bdfejgnkjilbfajogjdjoelflfjjlbce", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bdfejgnkjilbfajogjdjoelflfjjlbce", "external_id": "bdfejgnkjilbfajogjdjoelflfjjlbce"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--50a83d63-bd97-4161-b1db-c8fc20bf4359", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.770983Z", "modified": "2026-06-02T15:57:33.770983Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bdhjinjoglaijpffoamhhnhooeimgoap) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bdhjinjoglaijpffoamhhnhooeimgoap']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.770946Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bdhjinjoglaijpffoamhhnhooeimgoap", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bdhjinjoglaijpffoamhhnhooeimgoap", "external_id": "bdhjinjoglaijpffoamhhnhooeimgoap"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d6fc5ea2-5ad2-471f-9304-47875281477c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.772155Z", "modified": "2026-06-02T15:57:33.772155Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bdhomkmlcfplpamlpnimlmmgmnbmhamo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bdhomkmlcfplpamlpnimlmmgmnbmhamo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.772113Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bdhomkmlcfplpamlpnimlmmgmnbmhamo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bdhomkmlcfplpamlpnimlmmgmnbmhamo", "external_id": "bdhomkmlcfplpamlpnimlmmgmnbmhamo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5c01ee5d-54dc-4a53-9a37-72ea3c7e5ef8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.773151Z", "modified": "2026-06-02T15:57:33.773151Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bdkogigofdpjbplcphfikldoejopkemf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bdkogigofdpjbplcphfikldoejopkemf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.773114Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bdkogigofdpjbplcphfikldoejopkemf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bdkogigofdpjbplcphfikldoejopkemf", "external_id": "bdkogigofdpjbplcphfikldoejopkemf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8d09b5b8-dd95-403d-9128-31cde2de1534", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.774141Z", "modified": "2026-06-02T15:57:33.774141Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bdmbfahncgochinclblmnaofgmihcmkb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bdmbfahncgochinclblmnaofgmihcmkb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.774103Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bdmbfahncgochinclblmnaofgmihcmkb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bdmbfahncgochinclblmnaofgmihcmkb", "external_id": "bdmbfahncgochinclblmnaofgmihcmkb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8dc72b5f-54be-41a1-b6ed-6f30ba8fe2c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.77515Z", "modified": "2026-06-02T15:57:33.77515Z", "name": "Malicious Extension: Gestor B2B", "description": "Malicious browser extension: Gestor B2B (beeemlkkaejmncamaeeahkbibhapgpeg) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/beeemlkkaejmncamaeeahkbibhapgpeg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.775096Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:beeemlkkaejmncamaeeahkbibhapgpeg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/beeemlkkaejmncamaeeahkbibhapgpeg", "external_id": "beeemlkkaejmncamaeeahkbibhapgpeg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bc09bf04-48e4-4e58-9b33-4e315f717ed6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.776141Z", "modified": "2026-06-02T15:57:33.776141Z", "name": "Malicious Extension: Amazon Profit Calculator Lite", "description": "Malicious browser extension: Amazon Profit Calculator Lite (behckapcoohededfbgjgkgefgkpodeho) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/behckapcoohededfbgjgkgefgkpodeho']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.776103Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:behckapcoohededfbgjgkgefgkpodeho", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/behckapcoohededfbgjgkgefgkpodeho", "external_id": "behckapcoohededfbgjgkgefgkpodeho"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--75c8ebe2-0532-403e-99bf-f9db85022613", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.777122Z", "modified": "2026-06-02T15:57:33.777122Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (beifiidafjobphnbhbbgmgnndjolfcho) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/beifiidafjobphnbhbbgmgnndjolfcho']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.777085Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:beifiidafjobphnbhbbgmgnndjolfcho", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/beifiidafjobphnbhbbgmgnndjolfcho", "external_id": "beifiidafjobphnbhbbgmgnndjolfcho"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--029e89a6-c147-4a8e-aabf-f9fd7839e602", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.77812Z", "modified": "2026-06-02T15:57:33.77812Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bejgahhphofnbikpincjaaljmpbjejgk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bejgahhphofnbikpincjaaljmpbjejgk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.778079Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bejgahhphofnbikpincjaaljmpbjejgk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bejgahhphofnbikpincjaaljmpbjejgk", "external_id": "bejgahhphofnbikpincjaaljmpbjejgk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e4ba0d24-d43d-486c-a00d-c8cbff772425", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.779279Z", "modified": "2026-06-02T15:57:33.779279Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bejlgcijncccchejcppccneebdobhcbd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bejlgcijncccchejcppccneebdobhcbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.779242Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bejlgcijncccchejcppccneebdobhcbd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bejlgcijncccchejcppccneebdobhcbd", "external_id": "bejlgcijncccchejcppccneebdobhcbd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--05487f8f-0d14-4228-bc93-569c7e43a121", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.780281Z", "modified": "2026-06-02T15:57:33.780281Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bekknnianaobjaamjendcnfjgkjonefm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bekknnianaobjaamjendcnfjgkjonefm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.780243Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bekknnianaobjaamjendcnfjgkjonefm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bekknnianaobjaamjendcnfjgkjonefm", "external_id": "bekknnianaobjaamjendcnfjgkjonefm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9bf0eff3-fccc-4476-b972-3aa4a9859a2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.781275Z", "modified": "2026-06-02T15:57:33.781275Z", "name": "Malicious Extension: CRM-PRO : Transforme seu whatsapp em um sistema de vendas", "description": "Malicious browser extension: CRM-PRO : Transforme seu whatsapp em um sistema de vendas (bgaaamckjapoiaiioklgmbknjegdkkhd) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bgaaamckjapoiaiioklgmbknjegdkkhd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.781238Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bgaaamckjapoiaiioklgmbknjegdkkhd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bgaaamckjapoiaiioklgmbknjegdkkhd", "external_id": "bgaaamckjapoiaiioklgmbknjegdkkhd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--72ce2bef-ed88-4ba0-8d68-283b42214882", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.782268Z", "modified": "2026-06-02T15:57:33.782268Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bgabcfjpeeepnhphhgdajhodpfdcnpab) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bgabcfjpeeepnhphhgdajhodpfdcnpab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.782231Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bgabcfjpeeepnhphhgdajhodpfdcnpab", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bgabcfjpeeepnhphhgdajhodpfdcnpab", "external_id": "bgabcfjpeeepnhphhgdajhodpfdcnpab"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8538cdf0-28ac-4054-b837-36ed4c8a6bfe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.783264Z", "modified": "2026-06-02T15:57:33.783264Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bgkdocoihppjkdfaghndpjlfoehjcmka) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bgkdocoihppjkdfaghndpjlfoehjcmka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.783227Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bgkdocoihppjkdfaghndpjlfoehjcmka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bgkdocoihppjkdfaghndpjlfoehjcmka", "external_id": "bgkdocoihppjkdfaghndpjlfoehjcmka"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--785c523a-a01d-4f68-94df-0e5ede1fec2e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.78427Z", "modified": "2026-06-02T15:57:33.78427Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bgkijgmoikigljbbfokahemdnhilkkma) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bgkijgmoikigljbbfokahemdnhilkkma']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.784219Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bgkijgmoikigljbbfokahemdnhilkkma", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bgkijgmoikigljbbfokahemdnhilkkma", "external_id": "bgkijgmoikigljbbfokahemdnhilkkma"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--41afdee9-bff4-49c3-8ba7-39cf46b608a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.785267Z", "modified": "2026-06-02T15:57:33.785267Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bgnjnfoiglionjogebklhhhknbmlocpn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bgnjnfoiglionjogebklhhhknbmlocpn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.785231Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bgnjnfoiglionjogebklhhhknbmlocpn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bgnjnfoiglionjogebklhhhknbmlocpn", "external_id": "bgnjnfoiglionjogebklhhhknbmlocpn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f16d53d3-1510-4e2b-972c-a1dc92e45a3d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.786442Z", "modified": "2026-06-02T15:57:33.786442Z", "name": "Malicious Extension: MULTIZAP CRM", "description": "Malicious browser extension: MULTIZAP CRM (bgnkgembgfkfjipflkniiibgcedloekn) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bgnkgembgfkfjipflkniiibgcedloekn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.786401Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bgnkgembgfkfjipflkniiibgcedloekn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bgnkgembgfkfjipflkniiibgcedloekn", "external_id": "bgnkgembgfkfjipflkniiibgcedloekn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--daaa5f04-9f23-44b2-9a9f-717ab47df834", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.787461Z", "modified": "2026-06-02T15:57:33.787461Z", "name": "Malicious Extension: Screen Recorder", "description": "Malicious browser extension: Screen Recorder (bgnpgpfjdpmgfdegmmjdbppccdhjhdpe) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=122). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bgnpgpfjdpmgfdegmmjdbppccdhjhdpe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.787424Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bgnpgpfjdpmgfdegmmjdbppccdhjhdpe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bgnpgpfjdpmgfdegmmjdbppccdhjhdpe", "external_id": "bgnpgpfjdpmgfdegmmjdbppccdhjhdpe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7d5fd1b8-7060-4189-bbf5-99ac5e96eb71", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.788455Z", "modified": "2026-06-02T15:57:33.788455Z", "name": "Malicious Extension: Bitcoin price live", "description": "Malicious browser extension: Bitcoin price live (bhahpmoebdipfoaadcclkcnieeokebnf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhahpmoebdipfoaadcclkcnieeokebnf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.788417Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bhahpmoebdipfoaadcclkcnieeokebnf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhahpmoebdipfoaadcclkcnieeokebnf", "external_id": "bhahpmoebdipfoaadcclkcnieeokebnf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--530accb4-33fa-45c8-bfc0-a337dc01e25d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.789443Z", "modified": "2026-06-02T15:57:33.789443Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bhcfaglgcebaehogjenjcolacfaanmon) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhcfaglgcebaehogjenjcolacfaanmon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.789406Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bhcfaglgcebaehogjenjcolacfaanmon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhcfaglgcebaehogjenjcolacfaanmon", "external_id": "bhcfaglgcebaehogjenjcolacfaanmon"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--90030643-ed88-419c-a930-9df5cc6e3e16", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.79073Z", "modified": "2026-06-02T15:57:33.79073Z", "name": "Malicious Extension: One Piece Cursor - Custom Anime Cursor for Chrome", "description": "Malicious browser extension: One Piece Cursor - Custom Anime Cursor for Chrome (bhcjjbencodlgfoneipfnnpclempbdka) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhcjjbencodlgfoneipfnnpclempbdka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.790688Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bhcjjbencodlgfoneipfnnpclempbdka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhcjjbencodlgfoneipfnnpclempbdka", "external_id": "bhcjjbencodlgfoneipfnnpclempbdka"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ffc595a5-323e-4b29-8a48-d802df6bf286", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.791747Z", "modified": "2026-06-02T15:57:33.791747Z", "name": "Malicious Extension: Smart WA", "description": "Malicious browser extension: Smart WA (bhdaecfcjmipomgngjhacbfmjafjnicl) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhdaecfcjmipomgngjhacbfmjafjnicl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.791708Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bhdaecfcjmipomgngjhacbfmjafjnicl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhdaecfcjmipomgngjhacbfmjafjnicl", "external_id": "bhdaecfcjmipomgngjhacbfmjafjnicl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cfae11d3-da59-45a4-9583-12e641efeb24", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.79273Z", "modified": "2026-06-02T15:57:33.79273Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bhhdblckjkgijhjajngmjdijpmhoeobp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhhdblckjkgijhjajngmjdijpmhoeobp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.792692Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bhhdblckjkgijhjajngmjdijpmhoeobp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhhdblckjkgijhjajngmjdijpmhoeobp", "external_id": "bhhdblckjkgijhjajngmjdijpmhoeobp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d3d8a5eb-23bc-4536-bec2-3fb7398d5ee9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.793876Z", "modified": "2026-06-02T15:57:33.793876Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bhoebgegnjoehioianjnjakeeggajanb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhoebgegnjoehioianjnjakeeggajanb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.793838Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bhoebgegnjoehioianjnjakeeggajanb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhoebgegnjoehioianjnjakeeggajanb", "external_id": "bhoebgegnjoehioianjnjakeeggajanb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a321824d-703b-44c3-8535-8e800ee6d738", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.794869Z", "modified": "2026-06-02T15:57:33.794869Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bhpghgoeaedhpmadepoadfbljmbhbikk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhpghgoeaedhpmadepoadfbljmbhbikk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.794832Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bhpghgoeaedhpmadepoadfbljmbhbikk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhpghgoeaedhpmadepoadfbljmbhbikk", "external_id": "bhpghgoeaedhpmadepoadfbljmbhbikk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1558f616-8df1-4bde-968d-c8497e4b58aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.795887Z", "modified": "2026-06-02T15:57:33.795887Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bibpinjdgodiocbghmbclgjmdidlhebl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bibpinjdgodiocbghmbclgjmdidlhebl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.79585Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bibpinjdgodiocbghmbclgjmdidlhebl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bibpinjdgodiocbghmbclgjmdidlhebl", "external_id": "bibpinjdgodiocbghmbclgjmdidlhebl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--46123036-03ac-4fae-a08b-665f227df907", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.796882Z", "modified": "2026-06-02T15:57:33.796882Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bifmakhmlkpkfdinjhopnjggpgagolai) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bifmakhmlkpkfdinjhopnjggpgagolai']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.796844Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bifmakhmlkpkfdinjhopnjggpgagolai", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bifmakhmlkpkfdinjhopnjggpgagolai", "external_id": "bifmakhmlkpkfdinjhopnjggpgagolai"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--af36a7b7-fd6b-4950-b599-325e8b299f36", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.797867Z", "modified": "2026-06-02T15:57:33.797867Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bifpenlakfcdhjnagknbhdiangfadfkf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bifpenlakfcdhjnagknbhdiangfadfkf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.79783Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bifpenlakfcdhjnagknbhdiangfadfkf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bifpenlakfcdhjnagknbhdiangfadfkf", "external_id": "bifpenlakfcdhjnagknbhdiangfadfkf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f7a14143-339d-4df9-878f-e2716bb9c2d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.798852Z", "modified": "2026-06-02T15:57:33.798852Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bignmbfbfjbaelmcgkleelnkgnmfniba) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bignmbfbfjbaelmcgkleelnkgnmfniba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.798815Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bignmbfbfjbaelmcgkleelnkgnmfniba", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bignmbfbfjbaelmcgkleelnkgnmfniba", "external_id": "bignmbfbfjbaelmcgkleelnkgnmfniba"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7042ba1a-2df3-4ea9-b476-aa6ca9420bd8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.799872Z", "modified": "2026-06-02T15:57:33.799872Z", "name": "Malicious Extension: DR.FIDELIZA", "description": "Malicious browser extension: DR.FIDELIZA (bijckmbmblabepobmabjcegimlcpilml) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bijckmbmblabepobmabjcegimlcpilml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.799835Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bijckmbmblabepobmabjcegimlcpilml", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bijckmbmblabepobmabjcegimlcpilml", "external_id": "bijckmbmblabepobmabjcegimlcpilml"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--824a7d9c-9555-43e8-be30-23f32029041c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.801923Z", "modified": "2026-06-02T15:57:33.801923Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bijgajcmgmhbhhedoghflcopfobfhngn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bijgajcmgmhbhhedoghflcopfobfhngn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.801883Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bijgajcmgmhbhhedoghflcopfobfhngn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bijgajcmgmhbhhedoghflcopfobfhngn", "external_id": "bijgajcmgmhbhhedoghflcopfobfhngn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7481e347-ea8d-4566-a142-54a2a500c58f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.802976Z", "modified": "2026-06-02T15:57:33.802976Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bijgggddcklgikhahocbekhhncacpnkj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bijgggddcklgikhahocbekhhncacpnkj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.802938Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bijgggddcklgikhahocbekhhncacpnkj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bijgggddcklgikhahocbekhhncacpnkj", "external_id": "bijgggddcklgikhahocbekhhncacpnkj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3a735619-eac7-44db-a374-64cf3b570920", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.804022Z", "modified": "2026-06-02T15:57:33.804022Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bilfflcophfehljhpnklmcelkoiffapb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bilfflcophfehljhpnklmcelkoiffapb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.803984Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bilfflcophfehljhpnklmcelkoiffapb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bilfflcophfehljhpnklmcelkoiffapb", "external_id": "bilfflcophfehljhpnklmcelkoiffapb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0f8ac09e-fac8-44ca-97f6-f0775fa8efd9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.805032Z", "modified": "2026-06-02T15:57:33.805032Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bimhigeggaekhifnmhhmbjbeahooolig) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bimhigeggaekhifnmhhmbjbeahooolig']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.804994Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bimhigeggaekhifnmhhmbjbeahooolig", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bimhigeggaekhifnmhhmbjbeahooolig", "external_id": "bimhigeggaekhifnmhhmbjbeahooolig"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--681ec3c1-cf64-493c-9691-f22b9a41ec19", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.806034Z", "modified": "2026-06-02T15:57:33.806034Z", "name": "Malicious Extension: Black Clover Cursor - Custom Anime Cursor for Chrome", "description": "Malicious browser extension: Black Clover Cursor - Custom Anime Cursor for Chrome (bjacehmkdjdpknkoomphgfheehjfiocg) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bjacehmkdjdpknkoomphgfheehjfiocg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.805996Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bjacehmkdjdpknkoomphgfheehjfiocg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bjacehmkdjdpknkoomphgfheehjfiocg", "external_id": "bjacehmkdjdpknkoomphgfheehjfiocg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--63367310-8777-422d-8d5d-d1dbf47c7664", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.807028Z", "modified": "2026-06-02T15:57:33.807028Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bjdadoolmhglopjkfnedihebfalldcfo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bjdadoolmhglopjkfnedihebfalldcfo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.80699Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bjdadoolmhglopjkfnedihebfalldcfo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bjdadoolmhglopjkfnedihebfalldcfo", "external_id": "bjdadoolmhglopjkfnedihebfalldcfo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3061e444-75dc-4f9a-861e-8947a2d4be27", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.808034Z", "modified": "2026-06-02T15:57:33.808034Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bjdclfjlhgcdcpjhmhfggkkfacipilai) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bjdclfjlhgcdcpjhmhfggkkfacipilai']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.807996Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bjdclfjlhgcdcpjhmhfggkkfacipilai", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bjdclfjlhgcdcpjhmhfggkkfacipilai", "external_id": "bjdclfjlhgcdcpjhmhfggkkfacipilai"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--13a9f55f-7913-4023-8d86-42810b38b599", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.809201Z", "modified": "2026-06-02T15:57:33.809201Z", "name": "Malicious Extension: PRAXATECH SOLU\u00c7\u00d5ES", "description": "Malicious browser extension: PRAXATECH SOLU\u00c7\u00d5ES (bjhbgbfapjofmjcoonncefneakppmkmo) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bjhbgbfapjofmjcoonncefneakppmkmo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.809163Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bjhbgbfapjofmjcoonncefneakppmkmo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bjhbgbfapjofmjcoonncefneakppmkmo", "external_id": "bjhbgbfapjofmjcoonncefneakppmkmo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--090f06bb-f734-4b7b-afe9-a46d6505288f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.810215Z", "modified": "2026-06-02T15:57:33.810215Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bjoddpbfndnpeohkmpbjfhcppkhgobcg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bjoddpbfndnpeohkmpbjfhcppkhgobcg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.810178Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bjoddpbfndnpeohkmpbjfhcppkhgobcg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bjoddpbfndnpeohkmpbjfhcppkhgobcg", "external_id": "bjoddpbfndnpeohkmpbjfhcppkhgobcg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e6971699-35a1-42e1-9f32-6da738be5e50", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.811243Z", "modified": "2026-06-02T15:57:33.811243Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bkijbedohmdhdgijneacdbfhcambfoni) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bkijbedohmdhdgijneacdbfhcambfoni']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.811204Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bkijbedohmdhdgijneacdbfhcambfoni", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bkijbedohmdhdgijneacdbfhcambfoni", "external_id": "bkijbedohmdhdgijneacdbfhcambfoni"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2834bd96-c088-4af9-85bc-2ee03ced18c7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.812256Z", "modified": "2026-06-02T15:57:33.812256Z", "name": "Malicious Extension: UATZAP CRM", "description": "Malicious browser extension: UATZAP CRM (bkkcobflaheefjdhejdbogmhpojphhhf) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bkkcobflaheefjdhejdbogmhpojphhhf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.812218Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bkkcobflaheefjdhejdbogmhpojphhhf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bkkcobflaheefjdhejdbogmhpojphhhf", "external_id": "bkkcobflaheefjdhejdbogmhpojphhhf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--37d59dbb-5e75-4235-9eb6-b412128e02a4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.813242Z", "modified": "2026-06-02T15:57:33.813242Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bkknccgnmpcnhppklomdjkphccmpblga) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bkknccgnmpcnhppklomdjkphccmpblga']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.813204Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bkknccgnmpcnhppklomdjkphccmpblga", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bkknccgnmpcnhppklomdjkphccmpblga", "external_id": "bkknccgnmpcnhppklomdjkphccmpblga"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cf7713d5-1a8d-409a-bcd3-fcbaaf16abe1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.814239Z", "modified": "2026-06-02T15:57:33.814239Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bkpgbmjmifkbonccfmpejokfndolikcj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bkpgbmjmifkbonccfmpejokfndolikcj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.814201Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bkpgbmjmifkbonccfmpejokfndolikcj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bkpgbmjmifkbonccfmpejokfndolikcj", "external_id": "bkpgbmjmifkbonccfmpejokfndolikcj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8d3d811b-bf64-4f72-ae4b-2a23c47844c7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.815231Z", "modified": "2026-06-02T15:57:33.815231Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (blbojpnmaccebncdogamdagnmbpfjnfb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/blbojpnmaccebncdogamdagnmbpfjnfb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.815194Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:blbojpnmaccebncdogamdagnmbpfjnfb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/blbojpnmaccebncdogamdagnmbpfjnfb", "external_id": "blbojpnmaccebncdogamdagnmbpfjnfb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--071d1a82-b74b-4194-9741-1467a846975b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.816385Z", "modified": "2026-06-02T15:57:33.816385Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (blbpgfhhhnabbkdbakfibbgkpefpiapj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/blbpgfhhhnabbkdbakfibbgkpefpiapj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.816349Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:blbpgfhhhnabbkdbakfibbgkpefpiapj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/blbpgfhhhnabbkdbakfibbgkpefpiapj", "external_id": "blbpgfhhhnabbkdbakfibbgkpefpiapj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--95edd531-415e-466e-8a7d-c21e510d7c68", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.817379Z", "modified": "2026-06-02T15:57:33.817379Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bldelmcodcfhifpjpbpepkfcaignelbn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bldelmcodcfhifpjpbpepkfcaignelbn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.817342Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bldelmcodcfhifpjpbpepkfcaignelbn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bldelmcodcfhifpjpbpepkfcaignelbn", "external_id": "bldelmcodcfhifpjpbpepkfcaignelbn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--61929496-4ff6-4e0b-9061-1f608f7c5296", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.818372Z", "modified": "2026-06-02T15:57:33.818372Z", "name": "Malicious Extension: Wa Elo IA", "description": "Malicious browser extension: Wa Elo IA (bledopcgjbhnheppjbekbjnjnelmckdl) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bledopcgjbhnheppjbekbjnjnelmckdl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.818335Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bledopcgjbhnheppjbekbjnjnelmckdl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bledopcgjbhnheppjbekbjnjnelmckdl", "external_id": "bledopcgjbhnheppjbekbjnjnelmckdl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--35f9fb62-8c33-4800-bade-b2bb3588f3df", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.819366Z", "modified": "2026-06-02T15:57:33.819366Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (blfehknobghonbjigahfbmmjecooeeja) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/blfehknobghonbjigahfbmmjecooeeja']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.819329Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:blfehknobghonbjigahfbmmjecooeeja", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/blfehknobghonbjigahfbmmjecooeeja", "external_id": "blfehknobghonbjigahfbmmjecooeeja"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4fcd0b47-6c89-4147-9c28-53e334f44eec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.820356Z", "modified": "2026-06-02T15:57:33.820356Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (blffnkdfaobeknbcahjppbifklofofhh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/blffnkdfaobeknbcahjppbifklofofhh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.820318Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:blffnkdfaobeknbcahjppbifklofofhh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/blffnkdfaobeknbcahjppbifklofofhh", "external_id": "blffnkdfaobeknbcahjppbifklofofhh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9f9437f1-bef9-455d-b35e-8e6222fcc6fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.821342Z", "modified": "2026-06-02T15:57:33.821342Z", "name": "Malicious Extension: KPop Demon Hunters Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: KPop Demon Hunters Cursor \u2605 Custom Cursor for Chrome\u2122 (blibecomdmpcndbgkinclhaokmaheild) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/blibecomdmpcndbgkinclhaokmaheild']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.821305Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:blibecomdmpcndbgkinclhaokmaheild", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/blibecomdmpcndbgkinclhaokmaheild", "external_id": "blibecomdmpcndbgkinclhaokmaheild"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ceeb78b4-603c-4632-983e-a226ec23ce17", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.822329Z", "modified": "2026-06-02T15:57:33.822329Z", "name": "Malicious Extension: Private MV3 322.373", "description": "Malicious browser extension: Private MV3 322.373 (blnokeghbnokbibmohahmimdfknjcfnf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/blnokeghbnokbibmohahmimdfknjcfnf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.822291Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:blnokeghbnokbibmohahmimdfknjcfnf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/blnokeghbnokbibmohahmimdfknjcfnf", "external_id": "blnokeghbnokbibmohahmimdfknjcfnf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5da79195-fe2f-4408-b285-a025d82ad895", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.823488Z", "modified": "2026-06-02T15:57:33.823488Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bmhjbckmdfphfkeakcgogcblfnfififh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bmhjbckmdfphfkeakcgogcblfnfififh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.82345Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bmhjbckmdfphfkeakcgogcblfnfififh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bmhjbckmdfphfkeakcgogcblfnfififh", "external_id": "bmhjbckmdfphfkeakcgogcblfnfififh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--63f312b6-a74d-4fed-814a-e170cf670946", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.82448Z", "modified": "2026-06-02T15:57:33.82448Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bmlifknbfonkgphkpmkeoahgbhbdhebh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bmlifknbfonkgphkpmkeoahgbhbdhebh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.824443Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bmlifknbfonkgphkpmkeoahgbhbdhebh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bmlifknbfonkgphkpmkeoahgbhbdhebh", "external_id": "bmlifknbfonkgphkpmkeoahgbhbdhebh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c71be4ff-5364-435d-beb5-0912ade8f3de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.825458Z", "modified": "2026-06-02T15:57:33.825458Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bmmchpeggdipgcobjbkcjiifgjdaodng) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bmmchpeggdipgcobjbkcjiifgjdaodng']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.825422Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bmmchpeggdipgcobjbkcjiifgjdaodng", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bmmchpeggdipgcobjbkcjiifgjdaodng", "external_id": "bmmchpeggdipgcobjbkcjiifgjdaodng"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--435e29a9-d0ef-4aaf-bf9b-87baa9387926", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.826435Z", "modified": "2026-06-02T15:57:33.826435Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bmodapcihjhklpogdpblefpepjolaoij) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bmodapcihjhklpogdpblefpepjolaoij']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.826397Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bmodapcihjhklpogdpblefpepjolaoij", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bmodapcihjhklpogdpblefpepjolaoij", "external_id": "bmodapcihjhklpogdpblefpepjolaoij"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f9f293d3-d3f4-462d-9b2f-5a1e70c53624", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.827447Z", "modified": "2026-06-02T15:57:33.827447Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bmodhjhfenkpocdbpbijndlaefcbjkjo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bmodhjhfenkpocdbpbijndlaefcbjkjo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.827409Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bmodhjhfenkpocdbpbijndlaefcbjkjo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bmodhjhfenkpocdbpbijndlaefcbjkjo", "external_id": "bmodhjhfenkpocdbpbijndlaefcbjkjo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e52406be-c8c6-4f48-98df-b94aa9b0ce33", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.828439Z", "modified": "2026-06-02T15:57:33.828439Z", "name": "Malicious Extension: MaxFocus: Link Preview & AI Assistant", "description": "Malicious browser extension: MaxFocus: Link Preview & AI Assistant (bnacincmbaknlbegecpioobkfgejlojp) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=72). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bnacincmbaknlbegecpioobkfgejlojp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.828402Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bnacincmbaknlbegecpioobkfgejlojp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bnacincmbaknlbegecpioobkfgejlojp", "external_id": "bnacincmbaknlbegecpioobkfgejlojp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4815bdbe-84cb-46e5-a0f9-1a86be7f74a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.829417Z", "modified": "2026-06-02T15:57:33.829417Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bncibciebfeopcomdaknelhcohiidaoe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bncibciebfeopcomdaknelhcohiidaoe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.829381Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bncibciebfeopcomdaknelhcohiidaoe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bncibciebfeopcomdaknelhcohiidaoe", "external_id": "bncibciebfeopcomdaknelhcohiidaoe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--82b81764-133c-43ff-a357-d9ab9a9dd736", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.830552Z", "modified": "2026-06-02T15:57:33.830552Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bndkfmmbidllaiccmpnbdonijmicaafn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bndkfmmbidllaiccmpnbdonijmicaafn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.830513Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bndkfmmbidllaiccmpnbdonijmicaafn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bndkfmmbidllaiccmpnbdonijmicaafn", "external_id": "bndkfmmbidllaiccmpnbdonijmicaafn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fd4330c7-7c77-4ec7-b613-8cddf8bcf0fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.83156Z", "modified": "2026-06-02T15:57:33.83156Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bnjgeaohcnpcianfippccjdpiejgdfgj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bnjgeaohcnpcianfippccjdpiejgdfgj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.831524Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bnjgeaohcnpcianfippccjdpiejgdfgj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bnjgeaohcnpcianfippccjdpiejgdfgj", "external_id": "bnjgeaohcnpcianfippccjdpiejgdfgj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--870b93b3-60de-4372-bc0d-1766c580cffb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.832544Z", "modified": "2026-06-02T15:57:33.832544Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bnkcabhikeekinpkjckjfkilicpnddcd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bnkcabhikeekinpkjckjfkilicpnddcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.832507Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bnkcabhikeekinpkjckjfkilicpnddcd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bnkcabhikeekinpkjckjfkilicpnddcd", "external_id": "bnkcabhikeekinpkjckjfkilicpnddcd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7404a8eb-1cf4-4c03-b7c8-ce565d2a5e33", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.833533Z", "modified": "2026-06-02T15:57:33.833533Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bobmbfaebhleonnhmcmflajfgnbfokpg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bobmbfaebhleonnhmcmflajfgnbfokpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.833495Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bobmbfaebhleonnhmcmflajfgnbfokpg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bobmbfaebhleonnhmcmflajfgnbfokpg", "external_id": "bobmbfaebhleonnhmcmflajfgnbfokpg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b8e5f0d8-0893-4a2d-9dae-043542b672d2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.834519Z", "modified": "2026-06-02T15:57:33.834519Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bogbhacoalfapopgbgfoencdpdkmdlpk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bogbhacoalfapopgbgfoencdpdkmdlpk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.834483Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bogbhacoalfapopgbgfoencdpdkmdlpk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bogbhacoalfapopgbgfoencdpdkmdlpk", "external_id": "bogbhacoalfapopgbgfoencdpdkmdlpk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5b331670-a707-4c13-88b9-bdebb3501560", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.83551Z", "modified": "2026-06-02T15:57:33.83551Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (boiciofdokedkpmopjnghpkgdakmcpmb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/boiciofdokedkpmopjnghpkgdakmcpmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.835473Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:boiciofdokedkpmopjnghpkgdakmcpmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/boiciofdokedkpmopjnghpkgdakmcpmb", "external_id": "boiciofdokedkpmopjnghpkgdakmcpmb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--24755029-384c-4803-8c77-a141c202ecbe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.836499Z", "modified": "2026-06-02T15:57:33.836499Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (boilpfehlfccankbapnkhfgdcbhlgnid) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/boilpfehlfccankbapnkhfgdcbhlgnid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.836461Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:boilpfehlfccankbapnkhfgdcbhlgnid", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/boilpfehlfccankbapnkhfgdcbhlgnid", "external_id": "boilpfehlfccankbapnkhfgdcbhlgnid"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5ba37ecd-177c-44a7-8023-5e94571889e9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.837633Z", "modified": "2026-06-02T15:57:33.837633Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bonhfflnjgdbnhcpjemkknlhimceckgb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bonhfflnjgdbnhcpjemkknlhimceckgb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.837596Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bonhfflnjgdbnhcpjemkknlhimceckgb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bonhfflnjgdbnhcpjemkknlhimceckgb", "external_id": "bonhfflnjgdbnhcpjemkknlhimceckgb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--417f88d0-9d4c-44f5-9cbe-6c6aafc735ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.838624Z", "modified": "2026-06-02T15:57:33.838624Z", "name": "Malicious Extension: Blackpink Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Blackpink Cursor \u2605 Custom Cursor for Chrome\u2122 (boolceociingmfoakiaiikpcnbcbajfm) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/boolceociingmfoakiaiikpcnbcbajfm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.838587Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:boolceociingmfoakiaiikpcnbcbajfm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/boolceociingmfoakiaiikpcnbcbajfm", "external_id": "boolceociingmfoakiaiikpcnbcbajfm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7e1aaa15-adad-4b57-b532-8cbb8db261a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.839633Z", "modified": "2026-06-02T15:57:33.839633Z", "name": "Malicious Extension: waSuper", "description": "Malicious browser extension: waSuper (bpgbjcgkegcecddlnlckjcoddhpmekdh) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bpgbjcgkegcecddlnlckjcoddhpmekdh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.839595Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:bpgbjcgkegcecddlnlckjcoddhpmekdh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bpgbjcgkegcecddlnlckjcoddhpmekdh", "external_id": "bpgbjcgkegcecddlnlckjcoddhpmekdh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1a6cacd6-05ae-4d2b-ab02-cac27428638a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.840645Z", "modified": "2026-06-02T15:57:33.840645Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bpngofombcjloljkoafhmpcjclkekfbh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bpngofombcjloljkoafhmpcjclkekfbh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.840603Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bpngofombcjloljkoafhmpcjclkekfbh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bpngofombcjloljkoafhmpcjclkekfbh", "external_id": "bpngofombcjloljkoafhmpcjclkekfbh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--08f8c7fe-e855-4a85-a044-fe8252917ead", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.841627Z", "modified": "2026-06-02T15:57:33.841627Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bppelgkcnhfkicolffhlkbdghdnjdkhi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bppelgkcnhfkicolffhlkbdghdnjdkhi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.84159Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bppelgkcnhfkicolffhlkbdghdnjdkhi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bppelgkcnhfkicolffhlkbdghdnjdkhi", "external_id": "bppelgkcnhfkicolffhlkbdghdnjdkhi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e59f16d0-c397-43ee-8c2a-11e5daff6e20", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.842608Z", "modified": "2026-06-02T15:57:33.842608Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cabenpmbfkfhfjfkphpajdohklbplbdp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cabenpmbfkfhfjfkphpajdohklbplbdp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.842571Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cabenpmbfkfhfjfkphpajdohklbplbdp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cabenpmbfkfhfjfkphpajdohklbplbdp", "external_id": "cabenpmbfkfhfjfkphpajdohklbplbdp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6bad7e95-095b-44dc-95cc-67fa2012e70f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.8436Z", "modified": "2026-06-02T15:57:33.8436Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cacbflgkiidgcekflfgdnjdnaalfmkob) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cacbflgkiidgcekflfgdnjdnaalfmkob']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.843563Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cacbflgkiidgcekflfgdnjdnaalfmkob", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cacbflgkiidgcekflfgdnjdnaalfmkob", "external_id": "cacbflgkiidgcekflfgdnjdnaalfmkob"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a90b7ab9-fed6-417c-a9ce-e8251e27aaff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.844733Z", "modified": "2026-06-02T15:57:33.844733Z", "name": "Malicious Extension: Gloss", "description": "Malicious browser extension: Gloss (cackjmmgcmnkjnffabkabapdkofggpjl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cackjmmgcmnkjnffabkabapdkofggpjl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.844696Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cackjmmgcmnkjnffabkabapdkofggpjl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cackjmmgcmnkjnffabkabapdkofggpjl", "external_id": "cackjmmgcmnkjnffabkabapdkofggpjl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3fa0f10e-cdd1-4254-9ae1-c54fce7864d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.845724Z", "modified": "2026-06-02T15:57:33.845724Z", "name": "Malicious Extension: Dandadan Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Dandadan Cursor \u2605 Custom Cursor for Chrome\u2122 (caeneogdipddninidgnoamjaglmmlmoo) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/caeneogdipddninidgnoamjaglmmlmoo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.845687Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:caeneogdipddninidgnoamjaglmmlmoo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/caeneogdipddninidgnoamjaglmmlmoo", "external_id": "caeneogdipddninidgnoamjaglmmlmoo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f470dc26-22fc-47e7-8c62-41e865373381", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.84672Z", "modified": "2026-06-02T15:57:33.84672Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cafbjepckpmnmlliiheacibehokblihc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cafbjepckpmnmlliiheacibehokblihc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.846682Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cafbjepckpmnmlliiheacibehokblihc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cafbjepckpmnmlliiheacibehokblihc", "external_id": "cafbjepckpmnmlliiheacibehokblihc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6d1c733c-cafc-4651-a8c6-bd2b3717dd02", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.847719Z", "modified": "2026-06-02T15:57:33.847719Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cahhjpmdnfhfkgldefihhcgkaalllbld) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cahhjpmdnfhfkgldefihhcgkaalllbld']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.847682Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cahhjpmdnfhfkgldefihhcgkaalllbld", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cahhjpmdnfhfkgldefihhcgkaalllbld", "external_id": "cahhjpmdnfhfkgldefihhcgkaalllbld"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3801377a-3b8e-4b58-9a26-4646ca482ff7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.848701Z", "modified": "2026-06-02T15:57:33.848701Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (calfkdkldagckidpojjehljcfglhfila) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/calfkdkldagckidpojjehljcfglhfila']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.848664Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:calfkdkldagckidpojjehljcfglhfila", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/calfkdkldagckidpojjehljcfglhfila", "external_id": "calfkdkldagckidpojjehljcfglhfila"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--41e156b8-2148-4155-bd55-f5fda0fb4921", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.849706Z", "modified": "2026-06-02T15:57:33.849706Z", "name": "Malicious Extension: WAction", "description": "Malicious browser extension: WAction (cbaabfpflhiklcjgkjjhfjelihkgondn) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbaabfpflhiklcjgkjjhfjelihkgondn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.849669Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cbaabfpflhiklcjgkjjhfjelihkgondn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbaabfpflhiklcjgkjjhfjelihkgondn", "external_id": "cbaabfpflhiklcjgkjjhfjelihkgondn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0dce11d7-e1bd-45b7-9c92-be9cd43073e9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.850711Z", "modified": "2026-06-02T15:57:33.850711Z", "name": "Malicious Extension: Gera Cliente - Extens\u00e3o do Whatsapp para vender at\u00e9 4x mais", "description": "Malicious browser extension: Gera Cliente - Extens\u00e3o do Whatsapp para vender at\u00e9 4x mais (cbfeaklofemfhdlajmnlbdadcmbfaakc) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbfeaklofemfhdlajmnlbdadcmbfaakc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.850673Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cbfeaklofemfhdlajmnlbdadcmbfaakc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbfeaklofemfhdlajmnlbdadcmbfaakc", "external_id": "cbfeaklofemfhdlajmnlbdadcmbfaakc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e23909f9-452e-4564-8f2a-e64d824cf505", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.85194Z", "modified": "2026-06-02T15:57:33.85194Z", "name": "Malicious Extension: IA do Corretor", "description": "Malicious browser extension: IA do Corretor (cbgghdpadjdmlelmkkonkcjiccajaoln) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbgghdpadjdmlelmkkonkcjiccajaoln']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.851902Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cbgghdpadjdmlelmkkonkcjiccajaoln", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbgghdpadjdmlelmkkonkcjiccajaoln", "external_id": "cbgghdpadjdmlelmkkonkcjiccajaoln"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--defb3dba-f9e8-4995-9419-6489fcf070bf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.852953Z", "modified": "2026-06-02T15:57:33.852953Z", "name": "Malicious Extension: Musicians and Singers Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Musicians and Singers Cursor \u2605 Custom Cursor for Chrome\u2122 (cbgmidgpbbholpniehflilcaacpfipob) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbgmidgpbbholpniehflilcaacpfipob']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.852915Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cbgmidgpbbholpniehflilcaacpfipob", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbgmidgpbbholpniehflilcaacpfipob", "external_id": "cbgmidgpbbholpniehflilcaacpfipob"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f6293798-9cdd-4086-bb6e-3803ba0a97b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.853953Z", "modified": "2026-06-02T15:57:33.853953Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cbijiaccpnkbdpgbmiiipedpepbhioel) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbijiaccpnkbdpgbmiiipedpepbhioel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.853916Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cbijiaccpnkbdpgbmiiipedpepbhioel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbijiaccpnkbdpgbmiiipedpepbhioel", "external_id": "cbijiaccpnkbdpgbmiiipedpepbhioel"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bcdfd067-2818-4677-912b-0ed68dd2d373", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.854942Z", "modified": "2026-06-02T15:57:33.854942Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cbkaaiiccepebadakpfoijbmdilphpop) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbkaaiiccepebadakpfoijbmdilphpop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.854905Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cbkaaiiccepebadakpfoijbmdilphpop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbkaaiiccepebadakpfoijbmdilphpop", "external_id": "cbkaaiiccepebadakpfoijbmdilphpop"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d5b2ddbd-4277-423d-96d3-e921987b716c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.855947Z", "modified": "2026-06-02T15:57:33.855947Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cbkogccidanmoaicgphipbdofakomlak) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbkogccidanmoaicgphipbdofakomlak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.85591Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cbkogccidanmoaicgphipbdofakomlak", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbkogccidanmoaicgphipbdofakomlak", "external_id": "cbkogccidanmoaicgphipbdofakomlak"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--302b5fed-61dc-4e07-a12a-2f058431850a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.856935Z", "modified": "2026-06-02T15:57:33.856935Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ccdimkoieijdbgdlkfjjfncmihmlpanj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ccdimkoieijdbgdlkfjjfncmihmlpanj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.856898Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ccdimkoieijdbgdlkfjjfncmihmlpanj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ccdimkoieijdbgdlkfjjfncmihmlpanj", "external_id": "ccdimkoieijdbgdlkfjjfncmihmlpanj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d4348862-89d9-46ce-8a01-13bb487ae9cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.857918Z", "modified": "2026-06-02T15:57:33.857918Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ccdjaehckkiajeegcccoacigphgleipb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ccdjaehckkiajeegcccoacigphgleipb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.85788Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ccdjaehckkiajeegcccoacigphgleipb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ccdjaehckkiajeegcccoacigphgleipb", "external_id": "ccdjaehckkiajeegcccoacigphgleipb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5816d2e6-0984-4ca8-9dd2-ffe1e24e2641", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.859083Z", "modified": "2026-06-02T15:57:33.859083Z", "name": "Malicious Extension: Bleach Cursor - Custom Anime Cursor for Chrome", "description": "Malicious browser extension: Bleach Cursor - Custom Anime Cursor for Chrome (cckgnbinkelflpimkpadlfmlpbbagmka) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cckgnbinkelflpimkpadlfmlpbbagmka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.859046Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cckgnbinkelflpimkpadlfmlpbbagmka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cckgnbinkelflpimkpadlfmlpbbagmka", "external_id": "cckgnbinkelflpimkpadlfmlpbbagmka"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d3e2f67d-6400-4618-9c35-3f4dcfb9657d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.860089Z", "modified": "2026-06-02T15:57:33.860089Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ccollcihnnpcbjcgcjfmabegkpbehnip) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ccollcihnnpcbjcgcjfmabegkpbehnip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.860052Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ccollcihnnpcbjcgcjfmabegkpbehnip", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ccollcihnnpcbjcgcjfmabegkpbehnip", "external_id": "ccollcihnnpcbjcgcjfmabegkpbehnip"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ab943d5c-76a2-4d78-8ca3-10b849add4af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.861079Z", "modified": "2026-06-02T15:57:33.861079Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ccomccogicclmdabkdblhimkkoljidjb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ccomccogicclmdabkdblhimkkoljidjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.861041Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ccomccogicclmdabkdblhimkkoljidjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ccomccogicclmdabkdblhimkkoljidjb", "external_id": "ccomccogicclmdabkdblhimkkoljidjb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--542f62f8-2b66-4202-b70c-0fb9fa35d1cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.86207Z", "modified": "2026-06-02T15:57:33.86207Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cdfheigdnhiakflhgchemmmpmbeojgfn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cdfheigdnhiakflhgchemmmpmbeojgfn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.862033Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cdfheigdnhiakflhgchemmmpmbeojgfn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cdfheigdnhiakflhgchemmmpmbeojgfn", "external_id": "cdfheigdnhiakflhgchemmmpmbeojgfn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7ef95f46-0157-49cf-91d0-90ad043b9ad1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.863062Z", "modified": "2026-06-02T15:57:33.863062Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cdgmcemiphgkibjdcfjhcokpailckhao) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cdgmcemiphgkibjdcfjhcokpailckhao']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.863024Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cdgmcemiphgkibjdcfjhcokpailckhao", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cdgmcemiphgkibjdcfjhcokpailckhao", "external_id": "cdgmcemiphgkibjdcfjhcokpailckhao"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5984a15a-23dc-465b-b2d7-5b5736392e92", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.864057Z", "modified": "2026-06-02T15:57:33.864057Z", "name": "Malicious Extension: ZAP Wallet - AI-Powered Solana Wallet", "description": "Malicious browser extension: ZAP Wallet - AI-Powered Solana Wallet (cdiohdbijdajffgccjmbblbikpnnnkeg) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=112). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cdiohdbijdajffgccjmbblbikpnnnkeg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.86402Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cdiohdbijdajffgccjmbblbikpnnnkeg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cdiohdbijdajffgccjmbblbikpnnnkeg", "external_id": "cdiohdbijdajffgccjmbblbikpnnnkeg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5efe0d8f-15f5-45fb-bc34-aa5b4ecf7a6f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.865057Z", "modified": "2026-06-02T15:57:33.865057Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cehifnkfcddaeppdajpfldbpommggaca) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cehifnkfcddaeppdajpfldbpommggaca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.865018Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cehifnkfcddaeppdajpfldbpommggaca", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cehifnkfcddaeppdajpfldbpommggaca", "external_id": "cehifnkfcddaeppdajpfldbpommggaca"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c4c98932-42b6-4333-af94-c1e40a244f76", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.866203Z", "modified": "2026-06-02T15:57:33.866203Z", "name": "Malicious Extension: Blocksi AI Web Filter", "description": "Malicious browser extension: Blocksi AI Web Filter (celjchjgliegnlalhjegfcaacphgdkij) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=142). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/celjchjgliegnlalhjegfcaacphgdkij']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.866166Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:celjchjgliegnlalhjegfcaacphgdkij", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/celjchjgliegnlalhjegfcaacphgdkij", "external_id": "celjchjgliegnlalhjegfcaacphgdkij"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fb386e98-a27b-40ca-977c-e9869392f833", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.867222Z", "modified": "2026-06-02T15:57:33.867222Z", "name": "Malicious Extension: Midia Medica Orientada", "description": "Malicious browser extension: Midia Medica Orientada (cellckcnenolgakggljkichbmgmbibgb) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cellckcnenolgakggljkichbmgmbibgb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.867184Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cellckcnenolgakggljkichbmgmbibgb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cellckcnenolgakggljkichbmgmbibgb", "external_id": "cellckcnenolgakggljkichbmgmbibgb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--83a2edf9-b4b0-4ff5-85fa-4888d464c2d5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.868218Z", "modified": "2026-06-02T15:57:33.868218Z", "name": "Malicious Extension: Lilo & Stitch Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Lilo & Stitch Cursor \u2605 Custom Cursor for Chrome\u2122 (cembgjjgklolpjnbjmemmfmlkfmklood) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cembgjjgklolpjnbjmemmfmlkfmklood']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.868181Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cembgjjgklolpjnbjmemmfmlkfmklood", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cembgjjgklolpjnbjmemmfmlkfmklood", "external_id": "cembgjjgklolpjnbjmemmfmlkfmklood"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6dcd0ca3-3f84-47a7-b22d-72eb88e90f48", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.869203Z", "modified": "2026-06-02T15:57:33.869203Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ceopoaldcnmhechacafgagdkklcogkgd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ceopoaldcnmhechacafgagdkklcogkgd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.869165Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ceopoaldcnmhechacafgagdkklcogkgd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ceopoaldcnmhechacafgagdkklcogkgd", "external_id": "ceopoaldcnmhechacafgagdkklcogkgd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ddac5570-a64c-4a5a-b19d-4ebbf22ed671", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.870194Z", "modified": "2026-06-02T15:57:33.870194Z", "name": "Malicious Extension: Monitora Leads", "description": "Malicious browser extension: Monitora Leads (cfbgbmdpdkmdpdpchmhpkkdcolpgnode) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cfbgbmdpdkmdpdpchmhpkkdcolpgnode']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.870157Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cfbgbmdpdkmdpdpchmhpkkdcolpgnode", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cfbgbmdpdkmdpdpchmhpkkdcolpgnode", "external_id": "cfbgbmdpdkmdpdpchmhpkkdcolpgnode"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b80fec14-3418-4539-a1ea-6c4603cba8e7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.871214Z", "modified": "2026-06-02T15:57:33.871214Z", "name": "Malicious Extension: TikTok Video Downloader \u2014 Save Videos", "description": "Malicious browser extension: TikTok Video Downloader \u2014 Save Videos (cfbgdmiobbicgjnaegnenlcgbdabkcli) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=62). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cfbgdmiobbicgjnaegnenlcgbdabkcli']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.871176Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cfbgdmiobbicgjnaegnenlcgbdabkcli", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cfbgdmiobbicgjnaegnenlcgbdabkcli", "external_id": "cfbgdmiobbicgjnaegnenlcgbdabkcli"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--16351a98-372c-4e70-af95-59f9cbc3132b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.872213Z", "modified": "2026-06-02T15:57:33.872213Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cfbhkfgfjmfpkppgmnglkegbgkmmmfcf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cfbhkfgfjmfpkppgmnglkegbgkmmmfcf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.872176Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cfbhkfgfjmfpkppgmnglkegbgkmmmfcf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cfbhkfgfjmfpkppgmnglkegbgkmmmfcf", "external_id": "cfbhkfgfjmfpkppgmnglkegbgkmmmfcf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0f86ec04-c479-4cd7-827d-0ca45aea6c0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.873361Z", "modified": "2026-06-02T15:57:33.873361Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cfmcpcplnfmnihgbpblopbckfffmmada) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cfmcpcplnfmnihgbpblopbckfffmmada']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.873323Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cfmcpcplnfmnihgbpblopbckfffmmada", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cfmcpcplnfmnihgbpblopbckfffmmada", "external_id": "cfmcpcplnfmnihgbpblopbckfffmmada"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f1e88b0b-f6dd-44ef-9937-b2596e65fa98", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.87435Z", "modified": "2026-06-02T15:57:33.87435Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cfmfokegjjljmdcdpnmlfajlddngkoah) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cfmfokegjjljmdcdpnmlfajlddngkoah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.874312Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cfmfokegjjljmdcdpnmlfajlddngkoah", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cfmfokegjjljmdcdpnmlfajlddngkoah", "external_id": "cfmfokegjjljmdcdpnmlfajlddngkoah"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c3f864eb-d661-4fb2-bcd3-47238da11023", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.875358Z", "modified": "2026-06-02T15:57:33.875358Z", "name": "Malicious Extension: Kirby Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Kirby Cursor \u2605 Custom Cursor for Chrome\u2122 (cfolcjmcamelkgoopjddgbnaobjihmcn) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cfolcjmcamelkgoopjddgbnaobjihmcn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.875315Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cfolcjmcamelkgoopjddgbnaobjihmcn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cfolcjmcamelkgoopjddgbnaobjihmcn", "external_id": "cfolcjmcamelkgoopjddgbnaobjihmcn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b23a0f85-a436-4a62-8d40-d606dc87f0dc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.876349Z", "modified": "2026-06-02T15:57:33.876349Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cgehahdmoijenmnhinajnojmmlnipckl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cgehahdmoijenmnhinajnojmmlnipckl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.876313Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cgehahdmoijenmnhinajnojmmlnipckl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cgehahdmoijenmnhinajnojmmlnipckl", "external_id": "cgehahdmoijenmnhinajnojmmlnipckl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a8d51ccb-20ef-4470-84b1-65c67df730b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.877337Z", "modified": "2026-06-02T15:57:33.877337Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cghdfcbncfjhleinblpalngjhojokjeo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cghdfcbncfjhleinblpalngjhojokjeo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.8773Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cghdfcbncfjhleinblpalngjhojokjeo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cghdfcbncfjhleinblpalngjhojokjeo", "external_id": "cghdfcbncfjhleinblpalngjhojokjeo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8c34fa08-29cf-4485-a0c6-4038eb818272", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.878326Z", "modified": "2026-06-02T15:57:33.878326Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cghdjcdmopohjlogglcbocjldjhjlddg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cghdjcdmopohjlogglcbocjldjhjlddg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.878285Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cghdjcdmopohjlogglcbocjldjhjlddg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cghdjcdmopohjlogglcbocjldjhjlddg", "external_id": "cghdjcdmopohjlogglcbocjldjhjlddg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a615ef2e-8ced-4a06-ac02-99e5424b45c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.879317Z", "modified": "2026-06-02T15:57:33.879317Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cgjgmbppcoolfkbkjhoogdpkboohhgel) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cgjgmbppcoolfkbkjhoogdpkboohhgel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.87928Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cgjgmbppcoolfkbkjhoogdpkboohhgel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cgjgmbppcoolfkbkjhoogdpkboohhgel", "external_id": "cgjgmbppcoolfkbkjhoogdpkboohhgel"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d914b1dc-5693-46ab-b6b3-78e36b0b0bd2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.880457Z", "modified": "2026-06-02T15:57:33.880457Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cgjlgmcfhoicddhjikmjglhgibchboea) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cgjlgmcfhoicddhjikmjglhgibchboea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.880421Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cgjlgmcfhoicddhjikmjglhgibchboea", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cgjlgmcfhoicddhjikmjglhgibchboea", "external_id": "cgjlgmcfhoicddhjikmjglhgibchboea"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4ea9eb80-ff52-4532-93c5-624e68f7ccdf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.881451Z", "modified": "2026-06-02T15:57:33.881451Z", "name": "Malicious Extension: Safe Surf", "description": "Malicious browser extension: Safe Surf (cgmllohkcppmnkfpijpngkplpdbikhlf) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=162). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cgmllohkcppmnkfpijpngkplpdbikhlf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.881413Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cgmllohkcppmnkfpijpngkplpdbikhlf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cgmllohkcppmnkfpijpngkplpdbikhlf", "external_id": "cgmllohkcppmnkfpijpngkplpdbikhlf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--99fde0cc-0e54-497b-9dca-4c7781d7e920", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.88243Z", "modified": "2026-06-02T15:57:33.88243Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cgmmcoandmabammnhfnjcakdeejbfimn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cgmmcoandmabammnhfnjcakdeejbfimn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.882393Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cgmmcoandmabammnhfnjcakdeejbfimn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cgmmcoandmabammnhfnjcakdeejbfimn", "external_id": "cgmmcoandmabammnhfnjcakdeejbfimn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--57a3bedf-c6a8-4c93-ad84-67132c7489b2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.883434Z", "modified": "2026-06-02T15:57:33.883434Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cgnbfcoeopaehocfdnkkjecibafichje) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cgnbfcoeopaehocfdnkkjecibafichje']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.883396Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cgnbfcoeopaehocfdnkkjecibafichje", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cgnbfcoeopaehocfdnkkjecibafichje", "external_id": "cgnbfcoeopaehocfdnkkjecibafichje"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8d9a15f5-5907-45d6-8377-1d6e8ad7bb59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.88444Z", "modified": "2026-06-02T15:57:33.88444Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cgnnmgjmhhmemkmdcckoofobpdejpjef) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cgnnmgjmhhmemkmdcckoofobpdejpjef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.884403Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cgnnmgjmhhmemkmdcckoofobpdejpjef", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cgnnmgjmhhmemkmdcckoofobpdejpjef", "external_id": "cgnnmgjmhhmemkmdcckoofobpdejpjef"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ce7aa368-2014-4306-a5d6-81d90b2b9f02", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.885462Z", "modified": "2026-06-02T15:57:33.885462Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (chibagmiddeeabiejppmcineoadfgbab) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/chibagmiddeeabiejppmcineoadfgbab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.885425Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:chibagmiddeeabiejppmcineoadfgbab", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/chibagmiddeeabiejppmcineoadfgbab", "external_id": "chibagmiddeeabiejppmcineoadfgbab"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aab67bc4-bd0d-4471-a8c4-fa9919453a18", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.886464Z", "modified": "2026-06-02T15:57:33.886464Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (chjdellkkbngmkkdpckgfmpdjfianamb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/chjdellkkbngmkkdpckgfmpdjfianamb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.886427Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:chjdellkkbngmkkdpckgfmpdjfianamb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/chjdellkkbngmkkdpckgfmpdjfianamb", "external_id": "chjdellkkbngmkkdpckgfmpdjfianamb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f3b5fd51-e5fb-4937-81d5-5e1c25881973", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.888595Z", "modified": "2026-06-02T15:57:33.888595Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (chmcepembfffejphepoongapnlchjgil) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/chmcepembfffejphepoongapnlchjgil']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.888555Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:chmcepembfffejphepoongapnlchjgil", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/chmcepembfffejphepoongapnlchjgil", "external_id": "chmcepembfffejphepoongapnlchjgil"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dd8b591d-089f-41af-ad30-3cabd47ff888", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.889648Z", "modified": "2026-06-02T15:57:33.889648Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cianopbgdobcpihoajfonekopkjmdpid) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cianopbgdobcpihoajfonekopkjmdpid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.88961Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cianopbgdobcpihoajfonekopkjmdpid", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cianopbgdobcpihoajfonekopkjmdpid", "external_id": "cianopbgdobcpihoajfonekopkjmdpid"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--73814f9a-e1f8-4a28-91d1-2d4792c046a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.890674Z", "modified": "2026-06-02T15:57:33.890674Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cicjlpmjmimeoempffghfglndokjihhn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cicjlpmjmimeoempffghfglndokjihhn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.890636Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cicjlpmjmimeoempffghfglndokjihhn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cicjlpmjmimeoempffghfglndokjihhn", "external_id": "cicjlpmjmimeoempffghfglndokjihhn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bccdbadc-e0ec-4ba9-8438-64f888595b7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.89171Z", "modified": "2026-06-02T15:57:33.89171Z", "name": "Malicious Extension: FocusLead", "description": "Malicious browser extension: FocusLead (cicmfpphdicmiaphcmjpcapphlnooglp) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cicmfpphdicmiaphcmjpcapphlnooglp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.891672Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cicmfpphdicmiaphcmjpcapphlnooglp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cicmfpphdicmiaphcmjpcapphlnooglp", "external_id": "cicmfpphdicmiaphcmjpcapphlnooglp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7b2fc77d-438e-4f3a-8d02-239a23350da3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.892707Z", "modified": "2026-06-02T15:57:33.892707Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cignjngpjdkbiekiblcjnfkmfnelpjnn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cignjngpjdkbiekiblcjnfkmfnelpjnn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.892668Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cignjngpjdkbiekiblcjnfkmfnelpjnn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cignjngpjdkbiekiblcjnfkmfnelpjnn", "external_id": "cignjngpjdkbiekiblcjnfkmfnelpjnn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--da9866d1-4c9e-464d-b65b-76bde02016b2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.893698Z", "modified": "2026-06-02T15:57:33.893698Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cinnpifenmpjfcbdbdmhnndfgcpmfhna) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cinnpifenmpjfcbdbdmhnndfgcpmfhna']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.893661Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cinnpifenmpjfcbdbdmhnndfgcpmfhna", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cinnpifenmpjfcbdbdmhnndfgcpmfhna", "external_id": "cinnpifenmpjfcbdbdmhnndfgcpmfhna"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f079336b-5c44-4b5c-9945-a5e40101b6cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.894686Z", "modified": "2026-06-02T15:57:33.894686Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cjccjhkpejpnldpmcgpimmdinnaplcmk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cjccjhkpejpnldpmcgpimmdinnaplcmk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.894649Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cjccjhkpejpnldpmcgpimmdinnaplcmk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cjccjhkpejpnldpmcgpimmdinnaplcmk", "external_id": "cjccjhkpejpnldpmcgpimmdinnaplcmk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--29a5a41b-029d-4b9a-a609-5cfc04ed7249", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.895843Z", "modified": "2026-06-02T15:57:33.895843Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cjmhegifablecgkkncjddcgkjmgoacfd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cjmhegifablecgkkncjddcgkjmgoacfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.895805Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cjmhegifablecgkkncjddcgkjmgoacfd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cjmhegifablecgkkncjddcgkjmgoacfd", "external_id": "cjmhegifablecgkkncjddcgkjmgoacfd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d4f4c40d-982d-4f32-b779-45a9b22ccf66", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.896851Z", "modified": "2026-06-02T15:57:33.896851Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cjobgkekcenldbaenikebmbhffhhffef) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cjobgkekcenldbaenikebmbhffhhffef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.896813Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cjobgkekcenldbaenikebmbhffhhffef", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cjobgkekcenldbaenikebmbhffhhffef", "external_id": "cjobgkekcenldbaenikebmbhffhhffef"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8a65506c-be18-4db8-9297-188fa5c8ace9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.897836Z", "modified": "2026-06-02T15:57:33.897836Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cjpknfonjfjobbfpbhodmenghbpmcgpj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cjpknfonjfjobbfpbhodmenghbpmcgpj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.897799Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cjpknfonjfjobbfpbhodmenghbpmcgpj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cjpknfonjfjobbfpbhodmenghbpmcgpj", "external_id": "cjpknfonjfjobbfpbhodmenghbpmcgpj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5da00d26-60f5-4fb8-b619-6a8d9164e759", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.898816Z", "modified": "2026-06-02T15:57:33.898816Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ckcfkaikieiicfdeomgehmnjglnofhde) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ckcfkaikieiicfdeomgehmnjglnofhde']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.898779Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ckcfkaikieiicfdeomgehmnjglnofhde", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ckcfkaikieiicfdeomgehmnjglnofhde", "external_id": "ckcfkaikieiicfdeomgehmnjglnofhde"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9b9d5f03-f72d-4fae-845e-c7d4b0a67f6d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.899816Z", "modified": "2026-06-02T15:57:33.899816Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ckdbfeccfocmhdclmmofmheljglmhhne) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ckdbfeccfocmhdclmmofmheljglmhhne']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.899779Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ckdbfeccfocmhdclmmofmheljglmhhne", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ckdbfeccfocmhdclmmofmheljglmhhne", "external_id": "ckdbfeccfocmhdclmmofmheljglmhhne"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3fcbc41d-cd71-483a-8910-5bd3462f129f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.900823Z", "modified": "2026-06-02T15:57:33.900823Z", "name": "Malicious Extension: KFarias Inova\u00e7\u00e3o Tecnologica", "description": "Malicious browser extension: KFarias Inova\u00e7\u00e3o Tecnologica (ckfolfphmhnhimichgialimbohkfkmpp) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ckfolfphmhnhimichgialimbohkfkmpp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.900786Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ckfolfphmhnhimichgialimbohkfkmpp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ckfolfphmhnhimichgialimbohkfkmpp", "external_id": "ckfolfphmhnhimichgialimbohkfkmpp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1b2156ec-500c-49cd-957b-2db414c987bc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.9018Z", "modified": "2026-06-02T15:57:33.9018Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ckicoadchmmndbakbokhapncehanaeni) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ckicoadchmmndbakbokhapncehanaeni']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.901763Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ckicoadchmmndbakbokhapncehanaeni", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ckicoadchmmndbakbokhapncehanaeni", "external_id": "ckicoadchmmndbakbokhapncehanaeni"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dc9e1bd9-b445-46f6-92f5-4daead3c1e3a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.90294Z", "modified": "2026-06-02T15:57:33.90294Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ckiogjflpadnbjbdjgecdhncmemglmne) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ckiogjflpadnbjbdjgecdhncmemglmne']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.902903Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ckiogjflpadnbjbdjgecdhncmemglmne", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ckiogjflpadnbjbdjgecdhncmemglmne", "external_id": "ckiogjflpadnbjbdjgecdhncmemglmne"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4e16d83a-4cbf-4cbf-b2e0-2071bea29910", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.903956Z", "modified": "2026-06-02T15:57:33.903956Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cklhfdhnbcbcchammllnjbehpjjlcljn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cklhfdhnbcbcchammllnjbehpjjlcljn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.903919Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cklhfdhnbcbcchammllnjbehpjjlcljn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cklhfdhnbcbcchammllnjbehpjjlcljn", "external_id": "cklhfdhnbcbcchammllnjbehpjjlcljn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f9fbfec5-350a-4e1e-a2d6-85c5a1c077be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.904944Z", "modified": "2026-06-02T15:57:33.904944Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ckneindgfbjnbbiggcmnjeofelhflhaj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ckneindgfbjnbbiggcmnjeofelhflhaj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.904907Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ckneindgfbjnbbiggcmnjeofelhflhaj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ckneindgfbjnbbiggcmnjeofelhflhaj", "external_id": "ckneindgfbjnbbiggcmnjeofelhflhaj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--79b4c4bd-4db4-4240-8c22-df348e466aaa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.905926Z", "modified": "2026-06-02T15:57:33.905926Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cknmibbkfbephciofemdjndbgebggnkc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cknmibbkfbephciofemdjndbgebggnkc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.905889Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cknmibbkfbephciofemdjndbgebggnkc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cknmibbkfbephciofemdjndbgebggnkc", "external_id": "cknmibbkfbephciofemdjndbgebggnkc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e52955e9-7acf-452c-81d0-0a2d84bf7a81", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.906912Z", "modified": "2026-06-02T15:57:33.906912Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (clabdidkhcmbhkjnggoeecpldlegflmk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/clabdidkhcmbhkjnggoeecpldlegflmk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.906869Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:clabdidkhcmbhkjnggoeecpldlegflmk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/clabdidkhcmbhkjnggoeecpldlegflmk", "external_id": "clabdidkhcmbhkjnggoeecpldlegflmk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--33e39d94-1d8a-46d8-acf4-f8be66a8569e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.907911Z", "modified": "2026-06-02T15:57:33.907911Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (clajadbbjodhmojbejfhlegbepkpokba) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/clajadbbjodhmojbejfhlegbepkpokba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.907874Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:clajadbbjodhmojbejfhlegbepkpokba", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/clajadbbjodhmojbejfhlegbepkpokba", "external_id": "clajadbbjodhmojbejfhlegbepkpokba"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b058dfad-7b82-4674-97ab-86fe0eebfa41", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.908897Z", "modified": "2026-06-02T15:57:33.908897Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cldllmlmkpkdgmcphohecljfdfbiaoag) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cldllmlmkpkdgmcphohecljfdfbiaoag']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.90886Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cldllmlmkpkdgmcphohecljfdfbiaoag", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cldllmlmkpkdgmcphohecljfdfbiaoag", "external_id": "cldllmlmkpkdgmcphohecljfdfbiaoag"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a9fd4257-1e3e-4533-ae6c-d98bf84b8b80", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.91003Z", "modified": "2026-06-02T15:57:33.91003Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (clehpjldcdennhphcfihphbeoihllbki) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/clehpjldcdennhphcfihphbeoihllbki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.909993Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:clehpjldcdennhphcfihphbeoihllbki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/clehpjldcdennhphcfihphbeoihllbki", "external_id": "clehpjldcdennhphcfihphbeoihllbki"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3420037d-2e1d-4d3b-96dc-f0c8edc6f64f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.911017Z", "modified": "2026-06-02T15:57:33.911017Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (clfocgpnamchmalmdlcacllaembakhob) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/clfocgpnamchmalmdlcacllaembakhob']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.91098Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:clfocgpnamchmalmdlcacllaembakhob", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/clfocgpnamchmalmdlcacllaembakhob", "external_id": "clfocgpnamchmalmdlcacllaembakhob"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1cad07c3-6825-4493-b76b-030380f8d7af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.912012Z", "modified": "2026-06-02T15:57:33.912012Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (clglplmhjdibddcnnhdljjpnoaomjgnc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/clglplmhjdibddcnnhdljjpnoaomjgnc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.911975Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:clglplmhjdibddcnnhdljjpnoaomjgnc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/clglplmhjdibddcnnhdljjpnoaomjgnc", "external_id": "clglplmhjdibddcnnhdljjpnoaomjgnc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d82cf9c9-c1ae-496d-8f8c-8a11941c4ab9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.912989Z", "modified": "2026-06-02T15:57:33.912989Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cllehfhocaopfbkehdoiphpgehffmneh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cllehfhocaopfbkehdoiphpgehffmneh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.912951Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cllehfhocaopfbkehdoiphpgehffmneh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cllehfhocaopfbkehdoiphpgehffmneh", "external_id": "cllehfhocaopfbkehdoiphpgehffmneh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b9fdd472-be8f-4c79-b6a6-b309a4de95c1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.913984Z", "modified": "2026-06-02T15:57:33.913984Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cmckpheolajgbmhlfhgelajhhfgjbhpk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cmckpheolajgbmhlfhgelajhhfgjbhpk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.913947Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cmckpheolajgbmhlfhgelajhhfgjbhpk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cmckpheolajgbmhlfhgelajhhfgjbhpk", "external_id": "cmckpheolajgbmhlfhgelajhhfgjbhpk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f0f7dd20-e89c-4d14-a50c-2cb06ba4214b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.914977Z", "modified": "2026-06-02T15:57:33.914977Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cmjnkgaaeahkhgefpggmogipaljelajk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cmjnkgaaeahkhgefpggmogipaljelajk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.91494Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cmjnkgaaeahkhgefpggmogipaljelajk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cmjnkgaaeahkhgefpggmogipaljelajk", "external_id": "cmjnkgaaeahkhgefpggmogipaljelajk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7a5a374f-3fb6-40e4-a54b-0759f79e7967", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.915972Z", "modified": "2026-06-02T15:57:33.915972Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cmmhaonjjooajkjanjcigoldiicbbkhe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cmmhaonjjooajkjanjcigoldiicbbkhe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.915936Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cmmhaonjjooajkjanjcigoldiicbbkhe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cmmhaonjjooajkjanjcigoldiicbbkhe", "external_id": "cmmhaonjjooajkjanjcigoldiicbbkhe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7f49f917-565b-4dd8-8bcd-a69d907a3b61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.917126Z", "modified": "2026-06-02T15:57:33.917126Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cmpmhhjahlioglkleiofbjodhhiejhei) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cmpmhhjahlioglkleiofbjodhhiejhei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.917088Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cmpmhhjahlioglkleiofbjodhhiejhei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cmpmhhjahlioglkleiofbjodhhiejhei", "external_id": "cmpmhhjahlioglkleiofbjodhhiejhei"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--24215ee0-3d10-4aed-9844-1cf743c34a02", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.91812Z", "modified": "2026-06-02T15:57:33.91812Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cnfkambgbklnggngkenpfoolbmhoonlc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cnfkambgbklnggngkenpfoolbmhoonlc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.918083Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cnfkambgbklnggngkenpfoolbmhoonlc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cnfkambgbklnggngkenpfoolbmhoonlc", "external_id": "cnfkambgbklnggngkenpfoolbmhoonlc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--87c91caf-e75a-42d3-adfd-8321b3855a75", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.91911Z", "modified": "2026-06-02T15:57:33.91911Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cngadogedbklhgelahcpjofagelffgng) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cngadogedbklhgelahcpjofagelffgng']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.919065Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cngadogedbklhgelahcpjofagelffgng", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cngadogedbklhgelahcpjofagelffgng", "external_id": "cngadogedbklhgelahcpjofagelffgng"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--51abbfc4-1306-43f4-b3a3-40e9ef223d90", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.920112Z", "modified": "2026-06-02T15:57:33.920112Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cnhikhicflgjbfnllpmbbdpjcfmfnkii) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cnhikhicflgjbfnllpmbbdpjcfmfnkii']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.920069Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cnhikhicflgjbfnllpmbbdpjcfmfnkii", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cnhikhicflgjbfnllpmbbdpjcfmfnkii", "external_id": "cnhikhicflgjbfnllpmbbdpjcfmfnkii"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--adf680c9-4a59-4988-8fe1-75dd1d8032bd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.921108Z", "modified": "2026-06-02T15:57:33.921108Z", "name": "Malicious Extension: HashDit", "description": "Malicious browser extension: HashDit (coegijljhiejhdodjbnlglffjomlbgmi) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=92). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/coegijljhiejhdodjbnlglffjomlbgmi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.921071Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:coegijljhiejhdodjbnlglffjomlbgmi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/coegijljhiejhdodjbnlglffjomlbgmi", "external_id": "coegijljhiejhdodjbnlglffjomlbgmi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a190e96a-7ceb-4cf8-96b4-3f88928ba905", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.922086Z", "modified": "2026-06-02T15:57:33.922086Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (colgdlijdieibnaccfdcdbpdffofkfeb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/colgdlijdieibnaccfdcdbpdffofkfeb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.92205Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:colgdlijdieibnaccfdcdbpdffofkfeb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/colgdlijdieibnaccfdcdbpdffofkfeb", "external_id": "colgdlijdieibnaccfdcdbpdffofkfeb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2ebf2601-0acc-492f-b92b-0dd041c3193e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.923074Z", "modified": "2026-06-02T15:57:33.923074Z", "name": "Malicious Extension: SPEEDYX", "description": "Malicious browser extension: SPEEDYX (comknamophhecgmcchgcclmcodohlfap) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/comknamophhecgmcchgcclmcodohlfap']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.923036Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:comknamophhecgmcchgcclmcodohlfap", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/comknamophhecgmcchgcclmcodohlfap", "external_id": "comknamophhecgmcchgcclmcodohlfap"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--344556dd-bf32-49e2-beb4-45ed168c66fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.924227Z", "modified": "2026-06-02T15:57:33.924227Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (condlopdddofpgcdjfnoepbdkcgckmgb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/condlopdddofpgcdjfnoepbdkcgckmgb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.924189Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:condlopdddofpgcdjfnoepbdkcgckmgb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/condlopdddofpgcdjfnoepbdkcgckmgb", "external_id": "condlopdddofpgcdjfnoepbdkcgckmgb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c1618ce6-825e-41b6-9cf1-e0d37c8def20", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.92522Z", "modified": "2026-06-02T15:57:33.92522Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cpbbiepjnljbnngpepgeaojjeneacpld) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cpbbiepjnljbnngpepgeaojjeneacpld']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.925183Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cpbbiepjnljbnngpepgeaojjeneacpld", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cpbbiepjnljbnngpepgeaojjeneacpld", "external_id": "cpbbiepjnljbnngpepgeaojjeneacpld"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--97989d5f-68cd-496d-95bb-0bb1c8ec0f8a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.926201Z", "modified": "2026-06-02T15:57:33.926201Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cpcdkmjddocikjdkbbeiaafnpdbdafmi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cpcdkmjddocikjdkbbeiaafnpdbdafmi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.926165Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cpcdkmjddocikjdkbbeiaafnpdbdafmi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cpcdkmjddocikjdkbbeiaafnpdbdafmi", "external_id": "cpcdkmjddocikjdkbbeiaafnpdbdafmi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0b74c4d1-9ee8-44cc-81d6-2c27c248fe8b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.927209Z", "modified": "2026-06-02T15:57:33.927209Z", "name": "Malicious Extension: Amazon Image Downloader with Videos | 10X", "description": "Malicious browser extension: Amazon Image Downloader with Videos | 10X (cpcojeeblggnjjgnpiicndnahfhjdobd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cpcojeeblggnjjgnpiicndnahfhjdobd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.927171Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cpcojeeblggnjjgnpiicndnahfhjdobd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cpcojeeblggnjjgnpiicndnahfhjdobd", "external_id": "cpcojeeblggnjjgnpiicndnahfhjdobd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b8a09e09-2eba-4df7-baa7-8b0f66240617", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.928194Z", "modified": "2026-06-02T15:57:33.928194Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cpehflfpgdgofpocagbdeecjlfhjfjdh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cpehflfpgdgofpocagbdeecjlfhjfjdh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.928158Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cpehflfpgdgofpocagbdeecjlfhjfjdh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cpehflfpgdgofpocagbdeecjlfhjfjdh", "external_id": "cpehflfpgdgofpocagbdeecjlfhjfjdh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3d9d025d-e448-4e40-9271-4e596154dcae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.929177Z", "modified": "2026-06-02T15:57:33.929177Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cpigbbjhchinhpamicodkkcpihjjjlia) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cpigbbjhchinhpamicodkkcpihjjjlia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.92914Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cpigbbjhchinhpamicodkkcpihjjjlia", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cpigbbjhchinhpamicodkkcpihjjjlia", "external_id": "cpigbbjhchinhpamicodkkcpihjjjlia"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8f46b2de-f5d5-4367-8967-c2e83cf0dfd9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.930188Z", "modified": "2026-06-02T15:57:33.930188Z", "name": "Malicious Extension: BALTZ CRM", "description": "Malicious browser extension: BALTZ CRM (cplaeebopfpnoebkaimlibpdickcjofa) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cplaeebopfpnoebkaimlibpdickcjofa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.93015Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:cplaeebopfpnoebkaimlibpdickcjofa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cplaeebopfpnoebkaimlibpdickcjofa", "external_id": "cplaeebopfpnoebkaimlibpdickcjofa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--05e30caf-278c-4a4f-a488-3db932b2518c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.931341Z", "modified": "2026-06-02T15:57:33.931341Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cpmbdnkbpaabapidllalnfopojfimbno) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cpmbdnkbpaabapidllalnfopojfimbno']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.931303Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cpmbdnkbpaabapidllalnfopojfimbno", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cpmbdnkbpaabapidllalnfopojfimbno", "external_id": "cpmbdnkbpaabapidllalnfopojfimbno"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ee61cec2-e3fe-40d2-9112-2c72e1be2195", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.93234Z", "modified": "2026-06-02T15:57:33.93234Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cpopolncdlnofnhahmapebnmmgfibcdk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cpopolncdlnofnhahmapebnmmgfibcdk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.932303Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cpopolncdlnofnhahmapebnmmgfibcdk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cpopolncdlnofnhahmapebnmmgfibcdk", "external_id": "cpopolncdlnofnhahmapebnmmgfibcdk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a323268a-6358-4f9a-b9fc-0dce71747c6a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.933334Z", "modified": "2026-06-02T15:57:33.933334Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dacliiapfipnlipdmifioaijepgmhdga) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dacliiapfipnlipdmifioaijepgmhdga']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.933292Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dacliiapfipnlipdmifioaijepgmhdga", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dacliiapfipnlipdmifioaijepgmhdga", "external_id": "dacliiapfipnlipdmifioaijepgmhdga"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2436a15a-8c8c-4261-a8c0-ef08acc190b6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.934332Z", "modified": "2026-06-02T15:57:33.934332Z", "name": "Malicious Extension: Pangeia", "description": "Malicious browser extension: Pangeia (dagelhckpadaagjpebgjfkccfnljcjmn) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dagelhckpadaagjpebgjfkccfnljcjmn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.934295Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dagelhckpadaagjpebgjfkccfnljcjmn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dagelhckpadaagjpebgjfkccfnljcjmn", "external_id": "dagelhckpadaagjpebgjfkccfnljcjmn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8f8a5cbc-bbe6-4248-82bc-6e80f3f0116a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.935324Z", "modified": "2026-06-02T15:57:33.935324Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dandkcngjnihdeaddffgcmpnccjoojlg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dandkcngjnihdeaddffgcmpnccjoojlg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.935287Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dandkcngjnihdeaddffgcmpnccjoojlg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dandkcngjnihdeaddffgcmpnccjoojlg", "external_id": "dandkcngjnihdeaddffgcmpnccjoojlg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fc182162-ab82-43f0-a271-59fb4ffd9661", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.936308Z", "modified": "2026-06-02T15:57:33.936308Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dangpedgafjilhjmkkphgdloelmmgooj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dangpedgafjilhjmkkphgdloelmmgooj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.936271Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dangpedgafjilhjmkkphgdloelmmgooj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dangpedgafjilhjmkkphgdloelmmgooj", "external_id": "dangpedgafjilhjmkkphgdloelmmgooj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--159d17ca-b19d-44cf-8198-19a4ca4a646b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.937295Z", "modified": "2026-06-02T15:57:33.937295Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (danplamegmfnfobbhkandimjpepjlcoc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/danplamegmfnfobbhkandimjpepjlcoc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.937256Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:danplamegmfnfobbhkandimjpepjlcoc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/danplamegmfnfobbhkandimjpepjlcoc", "external_id": "danplamegmfnfobbhkandimjpepjlcoc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4f054e1c-b6aa-4176-b437-ad0e129a228b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.938431Z", "modified": "2026-06-02T15:57:33.938431Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dbclhjpifdfkofnmjfpheiondafpkoed) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dbclhjpifdfkofnmjfpheiondafpkoed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.938394Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dbclhjpifdfkofnmjfpheiondafpkoed", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dbclhjpifdfkofnmjfpheiondafpkoed", "external_id": "dbclhjpifdfkofnmjfpheiondafpkoed"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6ab190b3-4d55-42c9-a484-5d55303555a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.939438Z", "modified": "2026-06-02T15:57:33.939438Z", "name": "Malicious Extension: Back to School Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Back to School Cursor \u2605 Custom Cursor for Chrome\u2122 (dbjpighofpljmoogjcbhghlnlnepmmie) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dbjpighofpljmoogjcbhghlnlnepmmie']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.939401Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dbjpighofpljmoogjcbhghlnlnepmmie", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dbjpighofpljmoogjcbhghlnlnepmmie", "external_id": "dbjpighofpljmoogjcbhghlnlnepmmie"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4720209a-eea5-4701-88a9-f2618c0b6ab7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.940431Z", "modified": "2026-06-02T15:57:33.940431Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dbodeahpplojfmjoiabfkaodjpbblhkc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dbodeahpplojfmjoiabfkaodjpbblhkc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.940393Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dbodeahpplojfmjoiabfkaodjpbblhkc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dbodeahpplojfmjoiabfkaodjpbblhkc", "external_id": "dbodeahpplojfmjoiabfkaodjpbblhkc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2f5ee6b3-4081-496b-9aed-1072477051f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.941415Z", "modified": "2026-06-02T15:57:33.941415Z", "name": "Malicious Extension: ChatGPT Extension", "description": "Malicious browser extension: ChatGPT Extension (dcbcnpnaccfjoikaofjgcipcfbmfkpmj) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=182). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dcbcnpnaccfjoikaofjgcipcfbmfkpmj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.941378Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dcbcnpnaccfjoikaofjgcipcfbmfkpmj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dcbcnpnaccfjoikaofjgcipcfbmfkpmj", "external_id": "dcbcnpnaccfjoikaofjgcipcfbmfkpmj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a514f451-6914-407d-a919-2236b2902254", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.942392Z", "modified": "2026-06-02T15:57:33.942392Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dcbikjphkkgmgmjoohmbnhccbndgpmin) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dcbikjphkkgmgmjoohmbnhccbndgpmin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.942356Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dcbikjphkkgmgmjoohmbnhccbndgpmin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dcbikjphkkgmgmjoohmbnhccbndgpmin", "external_id": "dcbikjphkkgmgmjoohmbnhccbndgpmin"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--304ae3eb-04c5-43ef-b9ef-084f41f34062", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.943389Z", "modified": "2026-06-02T15:57:33.943389Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dcemmencnfibpboogpedgcpfipbmphnd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dcemmencnfibpboogpedgcpfipbmphnd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.943352Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dcemmencnfibpboogpedgcpfipbmphnd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dcemmencnfibpboogpedgcpfipbmphnd", "external_id": "dcemmencnfibpboogpedgcpfipbmphnd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1450175c-8167-4428-9b8f-670bad0fbefb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.944377Z", "modified": "2026-06-02T15:57:33.944377Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dcibfpikkfpaogplkmnocfepoliadbeh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dcibfpikkfpaogplkmnocfepoliadbeh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.944334Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dcibfpikkfpaogplkmnocfepoliadbeh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dcibfpikkfpaogplkmnocfepoliadbeh", "external_id": "dcibfpikkfpaogplkmnocfepoliadbeh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c6c4c552-6b6d-4fee-93f9-e24680444b6e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.945532Z", "modified": "2026-06-02T15:57:33.945532Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dcjfbgppfdokmjgajnnkgdmkdeiloigh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dcjfbgppfdokmjgajnnkgdmkdeiloigh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.945482Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dcjfbgppfdokmjgajnnkgdmkdeiloigh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dcjfbgppfdokmjgajnnkgdmkdeiloigh", "external_id": "dcjfbgppfdokmjgajnnkgdmkdeiloigh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--87d3e93d-188d-4aa9-8b9d-a59a338c25b2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.946521Z", "modified": "2026-06-02T15:57:33.946521Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dcllajlpjeaobemjcplencinnjdkefkc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dcllajlpjeaobemjcplencinnjdkefkc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.946484Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dcllajlpjeaobemjcplencinnjdkefkc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dcllajlpjeaobemjcplencinnjdkefkc", "external_id": "dcllajlpjeaobemjcplencinnjdkefkc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e7e2a783-3a3a-4fbf-9841-bc2e4a9f65f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.947513Z", "modified": "2026-06-02T15:57:33.947513Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dcmpoiccnjppenlhbhhbbkacebmoegoc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dcmpoiccnjppenlhbhhbbkacebmoegoc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.947476Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dcmpoiccnjppenlhbhhbbkacebmoegoc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dcmpoiccnjppenlhbhhbbkacebmoegoc", "external_id": "dcmpoiccnjppenlhbhhbbkacebmoegoc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0c9f7d72-3ba3-4c62-82de-9a23ff6c9dd5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.948492Z", "modified": "2026-06-02T15:57:33.948492Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dcnjgfafcnopabhpgoekkgckgkkddpjg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dcnjgfafcnopabhpgoekkgckgkkddpjg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.948456Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dcnjgfafcnopabhpgoekkgckgkkddpjg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dcnjgfafcnopabhpgoekkgckgkkddpjg", "external_id": "dcnjgfafcnopabhpgoekkgckgkkddpjg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ac997719-c5dc-4c03-9b28-10a8b729d5fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.949471Z", "modified": "2026-06-02T15:57:33.949471Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ddffafnebdedgiaghdjkaifbhaaemdco) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ddffafnebdedgiaghdjkaifbhaaemdco']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.949434Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ddffafnebdedgiaghdjkaifbhaaemdco", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ddffafnebdedgiaghdjkaifbhaaemdco", "external_id": "ddffafnebdedgiaghdjkaifbhaaemdco"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c2e3e0e7-3413-4fbe-baa7-afb9ce6345eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.950472Z", "modified": "2026-06-02T15:57:33.950472Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ddhodpjidkbpkeheeenjflfjbgljgapl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ddhodpjidkbpkeheeenjflfjbgljgapl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.950434Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ddhodpjidkbpkeheeenjflfjbgljgapl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ddhodpjidkbpkeheeenjflfjbgljgapl", "external_id": "ddhodpjidkbpkeheeenjflfjbgljgapl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6171f286-d3ba-4c4a-84c7-6bf09a27917d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.951516Z", "modified": "2026-06-02T15:57:33.951516Z", "name": "Malicious Extension: CRM TURBINADO", "description": "Malicious browser extension: CRM TURBINADO (deaadbmkldfnondhdbbfoldamngpgahp) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/deaadbmkldfnondhdbbfoldamngpgahp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.951475Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:deaadbmkldfnondhdbbfoldamngpgahp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/deaadbmkldfnondhdbbfoldamngpgahp", "external_id": "deaadbmkldfnondhdbbfoldamngpgahp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--645ca71e-42b9-44a8-9b66-b78cf152e10a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.952683Z", "modified": "2026-06-02T15:57:33.952683Z", "name": "Malicious Extension: ZAPFY CRM", "description": "Malicious browser extension: ZAPFY CRM (deglljpibacfneponmjilaopemcdohle) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/deglljpibacfneponmjilaopemcdohle']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.952646Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:deglljpibacfneponmjilaopemcdohle", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/deglljpibacfneponmjilaopemcdohle", "external_id": "deglljpibacfneponmjilaopemcdohle"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e2a1b164-47f8-4d1b-9df2-f06cc4eb45f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.953675Z", "modified": "2026-06-02T15:57:33.953675Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dehblkalhcpijgblbakdkofmlfpklkjj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dehblkalhcpijgblbakdkofmlfpklkjj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.953638Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dehblkalhcpijgblbakdkofmlfpklkjj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dehblkalhcpijgblbakdkofmlfpklkjj", "external_id": "dehblkalhcpijgblbakdkofmlfpklkjj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3e617ac2-9a71-4f19-9d7f-e7cfcb9b6388", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.954687Z", "modified": "2026-06-02T15:57:33.954687Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dendloedlbkeebokldgajllgngabkelg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dendloedlbkeebokldgajllgngabkelg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.95465Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dendloedlbkeebokldgajllgngabkelg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dendloedlbkeebokldgajllgngabkelg", "external_id": "dendloedlbkeebokldgajllgngabkelg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1ef2b236-b78d-46cc-9a70-90091d505ec1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.955696Z", "modified": "2026-06-02T15:57:33.955696Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (denmnkfiabmkhgkacnappiekcfclbogk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/denmnkfiabmkhgkacnappiekcfclbogk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.955659Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:denmnkfiabmkhgkacnappiekcfclbogk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/denmnkfiabmkhgkacnappiekcfclbogk", "external_id": "denmnkfiabmkhgkacnappiekcfclbogk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3691a020-6a62-4aff-b7fe-dfdd80e85a10", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.956698Z", "modified": "2026-06-02T15:57:33.956698Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (deopfbighgnpgfmhjeccdifdmhcjckoe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/deopfbighgnpgfmhjeccdifdmhcjckoe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.956661Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:deopfbighgnpgfmhjeccdifdmhcjckoe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/deopfbighgnpgfmhjeccdifdmhcjckoe", "external_id": "deopfbighgnpgfmhjeccdifdmhcjckoe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--45c26d18-18bc-4599-a34f-2ac2fea83ccf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.957689Z", "modified": "2026-06-02T15:57:33.957689Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dfakjobhimnibdmkbgpkijoihplhcnil) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dfakjobhimnibdmkbgpkijoihplhcnil']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.957651Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dfakjobhimnibdmkbgpkijoihplhcnil", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dfakjobhimnibdmkbgpkijoihplhcnil", "external_id": "dfakjobhimnibdmkbgpkijoihplhcnil"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--107d1796-f980-4a48-a95d-8badfa982856", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.958678Z", "modified": "2026-06-02T15:57:33.958678Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dfblonmbgoohadjjhcoeemcailijfigm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dfblonmbgoohadjjhcoeemcailijfigm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.958641Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dfblonmbgoohadjjhcoeemcailijfigm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dfblonmbgoohadjjhcoeemcailijfigm", "external_id": "dfblonmbgoohadjjhcoeemcailijfigm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f086a4aa-bed6-4dae-93c0-93b393c26f19", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.959849Z", "modified": "2026-06-02T15:57:33.959849Z", "name": "Malicious Extension: WA Envio", "description": "Malicious browser extension: WA Envio (dfcngbjlmlakepppfaaepideejcbfcjf) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dfcngbjlmlakepppfaaepideejcbfcjf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.959811Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dfcngbjlmlakepppfaaepideejcbfcjf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dfcngbjlmlakepppfaaepideejcbfcjf", "external_id": "dfcngbjlmlakepppfaaepideejcbfcjf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--04e06403-c0a4-41d8-9d3f-aef911b6f85a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.960865Z", "modified": "2026-06-02T15:57:33.960865Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dfenmdjldedloklnjjkdaaomifnggiio) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dfenmdjldedloklnjjkdaaomifnggiio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.960827Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dfenmdjldedloklnjjkdaaomifnggiio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dfenmdjldedloklnjjkdaaomifnggiio", "external_id": "dfenmdjldedloklnjjkdaaomifnggiio"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--12568fef-e5e5-49ec-a8b3-82fbe5532d87", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.961864Z", "modified": "2026-06-02T15:57:33.961864Z", "name": "Malicious Extension: EAI +", "description": "Malicious browser extension: EAI + (dfeojjampcncbhemefhadnnokdjdfomd) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dfeojjampcncbhemefhadnnokdjdfomd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.961827Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dfeojjampcncbhemefhadnnokdjdfomd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dfeojjampcncbhemefhadnnokdjdfomd", "external_id": "dfeojjampcncbhemefhadnnokdjdfomd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--311c6053-2af2-4e91-ba89-1f8528332dd8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.962841Z", "modified": "2026-06-02T15:57:33.962841Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dfibabgkjdmbfbknefpabdglfpbmbnhh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dfibabgkjdmbfbknefpabdglfpbmbnhh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.962804Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dfibabgkjdmbfbknefpabdglfpbmbnhh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dfibabgkjdmbfbknefpabdglfpbmbnhh", "external_id": "dfibabgkjdmbfbknefpabdglfpbmbnhh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--06252ba6-4e01-4fff-a5c6-b7d045e7adef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.963847Z", "modified": "2026-06-02T15:57:33.963847Z", "name": "Malicious Extension: Amazon Weight Converter", "description": "Malicious browser extension: Amazon Weight Converter (dfnannaibdndmkienngjahldiofjbkmj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dfnannaibdndmkienngjahldiofjbkmj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.963808Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dfnannaibdndmkienngjahldiofjbkmj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dfnannaibdndmkienngjahldiofjbkmj", "external_id": "dfnannaibdndmkienngjahldiofjbkmj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aea41ce6-0ee8-45ab-a18a-477b04c529fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.96483Z", "modified": "2026-06-02T15:57:33.96483Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dfpbcakpogbfaohnnjlgghdjkgaoiaik) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dfpbcakpogbfaohnnjlgghdjkgaoiaik']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.964793Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dfpbcakpogbfaohnnjlgghdjkgaoiaik", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dfpbcakpogbfaohnnjlgghdjkgaoiaik", "external_id": "dfpbcakpogbfaohnnjlgghdjkgaoiaik"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d34a1228-bbd3-4e9c-877f-62fda5de9121", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.965821Z", "modified": "2026-06-02T15:57:33.965821Z", "name": "Malicious Extension: \u4f1a\u8bd1:\u4e00\u7ad9\u5f0f AI \u7ffb\u8bd1 Agent\uff5c\u5bf9\u7167\u5f0fDeepL\u7ffb\u8bd1\uff5cDeepSeek\u5212\u8bcd\u7ffb\u8bd1\uff5c\u514d\u8d39", "description": "Malicious browser extension: \u4f1a\u8bd1:\u4e00\u7ad9\u5f0f AI \u7ffb\u8bd1 Agent\uff5c\u5bf9\u7167\u5f0fDeepL\u7ffb\u8bd1\uff5cDeepSeek\u5212\u8bcd\u7ffb\u8bd1\uff5c\u514d\u8d39 (dgeiaiglmhdhajbpfbmajaajdlfdinpi) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=152). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dgeiaiglmhdhajbpfbmajaajdlfdinpi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.965783Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dgeiaiglmhdhajbpfbmajaajdlfdinpi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dgeiaiglmhdhajbpfbmajaajdlfdinpi", "external_id": "dgeiaiglmhdhajbpfbmajaajdlfdinpi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2ff43c87-ab3d-4457-8997-bba3718d113b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.966978Z", "modified": "2026-06-02T15:57:33.966978Z", "name": "Malicious Extension: Anime Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Anime Cursor \u2605 Custom Cursor for Chrome\u2122 (dgfaekieonkobpaklglncjmjibbbpnod) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dgfaekieonkobpaklglncjmjibbbpnod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.96694Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dgfaekieonkobpaklglncjmjibbbpnod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dgfaekieonkobpaklglncjmjibbbpnod", "external_id": "dgfaekieonkobpaklglncjmjibbbpnod"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c894a965-089f-44e7-9d74-e8c89c041950", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.967991Z", "modified": "2026-06-02T15:57:33.967991Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dghkhbmpagbapkadlehcicngkldfieln) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dghkhbmpagbapkadlehcicngkldfieln']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.967954Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dghkhbmpagbapkadlehcicngkldfieln", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dghkhbmpagbapkadlehcicngkldfieln", "external_id": "dghkhbmpagbapkadlehcicngkldfieln"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3b8529c7-61b3-443f-862b-6ee1decded97", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.96898Z", "modified": "2026-06-02T15:57:33.96898Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dginndbdbpmhpmandgbgghhldoeohcim) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dginndbdbpmhpmandgbgghhldoeohcim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.968943Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dginndbdbpmhpmandgbgghhldoeohcim", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dginndbdbpmhpmandgbgghhldoeohcim", "external_id": "dginndbdbpmhpmandgbgghhldoeohcim"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cb1cb0f5-bb32-4af6-a079-5d6b89f5da5c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.96998Z", "modified": "2026-06-02T15:57:33.96998Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dgncekenlgnneibllkjinpcfccajpjmc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dgncekenlgnneibllkjinpcfccajpjmc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.969943Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dgncekenlgnneibllkjinpcfccajpjmc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dgncekenlgnneibllkjinpcfccajpjmc", "external_id": "dgncekenlgnneibllkjinpcfccajpjmc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aa2efefb-3927-4fcc-b622-3e476431b00d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.970962Z", "modified": "2026-06-02T15:57:33.970962Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dhapijjokghecaageelopfpddbkbnokj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dhapijjokghecaageelopfpddbkbnokj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.970926Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dhapijjokghecaageelopfpddbkbnokj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dhapijjokghecaageelopfpddbkbnokj", "external_id": "dhapijjokghecaageelopfpddbkbnokj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a4926c39-cb5f-4be1-84b0-17a551019edc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.971968Z", "modified": "2026-06-02T15:57:33.971968Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dhekojmaelacgbmbhfibfgaeinmfmaej) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dhekojmaelacgbmbhfibfgaeinmfmaej']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.971926Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dhekojmaelacgbmbhfibfgaeinmfmaej", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dhekojmaelacgbmbhfibfgaeinmfmaej", "external_id": "dhekojmaelacgbmbhfibfgaeinmfmaej"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7599520a-4901-4fb6-ac2f-f97c0be81e81", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.972949Z", "modified": "2026-06-02T15:57:33.972949Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dhhmopcmpiadcgchhhldcpoeppcofdic) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dhhmopcmpiadcgchhhldcpoeppcofdic']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.972912Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dhhmopcmpiadcgchhhldcpoeppcofdic", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dhhmopcmpiadcgchhhldcpoeppcofdic", "external_id": "dhhmopcmpiadcgchhhldcpoeppcofdic"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7c554499-ac71-4e17-8ae2-b7f2b83ea928", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.974983Z", "modified": "2026-06-02T15:57:33.974983Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dhjmmcjnajkpnbnbpagglbbfpbacoffm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dhjmmcjnajkpnbnbpagglbbfpbacoffm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.974943Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dhjmmcjnajkpnbnbpagglbbfpbacoffm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dhjmmcjnajkpnbnbpagglbbfpbacoffm", "external_id": "dhjmmcjnajkpnbnbpagglbbfpbacoffm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d9c5a266-d1b0-45f7-acf6-53dcf4323394", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.976062Z", "modified": "2026-06-02T15:57:33.976062Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dhmoflfpggooodhaagcbfdkfkicebbdd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dhmoflfpggooodhaagcbfdkfkicebbdd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.976023Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dhmoflfpggooodhaagcbfdkfkicebbdd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dhmoflfpggooodhaagcbfdkfkicebbdd", "external_id": "dhmoflfpggooodhaagcbfdkfkicebbdd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--14db49db-8a2f-4ef4-b491-3e1f0b9b2e7d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.977099Z", "modified": "2026-06-02T15:57:33.977099Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dhnibdhcanplpdkcljgmfhbipehkgdkk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dhnibdhcanplpdkcljgmfhbipehkgdkk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.97706Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dhnibdhcanplpdkcljgmfhbipehkgdkk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dhnibdhcanplpdkcljgmfhbipehkgdkk", "external_id": "dhnibdhcanplpdkcljgmfhbipehkgdkk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a78289f4-dabb-414d-a477-d88a6a82ad7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.978126Z", "modified": "2026-06-02T15:57:33.978126Z", "name": "Malicious Extension: WaListall | O Melhor CRM para WhatsApp Web \u2013 Teste Gr\u00e1tis", "description": "Malicious browser extension: WaListall | O Melhor CRM para WhatsApp Web \u2013 Teste Gr\u00e1tis (dhpgneegbflgangnpfeoafgpabacholj) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dhpgneegbflgangnpfeoafgpabacholj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.978088Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dhpgneegbflgangnpfeoafgpabacholj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dhpgneegbflgangnpfeoafgpabacholj", "external_id": "dhpgneegbflgangnpfeoafgpabacholj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7902f742-9423-4b65-874e-d1b808b14bc7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.979141Z", "modified": "2026-06-02T15:57:33.979141Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (didhgeamncokiaegffipckhhcpnmlcbl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/didhgeamncokiaegffipckhhcpnmlcbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.979091Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:didhgeamncokiaegffipckhhcpnmlcbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/didhgeamncokiaegffipckhhcpnmlcbl", "external_id": "didhgeamncokiaegffipckhhcpnmlcbl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9a82af1a-e67f-4c88-9be0-9815cb7a929c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.980133Z", "modified": "2026-06-02T15:57:33.980133Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dikanomimblalpoibmbipnchapooecme) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dikanomimblalpoibmbipnchapooecme']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.980096Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dikanomimblalpoibmbipnchapooecme", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dikanomimblalpoibmbipnchapooecme", "external_id": "dikanomimblalpoibmbipnchapooecme"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5f483ae9-1b1a-4d07-ab98-d1283f9390ea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.981121Z", "modified": "2026-06-02T15:57:33.981121Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dillgbmlildifnpdejibbbebbhnlhnhf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dillgbmlildifnpdejibbbebbhnlhnhf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.981083Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dillgbmlildifnpdejibbbebbhnlhnhf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dillgbmlildifnpdejibbbebbhnlhnhf", "external_id": "dillgbmlildifnpdejibbbebbhnlhnhf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3f3f79d3-d90d-4898-89b1-11ddf1238f94", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.982269Z", "modified": "2026-06-02T15:57:33.982269Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dipempdapljcdgpmaaoopamccjnconki) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dipempdapljcdgpmaaoopamccjnconki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.982233Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dipempdapljcdgpmaaoopamccjnconki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dipempdapljcdgpmaaoopamccjnconki", "external_id": "dipempdapljcdgpmaaoopamccjnconki"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ac2a1303-2202-4f32-b48d-01f91988d713", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.983286Z", "modified": "2026-06-02T15:57:33.983286Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (djblghckgfcjfmhhhfnjbiakmmmcmigf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/djblghckgfcjfmhhhfnjbiakmmmcmigf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.983249Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:djblghckgfcjfmhhhfnjbiakmmmcmigf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/djblghckgfcjfmhhhfnjbiakmmmcmigf", "external_id": "djblghckgfcjfmhhhfnjbiakmmmcmigf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--17e829f8-10f7-4d09-9db4-54f96362c3e9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.984293Z", "modified": "2026-06-02T15:57:33.984293Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (djhjckkfgancelbmgcamjimgphaphjdl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/djhjckkfgancelbmgcamjimgphaphjdl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.984245Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:djhjckkfgancelbmgcamjimgphaphjdl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/djhjckkfgancelbmgcamjimgphaphjdl", "external_id": "djhjckkfgancelbmgcamjimgphaphjdl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e8a6b0a1-92ac-47fc-9e53-6c814c506aef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.985303Z", "modified": "2026-06-02T15:57:33.985303Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dkbbbccjifnnkcbkjpnpmaiffllfpnac) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkbbbccjifnnkcbkjpnpmaiffllfpnac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.985266Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkbbbccjifnnkcbkjpnpmaiffllfpnac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkbbbccjifnnkcbkjpnpmaiffllfpnac", "external_id": "dkbbbccjifnnkcbkjpnpmaiffllfpnac"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ae100fd5-2ecc-4a3f-b3e6-63e42d6cc2ba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.986294Z", "modified": "2026-06-02T15:57:33.986294Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dkbgoioobcocdfmknmlidebppkfikoeh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkbgoioobcocdfmknmlidebppkfikoeh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.986256Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkbgoioobcocdfmknmlidebppkfikoeh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkbgoioobcocdfmknmlidebppkfikoeh", "external_id": "dkbgoioobcocdfmknmlidebppkfikoeh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--57607861-438f-4781-9c09-c9de456451b5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.987307Z", "modified": "2026-06-02T15:57:33.987307Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dkbjjfijbnhnibakmpkkfhikmkgphako) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkbjjfijbnhnibakmpkkfhikmkgphako']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.987269Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkbjjfijbnhnibakmpkkfhikmkgphako", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkbjjfijbnhnibakmpkkfhikmkgphako", "external_id": "dkbjjfijbnhnibakmpkkfhikmkgphako"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a7d65151-92d4-4cf8-a072-416465dd0302", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.988296Z", "modified": "2026-06-02T15:57:33.988296Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dkcjihabohaldgjkdmenepolojcjdaah) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkcjihabohaldgjkdmenepolojcjdaah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.98826Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkcjihabohaldgjkdmenepolojcjdaah", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkcjihabohaldgjkdmenepolojcjdaah", "external_id": "dkcjihabohaldgjkdmenepolojcjdaah"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0e82b305-bb71-4944-b4c2-82d2627cb9a0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.989446Z", "modified": "2026-06-02T15:57:33.989446Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dkdjiiihnadmgmmfobidmmegidmmjobi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkdjiiihnadmgmmfobidmmegidmmjobi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.989409Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkdjiiihnadmgmmfobidmmegidmmjobi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkdjiiihnadmgmmfobidmmegidmmjobi", "external_id": "dkdjiiihnadmgmmfobidmmegidmmjobi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--59ede6b5-64e2-48d4-8e8d-7d01486ecc17", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.990446Z", "modified": "2026-06-02T15:57:33.990446Z", "name": "Malicious Extension: BirdTab - Bird Wallpapers and Nature Sounds for New Tab Page", "description": "Malicious browser extension: BirdTab - Bird Wallpapers and Nature Sounds for New Tab Page (dkdnidbnjihhilbjndnnlfipmbnoaipn) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=52). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkdnidbnjihhilbjndnnlfipmbnoaipn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.99041Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkdnidbnjihhilbjndnnlfipmbnoaipn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkdnidbnjihhilbjndnnlfipmbnoaipn", "external_id": "dkdnidbnjihhilbjndnnlfipmbnoaipn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--040ed440-0759-4aa3-8345-d87d7c49390b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.991443Z", "modified": "2026-06-02T15:57:33.991443Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dkkpollfhjoiapcenojlmgempmjekcla) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkkpollfhjoiapcenojlmgempmjekcla']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.991405Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkkpollfhjoiapcenojlmgempmjekcla", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkkpollfhjoiapcenojlmgempmjekcla", "external_id": "dkkpollfhjoiapcenojlmgempmjekcla"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--60385374-cc9d-4829-9c21-7e633c6c42ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.992431Z", "modified": "2026-06-02T15:57:33.992431Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dlanpgfginllefahhibhbeanopbhbkkh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dlanpgfginllefahhibhbeanopbhbkkh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.992394Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dlanpgfginllefahhibhbeanopbhbkkh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dlanpgfginllefahhibhbeanopbhbkkh", "external_id": "dlanpgfginllefahhibhbeanopbhbkkh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f45a1feb-30a9-4f29-8216-65be83e105cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.993415Z", "modified": "2026-06-02T15:57:33.993415Z", "name": "Malicious Extension: Best AdBlocker", "description": "Malicious browser extension: Best AdBlocker (dllpkaoladhieehkbjbifonfblhgkoki) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=82). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dllpkaoladhieehkbjbifonfblhgkoki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.993378Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dllpkaoladhieehkbjbifonfblhgkoki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dllpkaoladhieehkbjbifonfblhgkoki", "external_id": "dllpkaoladhieehkbjbifonfblhgkoki"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f6b6bae6-8040-4b35-a15d-3bad8dcb7a83", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.994405Z", "modified": "2026-06-02T15:57:33.994405Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dmakkciciccnjgmfjflpbdfkdnmpfghp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dmakkciciccnjgmfjflpbdfkdnmpfghp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.994368Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dmakkciciccnjgmfjflpbdfkdnmpfghp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dmakkciciccnjgmfjflpbdfkdnmpfghp", "external_id": "dmakkciciccnjgmfjflpbdfkdnmpfghp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2a6471e9-e64c-441d-a7c3-6ec4aef4735e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.995406Z", "modified": "2026-06-02T15:57:33.995406Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dmfccdhbfjmpgaldefnfeeknjfdnlbhe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dmfccdhbfjmpgaldefnfeeknjfdnlbhe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.995368Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dmfccdhbfjmpgaldefnfeeknjfdnlbhe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dmfccdhbfjmpgaldefnfeeknjfdnlbhe", "external_id": "dmfccdhbfjmpgaldefnfeeknjfdnlbhe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c7a4aff1-e4b5-473e-88d2-a65c4a5d9e88", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.996579Z", "modified": "2026-06-02T15:57:33.996579Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dmjnmnjmddbbkbhkonhmifmdidinmeep) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dmjnmnjmddbbkbhkonhmifmdidinmeep']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.996542Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dmjnmnjmddbbkbhkonhmifmdidinmeep", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dmjnmnjmddbbkbhkonhmifmdidinmeep", "external_id": "dmjnmnjmddbbkbhkonhmifmdidinmeep"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c35c96e2-ea6f-4bdf-a599-38133d65131d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.997581Z", "modified": "2026-06-02T15:57:33.997581Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dmnajaiijohbndidolbdbpicdjanombo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dmnajaiijohbndidolbdbpicdjanombo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.997537Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dmnajaiijohbndidolbdbpicdjanombo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dmnajaiijohbndidolbdbpicdjanombo", "external_id": "dmnajaiijohbndidolbdbpicdjanombo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ea3e4c43-a049-4ca3-8cb8-e3aba6243da9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.998565Z", "modified": "2026-06-02T15:57:33.998565Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dmnhoegpldfpfmfoignpmapmbffgkalj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dmnhoegpldfpfmfoignpmapmbffgkalj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.998529Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dmnhoegpldfpfmfoignpmapmbffgkalj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dmnhoegpldfpfmfoignpmapmbffgkalj", "external_id": "dmnhoegpldfpfmfoignpmapmbffgkalj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5516394a-71d3-4352-9d07-b9b449c95e81", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.999564Z", "modified": "2026-06-02T15:57:33.999564Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dmniogfnhjfaembommeeamffneaobgcd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dmniogfnhjfaembommeeamffneaobgcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:33.999527Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dmniogfnhjfaembommeeamffneaobgcd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dmniogfnhjfaembommeeamffneaobgcd", "external_id": "dmniogfnhjfaembommeeamffneaobgcd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a6c5b939-fd08-4d58-9a17-6ff8b312e93e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.000778Z", "modified": "2026-06-02T15:57:34.000778Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dmpceopfiajfdnoiebfankfoabfehdpn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dmpceopfiajfdnoiebfankfoabfehdpn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.000727Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dmpceopfiajfdnoiebfankfoabfehdpn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dmpceopfiajfdnoiebfankfoabfehdpn", "external_id": "dmpceopfiajfdnoiebfankfoabfehdpn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2e447866-873e-466c-b417-bb61e5cbfed9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.002896Z", "modified": "2026-06-02T15:57:34.002896Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dnajedcbehnncdbmhbpglgacejjjcpic) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dnajedcbehnncdbmhbpglgacejjjcpic']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.002807Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dnajedcbehnncdbmhbpglgacejjjcpic", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dnajedcbehnncdbmhbpglgacejjjcpic", "external_id": "dnajedcbehnncdbmhbpglgacejjjcpic"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--08fad254-65ce-4f9f-b0d8-804ac614f98e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.00538Z", "modified": "2026-06-02T15:57:34.00538Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dnclkkkjlabdgfdjngdkaebpaahnohoo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dnclkkkjlabdgfdjngdkaebpaahnohoo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.005315Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dnclkkkjlabdgfdjngdkaebpaahnohoo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dnclkkkjlabdgfdjngdkaebpaahnohoo", "external_id": "dnclkkkjlabdgfdjngdkaebpaahnohoo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--15fdb5f8-fc9c-4180-a7e7-107f9684fb93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.00785Z", "modified": "2026-06-02T15:57:34.00785Z", "name": "Malicious Extension: Futurama Cursor - Custom Cartoon Cursor for Chrome", "description": "Malicious browser extension: Futurama Cursor - Custom Cartoon Cursor for Chrome (dnfjhcohapaoibiekobphekeohdamjbi) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dnfjhcohapaoibiekobphekeohdamjbi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.007775Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dnfjhcohapaoibiekobphekeohdamjbi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dnfjhcohapaoibiekobphekeohdamjbi", "external_id": "dnfjhcohapaoibiekobphekeohdamjbi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--09da6ae5-325d-4eea-9b0d-07d7c7d7d59d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.011547Z", "modified": "2026-06-02T15:57:34.011547Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dngmeofhakepbjelmlikokpilfpjmmgn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dngmeofhakepbjelmlikokpilfpjmmgn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.011422Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dngmeofhakepbjelmlikokpilfpjmmgn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dngmeofhakepbjelmlikokpilfpjmmgn", "external_id": "dngmeofhakepbjelmlikokpilfpjmmgn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a350719f-626e-4e3c-b507-33316f631b15", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.014656Z", "modified": "2026-06-02T15:57:34.014656Z", "name": "Malicious Extension: Kirby Cursor Cursor for Chrome", "description": "Malicious browser extension: Kirby Cursor Cursor for Chrome (dnhfbehomlbkmimmmoejcmcondhmebia) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dnhfbehomlbkmimmmoejcmcondhmebia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.014602Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dnhfbehomlbkmimmmoejcmcondhmebia", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dnhfbehomlbkmimmmoejcmcondhmebia", "external_id": "dnhfbehomlbkmimmmoejcmcondhmebia"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3f5ef988-f345-4c8f-93cf-4a1e4b32fc5f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.016123Z", "modified": "2026-06-02T15:57:34.016123Z", "name": "Malicious Extension: Amazon Search Suggestion Expander | 10xProfit", "description": "Malicious browser extension: Amazon Search Suggestion Expander | 10xProfit (dnmfcojgjchpjcmjgpgonmhccibjopnb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dnmfcojgjchpjcmjgpgonmhccibjopnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.016077Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dnmfcojgjchpjcmjgpgonmhccibjopnb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dnmfcojgjchpjcmjgpgonmhccibjopnb", "external_id": "dnmfcojgjchpjcmjgpgonmhccibjopnb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--963f9721-2883-4294-ad82-7ebb00ea10ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.017414Z", "modified": "2026-06-02T15:57:34.017414Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dnojfjfegklgconkoekfkaajejmdgdkj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dnojfjfegklgconkoekfkaajejmdgdkj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.017372Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dnojfjfegklgconkoekfkaajejmdgdkj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dnojfjfegklgconkoekfkaajejmdgdkj", "external_id": "dnojfjfegklgconkoekfkaajejmdgdkj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--adc17e35-06fd-44d4-9c9c-a327bb7c1042", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.018489Z", "modified": "2026-06-02T15:57:34.018489Z", "name": "Malicious Extension: Preppy Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Preppy Cursor \u2605 Custom Cursor for Chrome\u2122 (dobjkkoopofegeinkiepblgidnigchoo) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dobjkkoopofegeinkiepblgidnigchoo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.01845Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dobjkkoopofegeinkiepblgidnigchoo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dobjkkoopofegeinkiepblgidnigchoo", "external_id": "dobjkkoopofegeinkiepblgidnigchoo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--05fb55d4-ad0e-4318-9dc4-03415623a3d8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.019542Z", "modified": "2026-06-02T15:57:34.019542Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dockhadmmbmjnenmnibpojimgjpgenbn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dockhadmmbmjnenmnibpojimgjpgenbn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.019501Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dockhadmmbmjnenmnibpojimgjpgenbn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dockhadmmbmjnenmnibpojimgjpgenbn", "external_id": "dockhadmmbmjnenmnibpojimgjpgenbn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--be4e99ca-843b-46e3-8e81-6fed14832d91", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.02077Z", "modified": "2026-06-02T15:57:34.02077Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dofjalblnidfghllaloiojjejmnhjllf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dofjalblnidfghllaloiojjejmnhjllf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.020731Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dofjalblnidfghllaloiojjejmnhjllf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dofjalblnidfghllaloiojjejmnhjllf", "external_id": "dofjalblnidfghllaloiojjejmnhjllf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--82fe2be2-2f67-489a-b117-e4a18fb3890f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.02178Z", "modified": "2026-06-02T15:57:34.02178Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dohmiglipinohflhapdagfgbldhmoojl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dohmiglipinohflhapdagfgbldhmoojl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.021743Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dohmiglipinohflhapdagfgbldhmoojl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dohmiglipinohflhapdagfgbldhmoojl", "external_id": "dohmiglipinohflhapdagfgbldhmoojl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c3c437f4-1941-46bf-b93a-e05fd3320f59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.022776Z", "modified": "2026-06-02T15:57:34.022776Z", "name": "Malicious Extension: Cinnamoroll Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Cinnamoroll Cursor \u2605 Custom Cursor for Chrome\u2122 (domdcfhmjfdchcegjmnjbioejdphmnio) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/domdcfhmjfdchcegjmnjbioejdphmnio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.022739Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:domdcfhmjfdchcegjmnjbioejdphmnio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/domdcfhmjfdchcegjmnjbioejdphmnio", "external_id": "domdcfhmjfdchcegjmnjbioejdphmnio"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d30a3bd5-e49b-4415-917b-204b6e20e4d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.023856Z", "modified": "2026-06-02T15:57:34.023856Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (domfmjgbmkckapepjahpedlpdedmckbj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/domfmjgbmkckapepjahpedlpdedmckbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.023817Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:domfmjgbmkckapepjahpedlpdedmckbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/domfmjgbmkckapepjahpedlpdedmckbj", "external_id": "domfmjgbmkckapepjahpedlpdedmckbj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8bb48cd6-11a0-494c-8641-8d4a41e068ba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.024859Z", "modified": "2026-06-02T15:57:34.024859Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (domokkifabiamikppmngfikdjjihldln) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/domokkifabiamikppmngfikdjjihldln']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.024821Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:domokkifabiamikppmngfikdjjihldln", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/domokkifabiamikppmngfikdjjihldln", "external_id": "domokkifabiamikppmngfikdjjihldln"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--591f486b-0fd7-46fe-8143-ff9bc5133ed5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.025867Z", "modified": "2026-06-02T15:57:34.025867Z", "name": "Malicious Extension: Cliente Flow", "description": "Malicious browser extension: Cliente Flow (dpahdbhekfclimkekdabboefohagelfp) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dpahdbhekfclimkekdabboefohagelfp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.025829Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:dpahdbhekfclimkekdabboefohagelfp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dpahdbhekfclimkekdabboefohagelfp", "external_id": "dpahdbhekfclimkekdabboefohagelfp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9835dce5-53e6-48f7-b31d-84ad35de3008", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.026853Z", "modified": "2026-06-02T15:57:34.026853Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dpkijnoebmekoiafbkledpjhkpgllkfe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dpkijnoebmekoiafbkledpjhkpgllkfe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.026816Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dpkijnoebmekoiafbkledpjhkpgllkfe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dpkijnoebmekoiafbkledpjhkpgllkfe", "external_id": "dpkijnoebmekoiafbkledpjhkpgllkfe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--42d51539-1c5b-4f3e-a64e-b926a0c16470", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.028012Z", "modified": "2026-06-02T15:57:34.028012Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (dpmdoefacegagjoifomgchhhppgdkaco) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dpmdoefacegagjoifomgchhhppgdkaco']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.027974Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dpmdoefacegagjoifomgchhhppgdkaco", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dpmdoefacegagjoifomgchhhppgdkaco", "external_id": "dpmdoefacegagjoifomgchhhppgdkaco"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--33bcd73b-882c-4b96-b6f8-6071244f7484", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.029009Z", "modified": "2026-06-02T15:57:34.029009Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eacddhhclhfopgdecadpdonpfemndaeo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eacddhhclhfopgdecadpdonpfemndaeo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.028972Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eacddhhclhfopgdecadpdonpfemndaeo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eacddhhclhfopgdecadpdonpfemndaeo", "external_id": "eacddhhclhfopgdecadpdonpfemndaeo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bb36d382-c0ef-4256-b721-94c005dbd654", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.030024Z", "modified": "2026-06-02T15:57:34.030024Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ebeiohfighdabjhkklnghfofnnfglmad) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ebeiohfighdabjhkklnghfofnnfglmad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.029985Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ebeiohfighdabjhkklnghfofnnfglmad", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ebeiohfighdabjhkklnghfofnnfglmad", "external_id": "ebeiohfighdabjhkklnghfofnnfglmad"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5eac70e9-ca60-4634-bf1e-de7248189679", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.031038Z", "modified": "2026-06-02T15:57:34.031038Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ebgohjfmjjmaebkoifnkllgmnoiggdfo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ebgohjfmjjmaebkoifnkllgmnoiggdfo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.030997Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ebgohjfmjjmaebkoifnkllgmnoiggdfo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ebgohjfmjjmaebkoifnkllgmnoiggdfo", "external_id": "ebgohjfmjjmaebkoifnkllgmnoiggdfo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--abda09ef-79ed-4b11-a4a6-630671df446b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.032046Z", "modified": "2026-06-02T15:57:34.032046Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ebhcaliljppmelancooakfgcgcceiind) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ebhcaliljppmelancooakfgcgcceiind']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.032008Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ebhcaliljppmelancooakfgcgcceiind", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ebhcaliljppmelancooakfgcgcceiind", "external_id": "ebhcaliljppmelancooakfgcgcceiind"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1105c0f7-e31b-474b-bd83-bc03225adab8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.033029Z", "modified": "2026-06-02T15:57:34.033029Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ebileebbekdcpfjlekjapgmbgpfigled) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ebileebbekdcpfjlekjapgmbgpfigled']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.032992Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ebileebbekdcpfjlekjapgmbgpfigled", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ebileebbekdcpfjlekjapgmbgpfigled", "external_id": "ebileebbekdcpfjlekjapgmbgpfigled"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d7f93f5d-eecd-49a6-9048-8558cc900373", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.034029Z", "modified": "2026-06-02T15:57:34.034029Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ebmmjmakencgmgoijdfnbailknaaiffh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ebmmjmakencgmgoijdfnbailknaaiffh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.033991Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ebmmjmakencgmgoijdfnbailknaaiffh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ebmmjmakencgmgoijdfnbailknaaiffh", "external_id": "ebmmjmakencgmgoijdfnbailknaaiffh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c49aa52d-a3df-4a42-8f78-bb38ace08d98", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.035179Z", "modified": "2026-06-02T15:57:34.035179Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ecbhmlajeiapbbnooeohibaldjnfmiin) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ecbhmlajeiapbbnooeohibaldjnfmiin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.03514Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ecbhmlajeiapbbnooeohibaldjnfmiin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ecbhmlajeiapbbnooeohibaldjnfmiin", "external_id": "ecbhmlajeiapbbnooeohibaldjnfmiin"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--16cb53e4-dee8-41d3-a044-2edf85ab5f13", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.036186Z", "modified": "2026-06-02T15:57:34.036186Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ecdaejiahmgdbfmdjaiilfclnblnjlnn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ecdaejiahmgdbfmdjaiilfclnblnjlnn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.036149Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ecdaejiahmgdbfmdjaiilfclnblnjlnn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ecdaejiahmgdbfmdjaiilfclnblnjlnn", "external_id": "ecdaejiahmgdbfmdjaiilfclnblnjlnn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--40b94e30-2907-4c51-8dc0-11f43448057b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.03718Z", "modified": "2026-06-02T15:57:34.03718Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ecglifnnmnjlkemdjbhlofpemidafnin) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ecglifnnmnjlkemdjbhlofpemidafnin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.037142Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ecglifnnmnjlkemdjbhlofpemidafnin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ecglifnnmnjlkemdjbhlofpemidafnin", "external_id": "ecglifnnmnjlkemdjbhlofpemidafnin"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4388b0af-b3bd-4787-aae0-01244095c415", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.038184Z", "modified": "2026-06-02T15:57:34.038184Z", "name": "Malicious Extension: CRMSIM", "description": "Malicious browser extension: CRMSIM (echacghfmpmedednbkfoalmpccdiajci) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/echacghfmpmedednbkfoalmpccdiajci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.038146Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:echacghfmpmedednbkfoalmpccdiajci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/echacghfmpmedednbkfoalmpccdiajci", "external_id": "echacghfmpmedednbkfoalmpccdiajci"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6ee60a74-6b88-42cc-ba39-1be268736166", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.039177Z", "modified": "2026-06-02T15:57:34.039177Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eciaojnpihmgkbacgpjnimcpkfeklgag) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eciaojnpihmgkbacgpjnimcpkfeklgag']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.039138Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eciaojnpihmgkbacgpjnimcpkfeklgag", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eciaojnpihmgkbacgpjnimcpkfeklgag", "external_id": "eciaojnpihmgkbacgpjnimcpkfeklgag"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bd6256b4-c097-47d4-b188-f0052a7df857", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.04016Z", "modified": "2026-06-02T15:57:34.04016Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ecikmpoikkcelnakpgaeplcjoickgacj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ecikmpoikkcelnakpgaeplcjoickgacj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.040123Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ecikmpoikkcelnakpgaeplcjoickgacj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ecikmpoikkcelnakpgaeplcjoickgacj", "external_id": "ecikmpoikkcelnakpgaeplcjoickgacj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--10c70e82-cbcd-4f0c-99c3-009b2b0b7779", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.041138Z", "modified": "2026-06-02T15:57:34.041138Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ecjpmdkbllfkofnkmigaofclepamongg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ecjpmdkbllfkofnkmigaofclepamongg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.041101Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ecjpmdkbllfkofnkmigaofclepamongg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ecjpmdkbllfkofnkmigaofclepamongg", "external_id": "ecjpmdkbllfkofnkmigaofclepamongg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0079edfd-cfde-4f4f-8d8a-5d04b00e97c9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.042281Z", "modified": "2026-06-02T15:57:34.042281Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eckfhhngfhepmndojbnphnlnemglmojp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eckfhhngfhepmndojbnphnlnemglmojp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.042244Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eckfhhngfhepmndojbnphnlnemglmojp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eckfhhngfhepmndojbnphnlnemglmojp", "external_id": "eckfhhngfhepmndojbnphnlnemglmojp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cbfa0a5e-93a3-43ec-a82d-d9d1ae9ac509", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.043284Z", "modified": "2026-06-02T15:57:34.043284Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ecmbfkkjdimkigglhpfgoaiiokpmdiff) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ecmbfkkjdimkigglhpfgoaiiokpmdiff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.043247Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ecmbfkkjdimkigglhpfgoaiiokpmdiff", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ecmbfkkjdimkigglhpfgoaiiokpmdiff", "external_id": "ecmbfkkjdimkigglhpfgoaiiokpmdiff"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c2ee3edd-fa61-4c04-8fd9-1507ec6041b8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.044271Z", "modified": "2026-06-02T15:57:34.044271Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ecmkkkimiiingcbkhohekhbifaefbmid) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ecmkkkimiiingcbkhohekhbifaefbmid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.044234Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ecmkkkimiiingcbkhohekhbifaefbmid", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ecmkkkimiiingcbkhohekhbifaefbmid", "external_id": "ecmkkkimiiingcbkhohekhbifaefbmid"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--660301e6-a2b6-45c5-aeee-5b1a836bcc63", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.045253Z", "modified": "2026-06-02T15:57:34.045253Z", "name": "Malicious Extension: Instagram Downloader", "description": "Malicious browser extension: Instagram Downloader (ecocgofdjmiomgmgnchijbghkikolkkl) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=52). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ecocgofdjmiomgmgnchijbghkikolkkl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.045216Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ecocgofdjmiomgmgnchijbghkikolkkl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ecocgofdjmiomgmgnchijbghkikolkkl", "external_id": "ecocgofdjmiomgmgnchijbghkikolkkl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--edee3444-c8e4-4977-a21c-ca08336164de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.046232Z", "modified": "2026-06-02T15:57:34.046232Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (edbhdbhgdbanjhdnpjcianjgfmdkgbcf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edbhdbhgdbanjhdnpjcianjgfmdkgbcf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.046195Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:edbhdbhgdbanjhdnpjcianjgfmdkgbcf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edbhdbhgdbanjhdnpjcianjgfmdkgbcf", "external_id": "edbhdbhgdbanjhdnpjcianjgfmdkgbcf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--54e54425-409e-4cc6-91ab-f0c05895e64f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.047285Z", "modified": "2026-06-02T15:57:34.047285Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (edgdjpblkjhdmflbedgmpajminmjljdn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edgdjpblkjhdmflbedgmpajminmjljdn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.047247Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:edgdjpblkjhdmflbedgmpajminmjljdn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edgdjpblkjhdmflbedgmpajminmjljdn", "external_id": "edgdjpblkjhdmflbedgmpajminmjljdn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--195f33e3-1311-4b49-aa1f-f2c67a08859b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.048291Z", "modified": "2026-06-02T15:57:34.048291Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (edieaiaimjhldokpcoalkfbeeeobaodc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edieaiaimjhldokpcoalkfbeeeobaodc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.048254Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:edieaiaimjhldokpcoalkfbeeeobaodc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edieaiaimjhldokpcoalkfbeeeobaodc", "external_id": "edieaiaimjhldokpcoalkfbeeeobaodc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b0d0e34c-2a91-46a9-98fa-6325f3139be4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.04944Z", "modified": "2026-06-02T15:57:34.04944Z", "name": "Malicious Extension: GoCashBack: Deals, Rebates, Savings Extension", "description": "Malicious browser extension: GoCashBack: Deals, Rebates, Savings Extension (edkmbojkflfanganifkkajmldejmhlec) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=172). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edkmbojkflfanganifkkajmldejmhlec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.049403Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:edkmbojkflfanganifkkajmldejmhlec", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edkmbojkflfanganifkkajmldejmhlec", "external_id": "edkmbojkflfanganifkkajmldejmhlec"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b657f833-ca4f-4d4a-ad55-e1c6f3923e02", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.050426Z", "modified": "2026-06-02T15:57:34.050426Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (edohfgmjmdnibeihfcajfclmhapjkooa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/edohfgmjmdnibeihfcajfclmhapjkooa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.050389Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:edohfgmjmdnibeihfcajfclmhapjkooa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/edohfgmjmdnibeihfcajfclmhapjkooa", "external_id": "edohfgmjmdnibeihfcajfclmhapjkooa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f9b5e1bf-b565-4a5d-8a39-a3e942433c43", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.051434Z", "modified": "2026-06-02T15:57:34.051434Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eeagcbejnemppblnipdpdibnljlocecb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eeagcbejnemppblnipdpdibnljlocecb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.051396Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eeagcbejnemppblnipdpdibnljlocecb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eeagcbejnemppblnipdpdibnljlocecb", "external_id": "eeagcbejnemppblnipdpdibnljlocecb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--baec2cbd-9388-4920-8c87-c1eb7bf9ec8f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.052427Z", "modified": "2026-06-02T15:57:34.052427Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eebdacbalehoojfbinomkiobfepmdkhi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eebdacbalehoojfbinomkiobfepmdkhi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.05239Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eebdacbalehoojfbinomkiobfepmdkhi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eebdacbalehoojfbinomkiobfepmdkhi", "external_id": "eebdacbalehoojfbinomkiobfepmdkhi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4730f11c-8fad-4daf-973f-2457fc26cd55", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.05341Z", "modified": "2026-06-02T15:57:34.05341Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eebihieclccoidddmjcencomodomdoei) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eebihieclccoidddmjcencomodomdoei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.053373Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eebihieclccoidddmjcencomodomdoei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eebihieclccoidddmjcencomodomdoei", "external_id": "eebihieclccoidddmjcencomodomdoei"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ecc9ef06-a01b-4219-b9f2-cc270e480f45", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.0544Z", "modified": "2026-06-02T15:57:34.0544Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eeejeoomadajikgnoeoljhlkaamaalfn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eeejeoomadajikgnoeoljhlkaamaalfn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.054362Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eeejeoomadajikgnoeoljhlkaamaalfn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eeejeoomadajikgnoeoljhlkaamaalfn", "external_id": "eeejeoomadajikgnoeoljhlkaamaalfn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4e6ae033-2910-48e8-b69a-4b5c44b60fa4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.055405Z", "modified": "2026-06-02T15:57:34.055405Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eekblbhfmladafbmpgkdedmolbjkjbnc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eekblbhfmladafbmpgkdedmolbjkjbnc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.055368Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eekblbhfmladafbmpgkdedmolbjkjbnc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eekblbhfmladafbmpgkdedmolbjkjbnc", "external_id": "eekblbhfmladafbmpgkdedmolbjkjbnc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c61f2e10-7d15-4917-9b87-33001d812cef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.056544Z", "modified": "2026-06-02T15:57:34.056544Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eekibodjacokkihmicbjgdpdfhkjemlf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eekibodjacokkihmicbjgdpdfhkjemlf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.056508Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eekibodjacokkihmicbjgdpdfhkjemlf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eekibodjacokkihmicbjgdpdfhkjemlf", "external_id": "eekibodjacokkihmicbjgdpdfhkjemlf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f8a2d7ce-96cd-46b0-b9d0-55ce055cb8d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.05754Z", "modified": "2026-06-02T15:57:34.05754Z", "name": "Malicious Extension: ima\u77e5\u8bc6\u5e93", "description": "Malicious browser extension: ima\u77e5\u8bc6\u5e93 (eemjhliengnnmjmbdjagekdddmkhanna) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=182). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eemjhliengnnmjmbdjagekdddmkhanna']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.057502Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eemjhliengnnmjmbdjagekdddmkhanna", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eemjhliengnnmjmbdjagekdddmkhanna", "external_id": "eemjhliengnnmjmbdjagekdddmkhanna"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3eee2599-2015-49a1-a03a-e08cfa3f8308", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.05853Z", "modified": "2026-06-02T15:57:34.05853Z", "name": "Malicious Extension: Peanuts Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Peanuts Cursor \u2605 Custom Cursor for Chrome\u2122 (eenfkghojihnhnninifhndjilpibchki) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eenfkghojihnhnninifhndjilpibchki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.058492Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eenfkghojihnhnninifhndjilpibchki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eenfkghojihnhnninifhndjilpibchki", "external_id": "eenfkghojihnhnninifhndjilpibchki"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--446c03ab-cc86-4a4d-9604-0241035da58e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.05953Z", "modified": "2026-06-02T15:57:34.05953Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eeobggeikihkgiggaekfbceghlcpemfm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eeobggeikihkgiggaekfbceghlcpemfm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.059492Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eeobggeikihkgiggaekfbceghlcpemfm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eeobggeikihkgiggaekfbceghlcpemfm", "external_id": "eeobggeikihkgiggaekfbceghlcpemfm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9b8a9d0a-54fe-4833-9a26-c17772069c3d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.060543Z", "modified": "2026-06-02T15:57:34.060543Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eeoonfhmbjlmienmmbgapfloddpmoalh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eeoonfhmbjlmienmmbgapfloddpmoalh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.060505Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eeoonfhmbjlmienmmbgapfloddpmoalh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eeoonfhmbjlmienmmbgapfloddpmoalh", "external_id": "eeoonfhmbjlmienmmbgapfloddpmoalh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e2e0e9ac-45b9-47c6-a3b4-5dc795381b8f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.061522Z", "modified": "2026-06-02T15:57:34.061522Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (efiandhebakfkcgmfjfhemaachelolll) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/efiandhebakfkcgmfjfhemaachelolll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.061485Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:efiandhebakfkcgmfjfhemaachelolll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/efiandhebakfkcgmfjfhemaachelolll", "external_id": "efiandhebakfkcgmfjfhemaachelolll"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4f0102ce-5ee4-4263-a86e-f507a50b2958", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.062511Z", "modified": "2026-06-02T15:57:34.062511Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (egdcgdpdnnbhfdlinhdfhnjbckmgcgbo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/egdcgdpdnnbhfdlinhdfhnjbckmgcgbo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.062473Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:egdcgdpdnnbhfdlinhdfhnjbckmgcgbo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/egdcgdpdnnbhfdlinhdfhnjbckmgcgbo", "external_id": "egdcgdpdnnbhfdlinhdfhnjbckmgcgbo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1d45b3e8-3357-4a5d-81fc-29fb63168838", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.06369Z", "modified": "2026-06-02T15:57:34.06369Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eggegjdejilddmnlglakcaigefefcdaf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eggegjdejilddmnlglakcaigefefcdaf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.063652Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eggegjdejilddmnlglakcaigefefcdaf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eggegjdejilddmnlglakcaigefefcdaf", "external_id": "eggegjdejilddmnlglakcaigefefcdaf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--31d4a256-6524-4a65-bfa0-d2d8a0e4c4ef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.06469Z", "modified": "2026-06-02T15:57:34.06469Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (egmlbimojingfmchokcniklnhnecdecf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/egmlbimojingfmchokcniklnhnecdecf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.064652Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:egmlbimojingfmchokcniklnhnecdecf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/egmlbimojingfmchokcniklnhnecdecf", "external_id": "egmlbimojingfmchokcniklnhnecdecf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--183c2fc2-248f-42a3-9815-5f933a34788c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.065675Z", "modified": "2026-06-02T15:57:34.065675Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ehaknaflbjaphddbdilagpodabmccfce) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ehaknaflbjaphddbdilagpodabmccfce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.065638Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ehaknaflbjaphddbdilagpodabmccfce", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ehaknaflbjaphddbdilagpodabmccfce", "external_id": "ehaknaflbjaphddbdilagpodabmccfce"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d3d95307-cc71-44fd-a203-763c960b8894", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.066662Z", "modified": "2026-06-02T15:57:34.066662Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ehcchdfibajdjlhaifolofbghgomloop) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ehcchdfibajdjlhaifolofbghgomloop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.066625Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ehcchdfibajdjlhaifolofbghgomloop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ehcchdfibajdjlhaifolofbghgomloop", "external_id": "ehcchdfibajdjlhaifolofbghgomloop"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--38c99afd-cdbf-40a0-9062-ec3b278162e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.067685Z", "modified": "2026-06-02T15:57:34.067685Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ehdkeonoccndeaggbnolijnmmeohkbpf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ehdkeonoccndeaggbnolijnmmeohkbpf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.067648Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ehdkeonoccndeaggbnolijnmmeohkbpf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ehdkeonoccndeaggbnolijnmmeohkbpf", "external_id": "ehdkeonoccndeaggbnolijnmmeohkbpf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8c12be6a-e5b3-4a75-ab10-7ed4881a5228", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.068684Z", "modified": "2026-06-02T15:57:34.068684Z", "name": "Malicious Extension: Email checker - verify email address in 1-click", "description": "Malicious browser extension: Email checker - verify email address in 1-click (eheagnmidghfknkcaehacggccfiidhik) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eheagnmidghfknkcaehacggccfiidhik']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.068641Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eheagnmidghfknkcaehacggccfiidhik", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eheagnmidghfknkcaehacggccfiidhik", "external_id": "eheagnmidghfknkcaehacggccfiidhik"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0100ff3e-89a1-43c0-a781-576fb67bb37d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.069667Z", "modified": "2026-06-02T15:57:34.069667Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ehfmpjdcdldhefieelihdobnjfpalhic) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ehfmpjdcdldhefieelihdobnjfpalhic']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.06963Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ehfmpjdcdldhefieelihdobnjfpalhic", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ehfmpjdcdldhefieelihdobnjfpalhic", "external_id": "ehfmpjdcdldhefieelihdobnjfpalhic"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--60fe4641-0cbf-48a3-b1ba-b359ed5904db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.071682Z", "modified": "2026-06-02T15:57:34.071682Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ehjpinnpigaklfnffadlldnadchkaech) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ehjpinnpigaklfnffadlldnadchkaech']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.071641Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ehjpinnpigaklfnffadlldnadchkaech", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ehjpinnpigaklfnffadlldnadchkaech", "external_id": "ehjpinnpigaklfnffadlldnadchkaech"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--66d08060-6cc7-4788-9f12-c1c52c3655e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.07276Z", "modified": "2026-06-02T15:57:34.07276Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ehmnkbambjnodfbjcebjffilahbfjdml) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ehmnkbambjnodfbjcebjffilahbfjdml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.072723Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ehmnkbambjnodfbjcebjffilahbfjdml", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ehmnkbambjnodfbjcebjffilahbfjdml", "external_id": "ehmnkbambjnodfbjcebjffilahbfjdml"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--393960a4-c058-4215-ba47-081e891cb29c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.07377Z", "modified": "2026-06-02T15:57:34.07377Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eholblediahnodlgigdkdhkkpmbiafoj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eholblediahnodlgigdkdhkkpmbiafoj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.073733Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eholblediahnodlgigdkdhkkpmbiafoj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eholblediahnodlgigdkdhkkpmbiafoj", "external_id": "eholblediahnodlgigdkdhkkpmbiafoj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--23c2f9ae-9f8e-415a-8c1b-ce6fcd51f5f4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.074756Z", "modified": "2026-06-02T15:57:34.074756Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ehplfgnopmpflglfpldjdodaogebfgpe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ehplfgnopmpflglfpldjdodaogebfgpe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.074718Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ehplfgnopmpflglfpldjdodaogebfgpe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ehplfgnopmpflglfpldjdodaogebfgpe", "external_id": "ehplfgnopmpflglfpldjdodaogebfgpe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0ed38252-5b04-404c-94a4-22a4a24f1619", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.075767Z", "modified": "2026-06-02T15:57:34.075767Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eikhfdiglgdaepeemeccdldkeindclem) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eikhfdiglgdaepeemeccdldkeindclem']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.075729Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eikhfdiglgdaepeemeccdldkeindclem", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eikhfdiglgdaepeemeccdldkeindclem", "external_id": "eikhfdiglgdaepeemeccdldkeindclem"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d039e346-2c62-4775-96bd-2536f23eca1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.07676Z", "modified": "2026-06-02T15:57:34.07676Z", "name": "Malicious Extension: Genshin Impact Cursor - Custom Cartoon Cursor for Chrome", "description": "Malicious browser extension: Genshin Impact Cursor - Custom Cartoon Cursor for Chrome (eioefbifkjcfpkdoghnndbceebbohkcd) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eioefbifkjcfpkdoghnndbceebbohkcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.076723Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eioefbifkjcfpkdoghnndbceebbohkcd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eioefbifkjcfpkdoghnndbceebbohkcd", "external_id": "eioefbifkjcfpkdoghnndbceebbohkcd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4ad4062c-4446-4fdd-85ac-b87dbadcd6cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.077743Z", "modified": "2026-06-02T15:57:34.077743Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ejbieagijpeanlkmjlpdbincpoecfifo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ejbieagijpeanlkmjlpdbincpoecfifo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.077705Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ejbieagijpeanlkmjlpdbincpoecfifo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ejbieagijpeanlkmjlpdbincpoecfifo", "external_id": "ejbieagijpeanlkmjlpdbincpoecfifo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4ae3cf28-7f03-4d2a-9c1f-b511fcec96a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.078875Z", "modified": "2026-06-02T15:57:34.078875Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ejdihbblcbdfobabjfebfjfopenohbjb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ejdihbblcbdfobabjfebfjfopenohbjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.078838Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ejdihbblcbdfobabjfebfjfopenohbjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ejdihbblcbdfobabjfebfjfopenohbjb", "external_id": "ejdihbblcbdfobabjfebfjfopenohbjb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ab6c4f45-28da-4451-9e34-4af19dce7db0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.079901Z", "modified": "2026-06-02T15:57:34.079901Z", "name": "Malicious Extension: JURIMIND CRM", "description": "Malicious browser extension: JURIMIND CRM (ejenghcfiaehahmeklcojkhpamicfjol) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ejenghcfiaehahmeklcojkhpamicfjol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.079862Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ejenghcfiaehahmeklcojkhpamicfjol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ejenghcfiaehahmeklcojkhpamicfjol", "external_id": "ejenghcfiaehahmeklcojkhpamicfjol"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7e3aca16-e450-42fa-be5b-ed7ffdbe2a5d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.080887Z", "modified": "2026-06-02T15:57:34.080887Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ejfocpkjndmkbloiobcdhkkoeekcpkik) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ejfocpkjndmkbloiobcdhkkoeekcpkik']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.080851Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ejfocpkjndmkbloiobcdhkkoeekcpkik", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ejfocpkjndmkbloiobcdhkkoeekcpkik", "external_id": "ejfocpkjndmkbloiobcdhkkoeekcpkik"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--14b92aa3-2223-40cb-9606-4b32594c8afd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.081866Z", "modified": "2026-06-02T15:57:34.081866Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ejkdgndbgpfcaggpmnijcbddlnmdnpka) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ejkdgndbgpfcaggpmnijcbddlnmdnpka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.081828Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ejkdgndbgpfcaggpmnijcbddlnmdnpka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ejkdgndbgpfcaggpmnijcbddlnmdnpka", "external_id": "ejkdgndbgpfcaggpmnijcbddlnmdnpka"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a301b167-d90d-427a-bd51-7b848bfa6f1d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.082845Z", "modified": "2026-06-02T15:57:34.082845Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ejmfemchnobpkbmnidhbbledmajpehnp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ejmfemchnobpkbmnidhbbledmajpehnp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.082808Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ejmfemchnobpkbmnidhbbledmajpehnp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ejmfemchnobpkbmnidhbbledmajpehnp", "external_id": "ejmfemchnobpkbmnidhbbledmajpehnp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0f7019ab-fd59-47e8-9157-7abf3c94d742", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.083905Z", "modified": "2026-06-02T15:57:34.083905Z", "name": "Malicious Extension: YT Search Helper", "description": "Malicious browser extension: YT Search Helper (ekfbpedkallblckjgijmibabfcacgjhl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekfbpedkallblckjgijmibabfcacgjhl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.083867Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekfbpedkallblckjgijmibabfcacgjhl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekfbpedkallblckjgijmibabfcacgjhl", "external_id": "ekfbpedkallblckjgijmibabfcacgjhl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--664292c4-6457-4c27-b5bf-b475df247edb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.084902Z", "modified": "2026-06-02T15:57:34.084902Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ekhmddbpfelhdicnhkomdopnnbkchddc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekhmddbpfelhdicnhkomdopnnbkchddc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.084865Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekhmddbpfelhdicnhkomdopnnbkchddc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekhmddbpfelhdicnhkomdopnnbkchddc", "external_id": "ekhmddbpfelhdicnhkomdopnnbkchddc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--33ef42c4-eb36-4135-ad5c-179a5b883464", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.086074Z", "modified": "2026-06-02T15:57:34.086074Z", "name": "Malicious Extension: Talk Mais", "description": "Malicious browser extension: Talk Mais (ekmdldnjhmffdbihkfannnmloccnmemn) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekmdldnjhmffdbihkfannnmloccnmemn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.086036Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ekmdldnjhmffdbihkfannnmloccnmemn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekmdldnjhmffdbihkfannnmloccnmemn", "external_id": "ekmdldnjhmffdbihkfannnmloccnmemn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ef84ae9c-277f-4edb-addb-afdbdd40341c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.087072Z", "modified": "2026-06-02T15:57:34.087072Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ekmlpfjamlmnfhgiaijcoambbiapljje) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekmlpfjamlmnfhgiaijcoambbiapljje']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.087035Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekmlpfjamlmnfhgiaijcoambbiapljje", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekmlpfjamlmnfhgiaijcoambbiapljje", "external_id": "ekmlpfjamlmnfhgiaijcoambbiapljje"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--38da95e3-9d01-4d54-b4af-24ca43f2fdeb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.088077Z", "modified": "2026-06-02T15:57:34.088077Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ekndlocgcngbpebppapnpalpjfnkoffh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekndlocgcngbpebppapnpalpjfnkoffh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.088032Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekndlocgcngbpebppapnpalpjfnkoffh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekndlocgcngbpebppapnpalpjfnkoffh", "external_id": "ekndlocgcngbpebppapnpalpjfnkoffh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--237ea0d4-ae20-4071-aee9-08759ce71080", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.089067Z", "modified": "2026-06-02T15:57:34.089067Z", "name": "Malicious Extension: Amazon Keyword Density & SEO Tool", "description": "Malicious browser extension: Amazon Keyword Density & SEO Tool (ekomkpgkmieaaekmaldmaljljahehkoi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekomkpgkmieaaekmaldmaljljahehkoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.08903Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekomkpgkmieaaekmaldmaljljahehkoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekomkpgkmieaaekmaldmaljljahehkoi", "external_id": "ekomkpgkmieaaekmaldmaljljahehkoi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d0a3369f-b99d-43e7-b421-4f1bbfd2b026", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.090044Z", "modified": "2026-06-02T15:57:34.090044Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ekpodilfhicbbljplepockanjjnndcai) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekpodilfhicbbljplepockanjjnndcai']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.090007Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekpodilfhicbbljplepockanjjnndcai", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekpodilfhicbbljplepockanjjnndcai", "external_id": "ekpodilfhicbbljplepockanjjnndcai"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--da83b718-7370-47c0-a22e-e24aba7eee0c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.091045Z", "modified": "2026-06-02T15:57:34.091045Z", "name": "Malicious Extension: Hchat", "description": "Malicious browser extension: Hchat (elahghcenkbboillglflockiijbkejod) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/elahghcenkbboillglflockiijbkejod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.091008Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:elahghcenkbboillglflockiijbkejod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/elahghcenkbboillglflockiijbkejod", "external_id": "elahghcenkbboillglflockiijbkejod"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--26808f52-2df4-4cf3-9d98-6f7a06bc2fc9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.092045Z", "modified": "2026-06-02T15:57:34.092045Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (elckfehnjdbghpoheamjffpdbbogjhie) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/elckfehnjdbghpoheamjffpdbbogjhie']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.092008Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:elckfehnjdbghpoheamjffpdbbogjhie", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/elckfehnjdbghpoheamjffpdbbogjhie", "external_id": "elckfehnjdbghpoheamjffpdbbogjhie"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d500d3ea-59df-4602-90be-b9ab5e0e3bf6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.093175Z", "modified": "2026-06-02T15:57:34.093175Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eldjnmdpkecnjjkmmgndpcibgkfpodfh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eldjnmdpkecnjjkmmgndpcibgkfpodfh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.093136Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eldjnmdpkecnjjkmmgndpcibgkfpodfh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eldjnmdpkecnjjkmmgndpcibgkfpodfh", "external_id": "eldjnmdpkecnjjkmmgndpcibgkfpodfh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--35a8296b-11d1-4085-a7a6-1da51c8f98a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.09417Z", "modified": "2026-06-02T15:57:34.09417Z", "name": "Malicious Extension: Solo Leveling Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Solo Leveling Cursor \u2605 Custom Cursor for Chrome\u2122 (elfcaiclmhkioadcpikkonlnanaakmem) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/elfcaiclmhkioadcpikkonlnanaakmem']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.094132Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:elfcaiclmhkioadcpikkonlnanaakmem", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/elfcaiclmhkioadcpikkonlnanaakmem", "external_id": "elfcaiclmhkioadcpikkonlnanaakmem"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4e6dcb34-2bf7-4ce2-b0ec-0f2210369304", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.095171Z", "modified": "2026-06-02T15:57:34.095171Z", "name": "Malicious Extension: Chat Boost", "description": "Malicious browser extension: Chat Boost (elicjcmfamohcfkpokcdhapngkadckpa) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/elicjcmfamohcfkpokcdhapngkadckpa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.095133Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:elicjcmfamohcfkpokcdhapngkadckpa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/elicjcmfamohcfkpokcdhapngkadckpa", "external_id": "elicjcmfamohcfkpokcdhapngkadckpa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0d61f5e6-baf6-465b-b5a0-1f778d265f96", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.096168Z", "modified": "2026-06-02T15:57:34.096168Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (elipckbifniceedgalakgnmgeimfdcdi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/elipckbifniceedgalakgnmgeimfdcdi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.096124Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:elipckbifniceedgalakgnmgeimfdcdi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/elipckbifniceedgalakgnmgeimfdcdi", "external_id": "elipckbifniceedgalakgnmgeimfdcdi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e73b7013-1bc4-4212-ab79-9838d1f74aa0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.097157Z", "modified": "2026-06-02T15:57:34.097157Z", "name": "Malicious Extension: Hello Kitty Cursor \u2665 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Hello Kitty Cursor \u2665 Custom Cursor for Chrome\u2122 (eljclcigelmfnomncdefdkbgnbbilnel) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eljclcigelmfnomncdefdkbgnbbilnel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.097115Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eljclcigelmfnomncdefdkbgnbbilnel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eljclcigelmfnomncdefdkbgnbbilnel", "external_id": "eljclcigelmfnomncdefdkbgnbbilnel"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--be6d29d7-3533-427e-bd23-3e50c37c50f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.098139Z", "modified": "2026-06-02T15:57:34.098139Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ellfpjminfaokagphnohegiifhlccbkm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ellfpjminfaokagphnohegiifhlccbkm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.098102Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ellfpjminfaokagphnohegiifhlccbkm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ellfpjminfaokagphnohegiifhlccbkm", "external_id": "ellfpjminfaokagphnohegiifhlccbkm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7bf6938c-b589-4a06-a685-a6973329c7c2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.099126Z", "modified": "2026-06-02T15:57:34.099126Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (elodfjiipicopkbodboajgkgppophmab) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/elodfjiipicopkbodboajgkgppophmab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.099079Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:elodfjiipicopkbodboajgkgppophmab", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/elodfjiipicopkbodboajgkgppophmab", "external_id": "elodfjiipicopkbodboajgkgppophmab"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dbc420f1-e6f6-43d9-b865-44331808b583", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.100263Z", "modified": "2026-06-02T15:57:34.100263Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (embnfgbapngmmabnniopmpmliafogbnj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/embnfgbapngmmabnniopmpmliafogbnj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.100225Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:embnfgbapngmmabnniopmpmliafogbnj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/embnfgbapngmmabnniopmpmliafogbnj", "external_id": "embnfgbapngmmabnniopmpmliafogbnj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--904d0e72-2ab6-4840-90c8-6edf3505aedb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.101262Z", "modified": "2026-06-02T15:57:34.101262Z", "name": "Malicious Extension: Pac-Man Cursor - Custom Retro Cursor for Chrome", "description": "Malicious browser extension: Pac-Man Cursor - Custom Retro Cursor for Chrome (emekjhecncemhkpoolndbgmbgfieipdh) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/emekjhecncemhkpoolndbgmbgfieipdh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.101219Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:emekjhecncemhkpoolndbgmbgfieipdh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/emekjhecncemhkpoolndbgmbgfieipdh", "external_id": "emekjhecncemhkpoolndbgmbgfieipdh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--010085ea-0dd8-4319-ba4c-665f294f526f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.102248Z", "modified": "2026-06-02T15:57:34.102248Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (emhdpfcihdomnibaabdmdfaebebfkjdg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/emhdpfcihdomnibaabdmdfaebebfkjdg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.102211Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:emhdpfcihdomnibaabdmdfaebebfkjdg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/emhdpfcihdomnibaabdmdfaebebfkjdg", "external_id": "emhdpfcihdomnibaabdmdfaebebfkjdg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1a15b9dd-e7d7-4ea5-a230-4c4ba1258e6e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.103252Z", "modified": "2026-06-02T15:57:34.103252Z", "name": "Malicious Extension: ClickZap", "description": "Malicious browser extension: ClickZap (emhembimlgjkalegifeijlilginlnano) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/emhembimlgjkalegifeijlilginlnano']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.103214Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:emhembimlgjkalegifeijlilginlnano", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/emhembimlgjkalegifeijlilginlnano", "external_id": "emhembimlgjkalegifeijlilginlnano"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7026fe3f-44db-4243-ac71-d2e3d2b8909a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.104267Z", "modified": "2026-06-02T15:57:34.104267Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (emiocjgakibimbopobplmfldkldhhiad) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/emiocjgakibimbopobplmfldkldhhiad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.104229Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:emiocjgakibimbopobplmfldkldhhiad", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/emiocjgakibimbopobplmfldkldhhiad", "external_id": "emiocjgakibimbopobplmfldkldhhiad"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d533f75d-892b-46d2-8b05-861f0dec9c90", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.10525Z", "modified": "2026-06-02T15:57:34.10525Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (empdihaogaehghjmpimnmmjjfjmihcmg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/empdihaogaehghjmpimnmmjjfjmihcmg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.105213Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:empdihaogaehghjmpimnmmjjfjmihcmg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/empdihaogaehghjmpimnmmjjfjmihcmg", "external_id": "empdihaogaehghjmpimnmmjjfjmihcmg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c996bf26-ddc6-462d-8237-fdbd12553f13", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.106232Z", "modified": "2026-06-02T15:57:34.106232Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (emppaabanpbeeihodkoikmpopkjkdojc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/emppaabanpbeeihodkoikmpopkjkdojc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.10619Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:emppaabanpbeeihodkoikmpopkjkdojc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/emppaabanpbeeihodkoikmpopkjkdojc", "external_id": "emppaabanpbeeihodkoikmpopkjkdojc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f3498838-0458-4b26-85e7-9f0caa2d3f2e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.107411Z", "modified": "2026-06-02T15:57:34.107411Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (enaigkcpmpohpbokbfllbkijmllmpafm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/enaigkcpmpohpbokbfllbkijmllmpafm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.107373Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:enaigkcpmpohpbokbfllbkijmllmpafm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/enaigkcpmpohpbokbfllbkijmllmpafm", "external_id": "enaigkcpmpohpbokbfllbkijmllmpafm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--90a60a2f-4ffb-45d3-849f-b8b06e9f53a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.108429Z", "modified": "2026-06-02T15:57:34.108429Z", "name": "Malicious Extension: WaMed", "description": "Malicious browser extension: WaMed (endfahndaiibchcbfaphnhanpckdhmll) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/endfahndaiibchcbfaphnhanpckdhmll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.108392Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:endfahndaiibchcbfaphnhanpckdhmll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/endfahndaiibchcbfaphnhanpckdhmll", "external_id": "endfahndaiibchcbfaphnhanpckdhmll"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--13b58434-45a8-46fe-a8f5-5ff249c8310f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.109425Z", "modified": "2026-06-02T15:57:34.109425Z", "name": "Malicious Extension: My Hero Academia Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: My Hero Academia Cursor \u2605 Custom Cursor for Chrome\u2122 (enemknlfbkchplbhdflblafnpfmgdpib) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/enemknlfbkchplbhdflblafnpfmgdpib']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.109382Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:enemknlfbkchplbhdflblafnpfmgdpib", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/enemknlfbkchplbhdflblafnpfmgdpib", "external_id": "enemknlfbkchplbhdflblafnpfmgdpib"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--26d14d9d-3541-4975-820a-8cfea788c94b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.110432Z", "modified": "2026-06-02T15:57:34.110432Z", "name": "Malicious Extension: SmartFlow", "description": "Malicious browser extension: SmartFlow (engjehngfignjpekjkpgjgapnlkndofk) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/engjehngfignjpekjkpgjgapnlkndofk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.11039Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:engjehngfignjpekjkpgjgapnlkndofk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/engjehngfignjpekjkpgjgapnlkndofk", "external_id": "engjehngfignjpekjkpgjgapnlkndofk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1f66e8ce-28cd-4a26-a056-9e99cb50376e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.11143Z", "modified": "2026-06-02T15:57:34.11143Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eoalbaojjblgndkffciljmiddhgjdldh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eoalbaojjblgndkffciljmiddhgjdldh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.111392Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eoalbaojjblgndkffciljmiddhgjdldh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eoalbaojjblgndkffciljmiddhgjdldh", "external_id": "eoalbaojjblgndkffciljmiddhgjdldh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2910cae3-eeed-46f1-a6a0-be2dac20c986", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.112413Z", "modified": "2026-06-02T15:57:34.112413Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eobcealmgdjeoheieiobkedbgddicaba) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eobcealmgdjeoheieiobkedbgddicaba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.112376Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eobcealmgdjeoheieiobkedbgddicaba", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eobcealmgdjeoheieiobkedbgddicaba", "external_id": "eobcealmgdjeoheieiobkedbgddicaba"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c392f86b-3b6b-4a48-ab36-9f5ba39ac750", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.113391Z", "modified": "2026-06-02T15:57:34.113391Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eoclijfghiglinncpceohgaigfgnlbim) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eoclijfghiglinncpceohgaigfgnlbim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.113354Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eoclijfghiglinncpceohgaigfgnlbim", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eoclijfghiglinncpceohgaigfgnlbim", "external_id": "eoclijfghiglinncpceohgaigfgnlbim"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9be1009e-f71c-4e37-90af-55a2d662c1b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.114526Z", "modified": "2026-06-02T15:57:34.114526Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eoimljninkkepafoijpgbedkkieobfek) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eoimljninkkepafoijpgbedkkieobfek']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.114487Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eoimljninkkepafoijpgbedkkieobfek", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eoimljninkkepafoijpgbedkkieobfek", "external_id": "eoimljninkkepafoijpgbedkkieobfek"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5eed6f51-0b19-478e-8062-a06dd641e04d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.115537Z", "modified": "2026-06-02T15:57:34.115537Z", "name": "Malicious Extension: FR VENDAS PRO", "description": "Malicious browser extension: FR VENDAS PRO (eolijkhfnnodhepiglajhkijjbcndiea) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eolijkhfnnodhepiglajhkijjbcndiea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.1155Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:eolijkhfnnodhepiglajhkijjbcndiea", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eolijkhfnnodhepiglajhkijjbcndiea", "external_id": "eolijkhfnnodhepiglajhkijjbcndiea"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--033b92c7-55c8-44eb-8e07-cae504d128fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.116527Z", "modified": "2026-06-02T15:57:34.116527Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eonegkecmopidmaknildejfodfccpegg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eonegkecmopidmaknildejfodfccpegg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.11649Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eonegkecmopidmaknildejfodfccpegg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eonegkecmopidmaknildejfodfccpegg", "external_id": "eonegkecmopidmaknildejfodfccpegg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--801bafed-f37a-430f-8ad1-28957a864247", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.117521Z", "modified": "2026-06-02T15:57:34.117521Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (eonhgphmceoiekhbknomhkllnonbccca) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/eonhgphmceoiekhbknomhkllnonbccca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.117484Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:eonhgphmceoiekhbknomhkllnonbccca", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/eonhgphmceoiekhbknomhkllnonbccca", "external_id": "eonhgphmceoiekhbknomhkllnonbccca"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4638b208-cb60-4d3a-9f3d-5c0b83e3bdad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.118503Z", "modified": "2026-06-02T15:57:34.118503Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (epcdngpcnmpccoompafgodghbldokgob) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/epcdngpcnmpccoompafgodghbldokgob']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.118466Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:epcdngpcnmpccoompafgodghbldokgob", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/epcdngpcnmpccoompafgodghbldokgob", "external_id": "epcdngpcnmpccoompafgodghbldokgob"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--85505ea8-d79b-445f-bb01-2d9744f58db8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.11951Z", "modified": "2026-06-02T15:57:34.11951Z", "name": "Malicious Extension: DGUESTS", "description": "Malicious browser extension: DGUESTS (ephepidhbiabcalednafkdpllnnohnph) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ephepidhbiabcalednafkdpllnnohnph']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.11947Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ephepidhbiabcalednafkdpllnnohnph", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ephepidhbiabcalednafkdpllnnohnph", "external_id": "ephepidhbiabcalednafkdpllnnohnph"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b27e447f-c321-4192-8f0c-dacec66e8bc7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.120491Z", "modified": "2026-06-02T15:57:34.120491Z", "name": "Malicious Extension: AI Chat Turbo", "description": "Malicious browser extension: AI Chat Turbo (fbakofpmbmcodpmbecdimecilceplfll) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbakofpmbmcodpmbecdimecilceplfll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.120454Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fbakofpmbmcodpmbecdimecilceplfll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbakofpmbmcodpmbecdimecilceplfll", "external_id": "fbakofpmbmcodpmbecdimecilceplfll"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6d7888ee-57af-4da8-acda-a7fa9ee0e7d5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.121619Z", "modified": "2026-06-02T15:57:34.121619Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fbbmnieefocnacnecccgmedmcbhlkcpm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbbmnieefocnacnecccgmedmcbhlkcpm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.121582Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fbbmnieefocnacnecccgmedmcbhlkcpm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbbmnieefocnacnecccgmedmcbhlkcpm", "external_id": "fbbmnieefocnacnecccgmedmcbhlkcpm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--49a89494-e443-4b05-b1e0-f4982b1f3b65", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.122677Z", "modified": "2026-06-02T15:57:34.122677Z", "name": "Malicious Extension: Phantom Shuttle (\u5e7b\u5f71\u7a7f\u68ad)", "description": "Malicious browser extension: Phantom Shuttle (\u5e7b\u5f71\u7a7f\u68ad) (fbfldogmkadejddihifklefknmikncaj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbfldogmkadejddihifklefknmikncaj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fbfldogmkadejddihifklefknmikncaj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbfldogmkadejddihifklefknmikncaj", "external_id": "fbfldogmkadejddihifklefknmikncaj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aad623ac-e324-4159-8e5e-c8d73decbf61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.123689Z", "modified": "2026-06-02T15:57:34.123689Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fbielihbbmdclfpfajglkbioppnlfgfe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbielihbbmdclfpfajglkbioppnlfgfe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.123645Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fbielihbbmdclfpfajglkbioppnlfgfe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbielihbbmdclfpfajglkbioppnlfgfe", "external_id": "fbielihbbmdclfpfajglkbioppnlfgfe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b7399c9c-9676-41eb-a470-0f94068ea5a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.124677Z", "modified": "2026-06-02T15:57:34.124677Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fbjjljbajgmgplbdgocnccjegalogbgo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbjjljbajgmgplbdgocnccjegalogbgo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.12464Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fbjjljbajgmgplbdgocnccjegalogbgo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbjjljbajgmgplbdgocnccjegalogbgo", "external_id": "fbjjljbajgmgplbdgocnccjegalogbgo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a580e512-f1f1-49d2-9c58-43208418fb9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.125654Z", "modified": "2026-06-02T15:57:34.125654Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fbmgcejhoneccecnplfllgkfgheoengm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbmgcejhoneccecnplfllgkfgheoengm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.125618Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fbmgcejhoneccecnplfllgkfgheoengm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbmgcejhoneccecnplfllgkfgheoengm", "external_id": "fbmgcejhoneccecnplfllgkfgheoengm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--449668eb-8377-4507-89dd-2a68f7bca09c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.126632Z", "modified": "2026-06-02T15:57:34.126632Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fbobegkkdmmcnmoplkgdmfhdlkjfelnb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbobegkkdmmcnmoplkgdmfhdlkjfelnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.126594Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fbobegkkdmmcnmoplkgdmfhdlkjfelnb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbobegkkdmmcnmoplkgdmfhdlkjfelnb", "external_id": "fbobegkkdmmcnmoplkgdmfhdlkjfelnb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f8806d24-3209-4851-8d1c-e27496fddf47", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.127633Z", "modified": "2026-06-02T15:57:34.127633Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fcdaihcgjonhfgninefiejokmgefkmik) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fcdaihcgjonhfgninefiejokmgefkmik']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.127596Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fcdaihcgjonhfgninefiejokmgefkmik", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fcdaihcgjonhfgninefiejokmgefkmik", "external_id": "fcdaihcgjonhfgninefiejokmgefkmik"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--60bf8644-3d36-4fa6-b7b3-6efe2bcdbd7e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.128773Z", "modified": "2026-06-02T15:57:34.128773Z", "name": "Malicious Extension: Knowee AI (formerly StudyGPT) - Your Homework & Essay Helper", "description": "Malicious browser extension: Knowee AI (formerly StudyGPT) - Your Homework & Essay Helper (fcejkolobdcfbhhakbhajcflakmnhaff) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=272). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fcejkolobdcfbhhakbhajcflakmnhaff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.128736Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fcejkolobdcfbhhakbhajcflakmnhaff", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fcejkolobdcfbhhakbhajcflakmnhaff", "external_id": "fcejkolobdcfbhhakbhajcflakmnhaff"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fbc16581-1b43-4c2e-8c0c-4831996d24d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.129857Z", "modified": "2026-06-02T15:57:34.129857Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fcfmhlijjmckglejcgdclfneafoehafm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fcfmhlijjmckglejcgdclfneafoehafm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.12982Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fcfmhlijjmckglejcgdclfneafoehafm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fcfmhlijjmckglejcgdclfneafoehafm", "external_id": "fcfmhlijjmckglejcgdclfneafoehafm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--71b7aff9-389e-4cdc-a6ee-b2d2fa2e68f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.130869Z", "modified": "2026-06-02T15:57:34.130869Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fchgahponkgfomlgieipannlfanfbfak) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fchgahponkgfomlgieipannlfanfbfak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.13083Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fchgahponkgfomlgieipannlfanfbfak", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fchgahponkgfomlgieipannlfanfbfak", "external_id": "fchgahponkgfomlgieipannlfanfbfak"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9ef13ec1-1910-4a78-97b7-13e0c1e711c7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.131871Z", "modified": "2026-06-02T15:57:34.131871Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fcidgbgogbfdcgijkcfdjcagmhcelpbc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fcidgbgogbfdcgijkcfdjcagmhcelpbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.131834Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fcidgbgogbfdcgijkcfdjcagmhcelpbc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fcidgbgogbfdcgijkcfdjcagmhcelpbc", "external_id": "fcidgbgogbfdcgijkcfdjcagmhcelpbc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--512975e7-e2a0-4b06-b4b7-2107686a7af2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.132856Z", "modified": "2026-06-02T15:57:34.132856Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fckphkcbpgmappcgnfieaacjbknhkhin) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fckphkcbpgmappcgnfieaacjbknhkhin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.132819Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fckphkcbpgmappcgnfieaacjbknhkhin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fckphkcbpgmappcgnfieaacjbknhkhin", "external_id": "fckphkcbpgmappcgnfieaacjbknhkhin"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0711d40b-b768-4e73-9a9d-493623aee3f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.133843Z", "modified": "2026-06-02T15:57:34.133843Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fcoongackakfdmiincikmjgkedcgjkdp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fcoongackakfdmiincikmjgkedcgjkdp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.133806Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fcoongackakfdmiincikmjgkedcgjkdp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fcoongackakfdmiincikmjgkedcgjkdp", "external_id": "fcoongackakfdmiincikmjgkedcgjkdp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--55359991-98ab-4d4a-9ff8-de5031774bf1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.134826Z", "modified": "2026-06-02T15:57:34.134826Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fdbiogldjjmedbkbjdnolcifiankgeeo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fdbiogldjjmedbkbjdnolcifiankgeeo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.13479Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fdbiogldjjmedbkbjdnolcifiankgeeo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fdbiogldjjmedbkbjdnolcifiankgeeo", "external_id": "fdbiogldjjmedbkbjdnolcifiankgeeo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--12453c0a-1f5c-402d-93f2-bf6cd71ee8f8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.135987Z", "modified": "2026-06-02T15:57:34.135987Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fdempkefdmgfcogieifmnadjhohaljcb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fdempkefdmgfcogieifmnadjhohaljcb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.13595Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fdempkefdmgfcogieifmnadjhohaljcb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fdempkefdmgfcogieifmnadjhohaljcb", "external_id": "fdempkefdmgfcogieifmnadjhohaljcb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f0ab87bd-b83e-432d-aa13-1248322ea91c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.136978Z", "modified": "2026-06-02T15:57:34.136978Z", "name": "Malicious Extension: AI Agent", "description": "Malicious browser extension: AI Agent (fdlagfnfaheppaigholhoojabfaapnhb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fdlagfnfaheppaigholhoojabfaapnhb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.13694Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fdlagfnfaheppaigholhoojabfaapnhb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fdlagfnfaheppaigholhoojabfaapnhb", "external_id": "fdlagfnfaheppaigholhoojabfaapnhb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cfacb768-4416-4747-af06-7626e00389b2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.137963Z", "modified": "2026-06-02T15:57:34.137963Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fdohffmkhlflcpcibkgenbenmnlhjpmf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fdohffmkhlflcpcibkgenbenmnlhjpmf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.137926Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fdohffmkhlflcpcibkgenbenmnlhjpmf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fdohffmkhlflcpcibkgenbenmnlhjpmf", "external_id": "fdohffmkhlflcpcibkgenbenmnlhjpmf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b27235b0-410c-45a2-bae0-f42ed8dec14c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.138941Z", "modified": "2026-06-02T15:57:34.138941Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (febheipcbpjemgcfelalhpaafdohaaka) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/febheipcbpjemgcfelalhpaafdohaaka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.138904Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:febheipcbpjemgcfelalhpaafdohaaka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/febheipcbpjemgcfelalhpaafdohaaka", "external_id": "febheipcbpjemgcfelalhpaafdohaaka"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f691aae6-476c-4b2e-bebf-252ddf75402b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.139932Z", "modified": "2026-06-02T15:57:34.139932Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (feeffcliffapnelihbojhppahbdkjhih) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/feeffcliffapnelihbojhppahbdkjhih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.139895Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:feeffcliffapnelihbojhppahbdkjhih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/feeffcliffapnelihbojhppahbdkjhih", "external_id": "feeffcliffapnelihbojhppahbdkjhih"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1f6e154d-291e-415d-b4d0-92b937d84ef1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.140926Z", "modified": "2026-06-02T15:57:34.140926Z", "name": "Malicious Extension: Switch to Chrome?", "description": "Malicious browser extension: Switch to Chrome? (feeonheemodpkdckaljcjogdncpiiban) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/feeonheemodpkdckaljcjogdncpiiban']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.140889Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:feeonheemodpkdckaljcjogdncpiiban", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/feeonheemodpkdckaljcjogdncpiiban", "external_id": "feeonheemodpkdckaljcjogdncpiiban"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fdf2c752-1bb9-4be5-a447-87b467528921", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.141961Z", "modified": "2026-06-02T15:57:34.141961Z", "name": "Malicious Extension: Win7max - CRM no WhatsApp Web, Chatbot, Automa\u00e7\u00e3o e Disparo em Massa", "description": "Malicious browser extension: Win7max - CRM no WhatsApp Web, Chatbot, Automa\u00e7\u00e3o e Disparo em Massa (fefgeijhenfppagifhlfkjjadijghoea) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fefgeijhenfppagifhlfkjjadijghoea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.141922Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fefgeijhenfppagifhlfkjjadijghoea", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fefgeijhenfppagifhlfkjjadijghoea", "external_id": "fefgeijhenfppagifhlfkjjadijghoea"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4ff48b20-b3b3-440b-8cb9-45a999291d36", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.143141Z", "modified": "2026-06-02T15:57:34.143141Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fefodpegbocmidnfphgggnjcicipaibk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fefodpegbocmidnfphgggnjcicipaibk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.143089Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fefodpegbocmidnfphgggnjcicipaibk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fefodpegbocmidnfphgggnjcicipaibk", "external_id": "fefodpegbocmidnfphgggnjcicipaibk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--78da6159-76c4-4714-842d-18ce89e3df20", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.144242Z", "modified": "2026-06-02T15:57:34.144242Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (felanaboghflckkajcjgoapdebklnmff) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/felanaboghflckkajcjgoapdebklnmff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.144201Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:felanaboghflckkajcjgoapdebklnmff", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/felanaboghflckkajcjgoapdebklnmff", "external_id": "felanaboghflckkajcjgoapdebklnmff"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dcacebbe-3d03-4924-80f0-c0bcd3aabfe7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.145295Z", "modified": "2026-06-02T15:57:34.145295Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (femkdojbljfbenbennpmjmmikmjlgeco) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/femkdojbljfbenbennpmjmmikmjlgeco']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.145257Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:femkdojbljfbenbennpmjmmikmjlgeco", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/femkdojbljfbenbennpmjmmikmjlgeco", "external_id": "femkdojbljfbenbennpmjmmikmjlgeco"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--54515fe6-6da7-4b45-9cc5-95bf77151025", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.146287Z", "modified": "2026-06-02T15:57:34.146287Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fempjaikchbnpfllfkcggplmbnpojbbl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fempjaikchbnpfllfkcggplmbnpojbbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.14625Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fempjaikchbnpfllfkcggplmbnpojbbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fempjaikchbnpfllfkcggplmbnpojbbl", "external_id": "fempjaikchbnpfllfkcggplmbnpojbbl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6263c987-8013-4214-8766-16d58527e355", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.147311Z", "modified": "2026-06-02T15:57:34.147311Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fepkmkdameafkbpknifgfhfmoogdcjck) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fepkmkdameafkbpknifgfhfmoogdcjck']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.147273Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fepkmkdameafkbpknifgfhfmoogdcjck", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fepkmkdameafkbpknifgfhfmoogdcjck", "external_id": "fepkmkdameafkbpknifgfhfmoogdcjck"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d9e99f79-1f85-4f7d-a7b9-5ed66320c0c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.148299Z", "modified": "2026-06-02T15:57:34.148299Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ffgacbjeplimdnljijmckpmaggjknkgi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ffgacbjeplimdnljijmckpmaggjknkgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.148262Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ffgacbjeplimdnljijmckpmaggjknkgi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ffgacbjeplimdnljijmckpmaggjknkgi", "external_id": "ffgacbjeplimdnljijmckpmaggjknkgi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1f9f7fd4-35f1-4911-818c-c46388baba41", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.14929Z", "modified": "2026-06-02T15:57:34.14929Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ffgihbmcfcihmpbegcfdkmafaplheknk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ffgihbmcfcihmpbegcfdkmafaplheknk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.149253Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ffgihbmcfcihmpbegcfdkmafaplheknk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ffgihbmcfcihmpbegcfdkmafaplheknk", "external_id": "ffgihbmcfcihmpbegcfdkmafaplheknk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6da08a3e-4825-4a71-a9b4-ca8af1b0f74c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.150435Z", "modified": "2026-06-02T15:57:34.150435Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ffhcdbebponkjcfbbbbdobicpknmcemf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ffhcdbebponkjcfbbbbdobicpknmcemf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.150399Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ffhcdbebponkjcfbbbbdobicpknmcemf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ffhcdbebponkjcfbbbbdobicpknmcemf", "external_id": "ffhcdbebponkjcfbbbbdobicpknmcemf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6e25fe0c-4d05-4039-bf14-c461342c7336", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.151452Z", "modified": "2026-06-02T15:57:34.151452Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ffmfnniephcagojkpjddjiogjeoijjgl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ffmfnniephcagojkpjddjiogjeoijjgl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.151414Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ffmfnniephcagojkpjddjiogjeoijjgl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ffmfnniephcagojkpjddjiogjeoijjgl", "external_id": "ffmfnniephcagojkpjddjiogjeoijjgl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bd95065a-b3bc-442c-9ec3-993a7d4883f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.152454Z", "modified": "2026-06-02T15:57:34.152454Z", "name": "Malicious Extension: App Vendas CRM", "description": "Malicious browser extension: App Vendas CRM (ffngpoeegbhbhpbkhbnilghielofekpc) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ffngpoeegbhbhpbkhbnilghielofekpc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.152417Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ffngpoeegbhbhpbkhbnilghielofekpc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ffngpoeegbhbhpbkhbnilghielofekpc", "external_id": "ffngpoeegbhbhpbkhbnilghielofekpc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--312955fa-b9ee-4681-81e5-cb3dbb57f759", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.153445Z", "modified": "2026-06-02T15:57:34.153445Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ffocfibjgakneigiajpccfcdmomlbapo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ffocfibjgakneigiajpccfcdmomlbapo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.153408Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ffocfibjgakneigiajpccfcdmomlbapo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ffocfibjgakneigiajpccfcdmomlbapo", "external_id": "ffocfibjgakneigiajpccfcdmomlbapo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c12b4991-4868-4ded-9b81-a22018237fa7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.154431Z", "modified": "2026-06-02T15:57:34.154431Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ffodnimfejbfabkkmloghfafjmahejep) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ffodnimfejbfabkkmloghfafjmahejep']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.154394Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ffodnimfejbfabkkmloghfafjmahejep", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ffodnimfejbfabkkmloghfafjmahejep", "external_id": "ffodnimfejbfabkkmloghfafjmahejep"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b154862c-0ecd-45c8-afa2-6b91810e0759", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.15542Z", "modified": "2026-06-02T15:57:34.15542Z", "name": "Malicious Extension: DeepSeek AI", "description": "Malicious browser extension: DeepSeek AI (fgbieegonkgdlkmeaapmkejdlfalonkb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fgbieegonkgdlkmeaapmkejdlfalonkb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.155382Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fgbieegonkgdlkmeaapmkejdlfalonkb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fgbieegonkgdlkmeaapmkejdlfalonkb", "external_id": "fgbieegonkgdlkmeaapmkejdlfalonkb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c852c9ee-e112-4693-8625-90a3f5afbb4c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.156446Z", "modified": "2026-06-02T15:57:34.156446Z", "name": "Malicious Extension: Dragon Ball Cursor - Custom Anime Cursor for Chrome", "description": "Malicious browser extension: Dragon Ball Cursor - Custom Anime Cursor for Chrome (fghhbjaoopknmbecbghnhnfapabhjhhg) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fghhbjaoopknmbecbghnhnfapabhjhhg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.156408Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fghhbjaoopknmbecbghnhnfapabhjhhg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fghhbjaoopknmbecbghnhnfapabhjhhg", "external_id": "fghhbjaoopknmbecbghnhnfapabhjhhg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dca219b4-0c4d-44f0-8a9d-dee3a2660027", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.158479Z", "modified": "2026-06-02T15:57:34.158479Z", "name": "Malicious Extension: Primeira Classe", "description": "Malicious browser extension: Primeira Classe (fhgjdkfbeghkbgjjkkkldiemdcboimmi) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fhgjdkfbeghkbgjjkkkldiemdcboimmi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.158437Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fhgjdkfbeghkbgjjkkkldiemdcboimmi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fhgjdkfbeghkbgjjkkkldiemdcboimmi", "external_id": "fhgjdkfbeghkbgjjkkkldiemdcboimmi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--50ee17a1-3c6c-4aea-a4cf-c2e551455d18", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.159549Z", "modified": "2026-06-02T15:57:34.159549Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fibemlnkopkeenmmgcfohhcdbkhgbolo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fibemlnkopkeenmmgcfohhcdbkhgbolo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.159511Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fibemlnkopkeenmmgcfohhcdbkhgbolo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fibemlnkopkeenmmgcfohhcdbkhgbolo", "external_id": "fibemlnkopkeenmmgcfohhcdbkhgbolo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a9e40f36-979d-4bac-a5bb-60a42ff2ed0b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.16056Z", "modified": "2026-06-02T15:57:34.16056Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fidehgfkepdjggincehnanpcdeklgopd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fidehgfkepdjggincehnanpcdeklgopd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.160523Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fidehgfkepdjggincehnanpcdeklgopd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fidehgfkepdjggincehnanpcdeklgopd", "external_id": "fidehgfkepdjggincehnanpcdeklgopd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--445be07f-0f3f-46cc-99e3-f9e6a3f8a609", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.161549Z", "modified": "2026-06-02T15:57:34.161549Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fiekhkolnfbmffngblfnpmpbdajofpdm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fiekhkolnfbmffngblfnpmpbdajofpdm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.161512Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fiekhkolnfbmffngblfnpmpbdajofpdm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fiekhkolnfbmffngblfnpmpbdajofpdm", "external_id": "fiekhkolnfbmffngblfnpmpbdajofpdm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3bf17b33-b37b-4fcb-a2d0-64eea08a7bdf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.162535Z", "modified": "2026-06-02T15:57:34.162535Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fihbjcbnakkkhapcefljgnhfocbmafol) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fihbjcbnakkkhapcefljgnhfocbmafol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.162498Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fihbjcbnakkkhapcefljgnhfocbmafol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fihbjcbnakkkhapcefljgnhfocbmafol", "external_id": "fihbjcbnakkkhapcefljgnhfocbmafol"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b7b9d894-a274-4efa-8216-2ad5227251ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.163538Z", "modified": "2026-06-02T15:57:34.163538Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fiobgijambbbkgndmodakkpajghgnjbe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fiobgijambbbkgndmodakkpajghgnjbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.163501Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fiobgijambbbkgndmodakkpajghgnjbe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fiobgijambbbkgndmodakkpajghgnjbe", "external_id": "fiobgijambbbkgndmodakkpajghgnjbe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--573e0be0-3e39-47e9-b33d-8423eb689b55", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.164552Z", "modified": "2026-06-02T15:57:34.164552Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fjamdmeidfoiimcdmakidnifokhjdpdc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fjamdmeidfoiimcdmakidnifokhjdpdc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.164513Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fjamdmeidfoiimcdmakidnifokhjdpdc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fjamdmeidfoiimcdmakidnifokhjdpdc", "external_id": "fjamdmeidfoiimcdmakidnifokhjdpdc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a7819ef9-169c-491d-82fb-2f16897e44ab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.165728Z", "modified": "2026-06-02T15:57:34.165728Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fjfclchnmkilojpjkfhngijlomhnendk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fjfclchnmkilojpjkfhngijlomhnendk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.16569Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fjfclchnmkilojpjkfhngijlomhnendk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fjfclchnmkilojpjkfhngijlomhnendk", "external_id": "fjfclchnmkilojpjkfhngijlomhnendk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--048c3b86-0ac0-4545-a2ff-714323850a22", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.166746Z", "modified": "2026-06-02T15:57:34.166746Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fjfphlkdahigapjlfcalofelglelbgpg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fjfphlkdahigapjlfcalofelglelbgpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.166708Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fjfphlkdahigapjlfcalofelglelbgpg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fjfphlkdahigapjlfcalofelglelbgpg", "external_id": "fjfphlkdahigapjlfcalofelglelbgpg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ac9f0e6f-d052-4c6a-a9f6-0727562d5eb9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.167757Z", "modified": "2026-06-02T15:57:34.167757Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fjigdpmfeomndepihcinokhcphdojepm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fjigdpmfeomndepihcinokhcphdojepm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.167719Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fjigdpmfeomndepihcinokhcphdojepm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fjigdpmfeomndepihcinokhcphdojepm", "external_id": "fjigdpmfeomndepihcinokhcphdojepm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6a119e5b-4325-4920-9bd8-b55fd1095339", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.168756Z", "modified": "2026-06-02T15:57:34.168756Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fjioinpkgmlcioajfnncgldldcnabffe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fjioinpkgmlcioajfnncgldldcnabffe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.168718Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fjioinpkgmlcioajfnncgldldcnabffe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fjioinpkgmlcioajfnncgldldcnabffe", "external_id": "fjioinpkgmlcioajfnncgldldcnabffe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3e762c58-827d-4fce-a436-ad76f0edef9d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.16974Z", "modified": "2026-06-02T15:57:34.16974Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fjjfjejnceagncobmelafecbpggbmmka) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fjjfjejnceagncobmelafecbpggbmmka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.169702Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fjjfjejnceagncobmelafecbpggbmmka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fjjfjejnceagncobmelafecbpggbmmka", "external_id": "fjjfjejnceagncobmelafecbpggbmmka"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2ea8356d-d1a9-4ce1-8155-21827b1b76b2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.170732Z", "modified": "2026-06-02T15:57:34.170732Z", "name": "Malicious Extension: DAT GO", "description": "Malicious browser extension: DAT GO (fjpobenajidogfpilgbjgbglcanfjnoa) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=62). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fjpobenajidogfpilgbjgbglcanfjnoa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.170693Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fjpobenajidogfpilgbjgbglcanfjnoa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fjpobenajidogfpilgbjgbglcanfjnoa", "external_id": "fjpobenajidogfpilgbjgbglcanfjnoa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d09d8b81-5d67-4a37-b53b-2df12ef1e254", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.171758Z", "modified": "2026-06-02T15:57:34.171758Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fkbcbgffcclobgbombinljckbelhnpif) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fkbcbgffcclobgbombinljckbelhnpif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.17172Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fkbcbgffcclobgbombinljckbelhnpif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fkbcbgffcclobgbombinljckbelhnpif", "external_id": "fkbcbgffcclobgbombinljckbelhnpif"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--56be4175-0cf6-497a-b419-6ef619457ed2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.172915Z", "modified": "2026-06-02T15:57:34.172915Z", "name": "Malicious Extension: Soccer Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Soccer Cursor \u2605 Custom Cursor for Chrome\u2122 (fkbjmjplmceabidmaloaffkmanglpfoe) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fkbjmjplmceabidmaloaffkmanglpfoe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.172878Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fkbjmjplmceabidmaloaffkmanglpfoe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fkbjmjplmceabidmaloaffkmanglpfoe", "external_id": "fkbjmjplmceabidmaloaffkmanglpfoe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3a959760-8645-4d8b-9a88-6d5ff793bc77", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.17391Z", "modified": "2026-06-02T15:57:34.17391Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fkkgaomifpmmikhigldibldaleglnpme) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fkkgaomifpmmikhigldibldaleglnpme']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.173873Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fkkgaomifpmmikhigldibldaleglnpme", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fkkgaomifpmmikhigldibldaleglnpme", "external_id": "fkkgaomifpmmikhigldibldaleglnpme"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7370d365-a8a8-4c32-a5b2-3a0d1beb8004", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.174889Z", "modified": "2026-06-02T15:57:34.174889Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fklkhoeemdncdhacelfjeaajhfhoenaa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fklkhoeemdncdhacelfjeaajhfhoenaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.174852Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fklkhoeemdncdhacelfjeaajhfhoenaa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fklkhoeemdncdhacelfjeaajhfhoenaa", "external_id": "fklkhoeemdncdhacelfjeaajhfhoenaa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--82aae9b6-c7f7-4461-bbf0-7702bc622606", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.175883Z", "modified": "2026-06-02T15:57:34.175883Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fkogigpebmhlbldifmjngmlooifljnif) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fkogigpebmhlbldifmjngmlooifljnif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.175846Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fkogigpebmhlbldifmjngmlooifljnif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fkogigpebmhlbldifmjngmlooifljnif", "external_id": "fkogigpebmhlbldifmjngmlooifljnif"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--84f734b8-a64b-462b-b73b-7ac271b9cf48", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.176858Z", "modified": "2026-06-02T15:57:34.176858Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (flapondhpgmggemifmemcmicjodpmkjb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flapondhpgmggemifmemcmicjodpmkjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.176821Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:flapondhpgmggemifmemcmicjodpmkjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flapondhpgmggemifmemcmicjodpmkjb", "external_id": "flapondhpgmggemifmemcmicjodpmkjb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ec251d1a-01fe-459b-92a7-d71c12b8a1cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.177853Z", "modified": "2026-06-02T15:57:34.177853Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (flddpiffdlibegmclipfcnmaibecaobi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flddpiffdlibegmclipfcnmaibecaobi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.177816Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:flddpiffdlibegmclipfcnmaibecaobi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flddpiffdlibegmclipfcnmaibecaobi", "external_id": "flddpiffdlibegmclipfcnmaibecaobi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e3a22afc-7374-4e53-8549-99a70a22d2b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.178837Z", "modified": "2026-06-02T15:57:34.178837Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fldiebelpcgjgdlmkmbohiljpkdeillj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fldiebelpcgjgdlmkmbohiljpkdeillj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.1788Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fldiebelpcgjgdlmkmbohiljpkdeillj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fldiebelpcgjgdlmkmbohiljpkdeillj", "external_id": "fldiebelpcgjgdlmkmbohiljpkdeillj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5c16ca0f-f23a-4305-9202-419ac14ff2cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.179987Z", "modified": "2026-06-02T15:57:34.179987Z", "name": "Malicious Extension: WORKZAP", "description": "Malicious browser extension: WORKZAP (flfjappofhfkljghalmpfnnhllokpami) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flfjappofhfkljghalmpfnnhllokpami']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.179949Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:flfjappofhfkljghalmpfnnhllokpami", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flfjappofhfkljghalmpfnnhllokpami", "external_id": "flfjappofhfkljghalmpfnnhllokpami"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--43c70338-e62b-48c7-8152-fba7a95af9d5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.180978Z", "modified": "2026-06-02T15:57:34.180978Z", "name": "Malicious Extension: Search for perplexity ai", "description": "Malicious browser extension: Search for perplexity ai (flkebkiofojicogddingbdmcmkpbplcd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flkebkiofojicogddingbdmcmkpbplcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.18094Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:flkebkiofojicogddingbdmcmkpbplcd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flkebkiofojicogddingbdmcmkpbplcd", "external_id": "flkebkiofojicogddingbdmcmkpbplcd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b30ef1aa-15ad-4713-a3e9-b84ff9428e94", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.181962Z", "modified": "2026-06-02T15:57:34.181962Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (flkkgeinabbkomdeamdcdkiojfhmlmgo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flkkgeinabbkomdeamdcdkiojfhmlmgo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.181925Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:flkkgeinabbkomdeamdcdkiojfhmlmgo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flkkgeinabbkomdeamdcdkiojfhmlmgo", "external_id": "flkkgeinabbkomdeamdcdkiojfhmlmgo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7e96c766-4cf7-4b05-b069-5296903f2b07", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.182947Z", "modified": "2026-06-02T15:57:34.182947Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (flnecpdpbhdblkpnegekobahlijbmfok) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flnecpdpbhdblkpnegekobahlijbmfok']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.182909Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:flnecpdpbhdblkpnegekobahlijbmfok", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flnecpdpbhdblkpnegekobahlijbmfok", "external_id": "flnecpdpbhdblkpnegekobahlijbmfok"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--51afe2b3-88e7-40a6-8f6f-4173bbf8ccb7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.183947Z", "modified": "2026-06-02T15:57:34.183947Z", "name": "Malicious Extension: Harry Potter Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Harry Potter Cursor \u2605 Custom Cursor for Chrome\u2122 (flpfhaclifodhjecdjjdnefcjfnflcpp) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flpfhaclifodhjecdjjdnefcjfnflcpp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.18391Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:flpfhaclifodhjecdjjdnefcjfnflcpp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flpfhaclifodhjecdjjdnefcjfnflcpp", "external_id": "flpfhaclifodhjecdjjdnefcjfnflcpp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--63557ff6-218f-4e58-b3d4-42555616073a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.184949Z", "modified": "2026-06-02T15:57:34.184949Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fmchencccolmmgjmaahfhpglemdcjfll) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmchencccolmmgjmaahfhpglemdcjfll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.18491Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmchencccolmmgjmaahfhpglemdcjfll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmchencccolmmgjmaahfhpglemdcjfll", "external_id": "fmchencccolmmgjmaahfhpglemdcjfll"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d01c8d4f-94e5-498e-a0ed-c9c513764aa9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.185933Z", "modified": "2026-06-02T15:57:34.185933Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fmkcleogbiclpgpfdmnmffhamhkbnifi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmkcleogbiclpgpfdmnmffhamhkbnifi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.185897Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmkcleogbiclpgpfdmnmffhamhkbnifi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmkcleogbiclpgpfdmnmffhamhkbnifi", "external_id": "fmkcleogbiclpgpfdmnmffhamhkbnifi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e4e947e8-6f87-4fea-ac93-eb77344a1641", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.187067Z", "modified": "2026-06-02T15:57:34.187067Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fmmfeaoidanfcipomjfolmchjdnhmaio) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmmfeaoidanfcipomjfolmchjdnhmaio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.187029Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmmfeaoidanfcipomjfolmchjdnhmaio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmmfeaoidanfcipomjfolmchjdnhmaio", "external_id": "fmmfeaoidanfcipomjfolmchjdnhmaio"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--92b0614d-372e-4029-a4ed-c94ef2c21681", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.188069Z", "modified": "2026-06-02T15:57:34.188069Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fmnadcdniomhekonddamdlciknhnnjfl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmnadcdniomhekonddamdlciknhnnjfl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.188032Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmnadcdniomhekonddamdlciknhnnjfl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmnadcdniomhekonddamdlciknhnnjfl", "external_id": "fmnadcdniomhekonddamdlciknhnnjfl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1950633e-9804-4ba4-a454-91f92b60cd7d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.18906Z", "modified": "2026-06-02T15:57:34.18906Z", "name": "Malicious Extension: Search GPT for Chrome", "description": "Malicious browser extension: Search GPT for Chrome (fmncmpginchogfdnjfeopdopoiegjjjp) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=92). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmncmpginchogfdnjfeopdopoiegjjjp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.189016Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmncmpginchogfdnjfeopdopoiegjjjp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmncmpginchogfdnjfeopdopoiegjjjp", "external_id": "fmncmpginchogfdnjfeopdopoiegjjjp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--458be886-936c-4711-8710-409dde73e3c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.190042Z", "modified": "2026-06-02T15:57:34.190042Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fnbmdanldjcejflmflooiahjmacbkohh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fnbmdanldjcejflmflooiahjmacbkohh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.190005Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fnbmdanldjcejflmflooiahjmacbkohh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fnbmdanldjcejflmflooiahjmacbkohh", "external_id": "fnbmdanldjcejflmflooiahjmacbkohh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f42196de-7669-4657-b9c0-425628f7b516", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.191028Z", "modified": "2026-06-02T15:57:34.191028Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fncbkmmlcehhipmmofdhejcggdapcmon) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fncbkmmlcehhipmmofdhejcggdapcmon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.190987Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fncbkmmlcehhipmmofdhejcggdapcmon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fncbkmmlcehhipmmofdhejcggdapcmon", "external_id": "fncbkmmlcehhipmmofdhejcggdapcmon"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--33ace63a-2ffd-4fae-8592-2f9dead47156", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.192038Z", "modified": "2026-06-02T15:57:34.192038Z", "name": "Malicious Extension: WATSELY", "description": "Malicious browser extension: WATSELY (fnhnkcmbkibeacgbhloapcdgmgfdnpcc) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fnhnkcmbkibeacgbhloapcdgmgfdnpcc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.192001Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:fnhnkcmbkibeacgbhloapcdgmgfdnpcc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fnhnkcmbkibeacgbhloapcdgmgfdnpcc", "external_id": "fnhnkcmbkibeacgbhloapcdgmgfdnpcc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--160c82c1-1ec2-4c20-9736-b31fcadf77be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.193039Z", "modified": "2026-06-02T15:57:34.193039Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fnjinbdmidgjkpmlihcginjipjaoapol) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fnjinbdmidgjkpmlihcginjipjaoapol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.192998Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fnjinbdmidgjkpmlihcginjipjaoapol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fnjinbdmidgjkpmlihcginjipjaoapol", "external_id": "fnjinbdmidgjkpmlihcginjipjaoapol"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6008d0fd-41ec-4f51-bd59-1b6bd77ebfb9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.194172Z", "modified": "2026-06-02T15:57:34.194172Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fnjnkjpjljhkeoofdjepachfjdagdafb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fnjnkjpjljhkeoofdjepachfjdagdafb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.194136Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fnjnkjpjljhkeoofdjepachfjdagdafb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fnjnkjpjljhkeoofdjepachfjdagdafb", "external_id": "fnjnkjpjljhkeoofdjepachfjdagdafb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7500119f-14a0-4352-a184-638c15feaac1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.195179Z", "modified": "2026-06-02T15:57:34.195179Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fnlnhcbjijmpajeppnnmkeagdmnlgihp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fnlnhcbjijmpajeppnnmkeagdmnlgihp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.195139Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fnlnhcbjijmpajeppnnmkeagdmnlgihp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fnlnhcbjijmpajeppnnmkeagdmnlgihp", "external_id": "fnlnhcbjijmpajeppnnmkeagdmnlgihp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--88666eeb-84ff-44fa-bc46-90dc97e1ed59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.196171Z", "modified": "2026-06-02T15:57:34.196171Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fnpejdoiggdgagmdfmkllgfpagjgjfoi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fnpejdoiggdgagmdfmkllgfpagjgjfoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.196134Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fnpejdoiggdgagmdfmkllgfpagjgjfoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fnpejdoiggdgagmdfmkllgfpagjgjfoi", "external_id": "fnpejdoiggdgagmdfmkllgfpagjgjfoi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--60851ffd-da0a-4f99-9fa0-ce9f66214429", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.197159Z", "modified": "2026-06-02T15:57:34.197159Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fodcokjckpkfpegbekkiallamhedahjd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fodcokjckpkfpegbekkiallamhedahjd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.197121Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fodcokjckpkfpegbekkiallamhedahjd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fodcokjckpkfpegbekkiallamhedahjd", "external_id": "fodcokjckpkfpegbekkiallamhedahjd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--30f83e37-52ba-43a9-880e-abeba5667358", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.198145Z", "modified": "2026-06-02T15:57:34.198145Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fohllhaekplgfcocgdbdaghdaphgekjl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fohllhaekplgfcocgdbdaghdaphgekjl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.198108Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fohllhaekplgfcocgdbdaghdaphgekjl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fohllhaekplgfcocgdbdaghdaphgekjl", "external_id": "fohllhaekplgfcocgdbdaghdaphgekjl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0a0ac034-2adc-4810-8ae0-2ffd5c7e29b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.19913Z", "modified": "2026-06-02T15:57:34.19913Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fojomppheellamdaddnbgommepnlkooh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fojomppheellamdaddnbgommepnlkooh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.199082Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fojomppheellamdaddnbgommepnlkooh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fojomppheellamdaddnbgommepnlkooh", "external_id": "fojomppheellamdaddnbgommepnlkooh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e7257ab7-4dab-4cd2-af3f-ed7073a7c283", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.200126Z", "modified": "2026-06-02T15:57:34.200126Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (folibpljgmababjognjpcidiakiffhhj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/folibpljgmababjognjpcidiakiffhhj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.20009Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:folibpljgmababjognjpcidiakiffhhj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/folibpljgmababjognjpcidiakiffhhj", "external_id": "folibpljgmababjognjpcidiakiffhhj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--feb47413-134e-44c6-b2c6-e9d433c1999e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.201256Z", "modified": "2026-06-02T15:57:34.201256Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fomlombffdkflbliepgpgcnagolnegjn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fomlombffdkflbliepgpgcnagolnegjn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.201219Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fomlombffdkflbliepgpgcnagolnegjn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fomlombffdkflbliepgpgcnagolnegjn", "external_id": "fomlombffdkflbliepgpgcnagolnegjn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--76360205-bdbf-4131-99f5-df7769c344b7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.202264Z", "modified": "2026-06-02T15:57:34.202264Z", "name": "Malicious Extension: To Talk Connect", "description": "Malicious browser extension: To Talk Connect (foodgdffkpakghokjoemdblocpijcdgd) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/foodgdffkpakghokjoemdblocpijcdgd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.202228Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:foodgdffkpakghokjoemdblocpijcdgd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/foodgdffkpakghokjoemdblocpijcdgd", "external_id": "foodgdffkpakghokjoemdblocpijcdgd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--915e5c5c-6a1e-4782-b175-0426259306e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.203323Z", "modified": "2026-06-02T15:57:34.203323Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fpafokmkjcnkflboiefkiokbklpjbfpp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fpafokmkjcnkflboiefkiokbklpjbfpp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.203284Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fpafokmkjcnkflboiefkiokbklpjbfpp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fpafokmkjcnkflboiefkiokbklpjbfpp", "external_id": "fpafokmkjcnkflboiefkiokbklpjbfpp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cdc95af9-0a53-497f-91d6-5487b8f9cb4e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.204342Z", "modified": "2026-06-02T15:57:34.204342Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fpeabamapgecnidibdmjoepaiehokgda) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fpeabamapgecnidibdmjoepaiehokgda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.204304Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fpeabamapgecnidibdmjoepaiehokgda", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fpeabamapgecnidibdmjoepaiehokgda", "external_id": "fpeabamapgecnidibdmjoepaiehokgda"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--73b1eeed-a0ba-4d26-8799-5797731d947d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.20535Z", "modified": "2026-06-02T15:57:34.20535Z", "name": "Malicious Extension: Squid Game Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Squid Game Cursor \u2605 Custom Cursor for Chrome\u2122 (fphiegmeigkjnjcpmdoecllfeanfbbhd) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=52). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fphiegmeigkjnjcpmdoecllfeanfbbhd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.205313Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fphiegmeigkjnjcpmdoecllfeanfbbhd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fphiegmeigkjnjcpmdoecllfeanfbbhd", "external_id": "fphiegmeigkjnjcpmdoecllfeanfbbhd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--88e31ac9-c5f0-42cb-9f76-542d80fe03ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.206371Z", "modified": "2026-06-02T15:57:34.206371Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fpieikfplpkakilnkbplekppmhbpmdkp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fpieikfplpkakilnkbplekppmhbpmdkp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.206333Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fpieikfplpkakilnkbplekppmhbpmdkp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fpieikfplpkakilnkbplekppmhbpmdkp", "external_id": "fpieikfplpkakilnkbplekppmhbpmdkp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8a80eb39-ed19-4f90-aaf0-8edbd0e279c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.207379Z", "modified": "2026-06-02T15:57:34.207379Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fpieoaljohacioniphjfgjhdlgciekdj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fpieoaljohacioniphjfgjhdlgciekdj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.207341Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fpieoaljohacioniphjfgjhdlgciekdj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fpieoaljohacioniphjfgjhdlgciekdj", "external_id": "fpieoaljohacioniphjfgjhdlgciekdj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dfe1a2d6-31fb-4246-91c3-8676ccf44e7b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.20853Z", "modified": "2026-06-02T15:57:34.20853Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fpmkabpaklbhbhegegapfkenkmpipick) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fpmkabpaklbhbhegegapfkenkmpipick']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.208493Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fpmkabpaklbhbhegegapfkenkmpipick", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fpmkabpaklbhbhegegapfkenkmpipick", "external_id": "fpmkabpaklbhbhegegapfkenkmpipick"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--645e6c5b-73e7-44ad-9d5a-c9c577f97bb3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.209527Z", "modified": "2026-06-02T15:57:34.209527Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fpokgjmlcemklhmilomcljolhnbaaajk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fpokgjmlcemklhmilomcljolhnbaaajk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.20949Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fpokgjmlcemklhmilomcljolhnbaaajk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fpokgjmlcemklhmilomcljolhnbaaajk", "external_id": "fpokgjmlcemklhmilomcljolhnbaaajk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2b372410-a094-4474-816a-729fc6599c4f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.21051Z", "modified": "2026-06-02T15:57:34.21051Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fppbiomdkfbhgjjdmojlogeceejinadg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fppbiomdkfbhgjjdmojlogeceejinadg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.210473Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fppbiomdkfbhgjjdmojlogeceejinadg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fppbiomdkfbhgjjdmojlogeceejinadg", "external_id": "fppbiomdkfbhgjjdmojlogeceejinadg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cf27ab6e-629d-48d4-80e9-0b5ac2b58bea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.211514Z", "modified": "2026-06-02T15:57:34.211514Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (fppchnhginnfabgenhihpncnphhafmac) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fppchnhginnfabgenhihpncnphhafmac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.211477Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fppchnhginnfabgenhihpncnphhafmac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fppchnhginnfabgenhihpncnphhafmac", "external_id": "fppchnhginnfabgenhihpncnphhafmac"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b1d2166c-59dd-46f0-bb51-08cfa25c24ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.212502Z", "modified": "2026-06-02T15:57:34.212502Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gaajcpnkapnemeiohoighjmjknpfcdfd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gaajcpnkapnemeiohoighjmjknpfcdfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.212465Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gaajcpnkapnemeiohoighjmjknpfcdfd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gaajcpnkapnemeiohoighjmjknpfcdfd", "external_id": "gaajcpnkapnemeiohoighjmjknpfcdfd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3f07b45e-e6c2-49b1-a7a7-aec05f7b3273", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.213503Z", "modified": "2026-06-02T15:57:34.213503Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gabfmnliflodkdafenbcpjdlppllnemd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gabfmnliflodkdafenbcpjdlppllnemd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.213465Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gabfmnliflodkdafenbcpjdlppllnemd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gabfmnliflodkdafenbcpjdlppllnemd", "external_id": "gabfmnliflodkdafenbcpjdlppllnemd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--42da7696-fe37-4714-acfa-ad33d39ac7cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.214503Z", "modified": "2026-06-02T15:57:34.214503Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gadbpecoinogdkljjbjffmiijpebooce) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gadbpecoinogdkljjbjffmiijpebooce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.214466Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gadbpecoinogdkljjbjffmiijpebooce", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gadbpecoinogdkljjbjffmiijpebooce", "external_id": "gadbpecoinogdkljjbjffmiijpebooce"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f9ad5df2-cc58-47b3-a05c-a0f0ce2c7939", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.215652Z", "modified": "2026-06-02T15:57:34.215652Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gadjnphfolikkffmppnicebdfimlblkj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gadjnphfolikkffmppnicebdfimlblkj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.215615Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gadjnphfolikkffmppnicebdfimlblkj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gadjnphfolikkffmppnicebdfimlblkj", "external_id": "gadjnphfolikkffmppnicebdfimlblkj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7adf4914-d05a-4c0c-b9f3-8e40afd4efc1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.216656Z", "modified": "2026-06-02T15:57:34.216656Z", "name": "Malicious Extension: WAURA", "description": "Malicious browser extension: WAURA (gadlhgaecbhahkiojnnfnkklomflhifh) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gadlhgaecbhahkiojnnfnkklomflhifh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.21662Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gadlhgaecbhahkiojnnfnkklomflhifh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gadlhgaecbhahkiojnnfnkklomflhifh", "external_id": "gadlhgaecbhahkiojnnfnkklomflhifh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--874861d6-b31d-4490-a8cb-e42f7ccc138d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.217648Z", "modified": "2026-06-02T15:57:34.217648Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gagalembdijfidddhaajmgfookbakolp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gagalembdijfidddhaajmgfookbakolp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.217611Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gagalembdijfidddhaajmgfookbakolp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gagalembdijfidddhaajmgfookbakolp", "external_id": "gagalembdijfidddhaajmgfookbakolp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--50942b1a-7443-4b3c-9cf2-8f6de9f0ad69", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.218637Z", "modified": "2026-06-02T15:57:34.218637Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (galalkniidllnlfghikjienlfgfbjibj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/galalkniidllnlfghikjienlfgfbjibj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.218601Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:galalkniidllnlfghikjienlfgfbjibj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/galalkniidllnlfghikjienlfgfbjibj", "external_id": "galalkniidllnlfghikjienlfgfbjibj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b06aea95-32af-4405-a818-14c519e11b8c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.21965Z", "modified": "2026-06-02T15:57:34.21965Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ganbipgooebabahkemagcehplknpffgk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ganbipgooebabahkemagcehplknpffgk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.219611Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ganbipgooebabahkemagcehplknpffgk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ganbipgooebabahkemagcehplknpffgk", "external_id": "ganbipgooebabahkemagcehplknpffgk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--736460cb-91b6-4311-98aa-994e4a86bd46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.22064Z", "modified": "2026-06-02T15:57:34.22064Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gbcgjnbccjojicobfimcnfjddhpphaod) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gbcgjnbccjojicobfimcnfjddhpphaod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.220603Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gbcgjnbccjojicobfimcnfjddhpphaod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gbcgjnbccjojicobfimcnfjddhpphaod", "external_id": "gbcgjnbccjojicobfimcnfjddhpphaod"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--90bb6d54-b5eb-46fe-822d-6821fa5039ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.221637Z", "modified": "2026-06-02T15:57:34.221637Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gbcjipmcpedgndgdnfofbhgnkmghoamm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gbcjipmcpedgndgdnfofbhgnkmghoamm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.2216Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gbcjipmcpedgndgdnfofbhgnkmghoamm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gbcjipmcpedgndgdnfofbhgnkmghoamm", "external_id": "gbcjipmcpedgndgdnfofbhgnkmghoamm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5a818ef1-2a38-449a-a986-98724d003144", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.222774Z", "modified": "2026-06-02T15:57:34.222774Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gbnjejhgognmdkjeljbpecpnanakcooh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gbnjejhgognmdkjeljbpecpnanakcooh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.222738Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gbnjejhgognmdkjeljbpecpnanakcooh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gbnjejhgognmdkjeljbpecpnanakcooh", "external_id": "gbnjejhgognmdkjeljbpecpnanakcooh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--90e96d7c-9df9-4fc6-9d4a-0248e385d750", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.223774Z", "modified": "2026-06-02T15:57:34.223774Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gbplafaelmgboglkaebmbkjnilcpkklf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gbplafaelmgboglkaebmbkjnilcpkklf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.223738Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gbplafaelmgboglkaebmbkjnilcpkklf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gbplafaelmgboglkaebmbkjnilcpkklf", "external_id": "gbplafaelmgboglkaebmbkjnilcpkklf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2c28bfa1-4ae9-44cf-a12a-3dcefa1d4dc4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.22476Z", "modified": "2026-06-02T15:57:34.22476Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gcbffpnpjigagefdgfonginepkpabioi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gcbffpnpjigagefdgfonginepkpabioi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.224723Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gcbffpnpjigagefdgfonginepkpabioi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gcbffpnpjigagefdgfonginepkpabioi", "external_id": "gcbffpnpjigagefdgfonginepkpabioi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0434688a-85e8-4d56-821a-180b9f6af417", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.225741Z", "modified": "2026-06-02T15:57:34.225741Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gcccfoehonbolcpaefopkboppjiaamkc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gcccfoehonbolcpaefopkboppjiaamkc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.225703Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gcccfoehonbolcpaefopkboppjiaamkc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gcccfoehonbolcpaefopkboppjiaamkc", "external_id": "gcccfoehonbolcpaefopkboppjiaamkc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--15ad5239-88a4-410e-9624-8f75aa835d75", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.226958Z", "modified": "2026-06-02T15:57:34.226958Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gccmamojpfldicdmgjdiacabcmbfmofb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gccmamojpfldicdmgjdiacabcmbfmofb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.22692Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gccmamojpfldicdmgjdiacabcmbfmofb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gccmamojpfldicdmgjdiacabcmbfmofb", "external_id": "gccmamojpfldicdmgjdiacabcmbfmofb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--47db011c-0b25-47d3-b069-385df6364dd0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.227986Z", "modified": "2026-06-02T15:57:34.227986Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gcdfailafdfjbailcdcbjmeginhncjkb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gcdfailafdfjbailcdcbjmeginhncjkb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.227949Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gcdfailafdfjbailcdcbjmeginhncjkb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gcdfailafdfjbailcdcbjmeginhncjkb", "external_id": "gcdfailafdfjbailcdcbjmeginhncjkb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--23e6d41a-6a32-4b68-bc99-5cdf62cf2643", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.228975Z", "modified": "2026-06-02T15:57:34.228975Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gceoelahanekobagpkcelbhagpoaidij) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gceoelahanekobagpkcelbhagpoaidij']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.228933Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gceoelahanekobagpkcelbhagpoaidij", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gceoelahanekobagpkcelbhagpoaidij", "external_id": "gceoelahanekobagpkcelbhagpoaidij"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ce82ac15-dd21-4312-babb-334648a821fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.230123Z", "modified": "2026-06-02T15:57:34.230123Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gcfianbpjcfkafpiadmheejkokcmdkjl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gcfianbpjcfkafpiadmheejkokcmdkjl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.230085Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gcfianbpjcfkafpiadmheejkokcmdkjl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gcfianbpjcfkafpiadmheejkokcmdkjl", "external_id": "gcfianbpjcfkafpiadmheejkokcmdkjl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--50ea6377-99f9-47de-8f08-02022fb7fc31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.231118Z", "modified": "2026-06-02T15:57:34.231118Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gclgncjpanihjpbjbecgfmfnipggcckn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gclgncjpanihjpbjbecgfmfnipggcckn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.231071Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gclgncjpanihjpbjbecgfmfnipggcckn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gclgncjpanihjpbjbecgfmfnipggcckn", "external_id": "gclgncjpanihjpbjbecgfmfnipggcckn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--63bd328d-db3f-4968-8957-907c7133dc6a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.232111Z", "modified": "2026-06-02T15:57:34.232111Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gcogpdjkkamgkakkjgeefgpcheonclca) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gcogpdjkkamgkakkjgeefgpcheonclca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.232073Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gcogpdjkkamgkakkjgeefgpcheonclca", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gcogpdjkkamgkakkjgeefgpcheonclca", "external_id": "gcogpdjkkamgkakkjgeefgpcheonclca"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7290affb-3eff-4733-91a1-ed4b2f42200d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.233111Z", "modified": "2026-06-02T15:57:34.233111Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gcokaajpfngffiofmmgadkjhopjaklhj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gcokaajpfngffiofmmgadkjhopjaklhj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.233072Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gcokaajpfngffiofmmgadkjhopjaklhj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gcokaajpfngffiofmmgadkjhopjaklhj", "external_id": "gcokaajpfngffiofmmgadkjhopjaklhj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1fe59cb2-22f4-4269-b9c1-8fe19fadbec5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.234098Z", "modified": "2026-06-02T15:57:34.234098Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gddkghdkhhlihaabphhnjbhdoiifhcpa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gddkghdkhhlihaabphhnjbhdoiifhcpa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.234061Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gddkghdkhhlihaabphhnjbhdoiifhcpa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gddkghdkhhlihaabphhnjbhdoiifhcpa", "external_id": "gddkghdkhhlihaabphhnjbhdoiifhcpa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2beac7b8-6b35-4996-9ce5-25715c7d4c1f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.235081Z", "modified": "2026-06-02T15:57:34.235081Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gdfjahfbaillhkeigeinoomhjnfajbon) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gdfjahfbaillhkeigeinoomhjnfajbon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.235045Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gdfjahfbaillhkeigeinoomhjnfajbon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gdfjahfbaillhkeigeinoomhjnfajbon", "external_id": "gdfjahfbaillhkeigeinoomhjnfajbon"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--139d62bf-3c4b-484b-83c1-8c85d0a73f96", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.236081Z", "modified": "2026-06-02T15:57:34.236081Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gdldfceehpabhcehoglbnfgkdpgnnelo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gdldfceehpabhcehoglbnfgkdpgnnelo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.236044Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gdldfceehpabhcehoglbnfgkdpgnnelo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gdldfceehpabhcehoglbnfgkdpgnnelo", "external_id": "gdldfceehpabhcehoglbnfgkdpgnnelo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c7599f0e-20fc-4813-a9a5-e960120cae1b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.237222Z", "modified": "2026-06-02T15:57:34.237222Z", "name": "Malicious Extension: Winnie The Pooh Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Winnie The Pooh Cursor \u2605 Custom Cursor for Chrome\u2122 (gdnhbhfhnjcfhakagfdeeblhnpjcfjnn) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gdnhbhfhnjcfhakagfdeeblhnpjcfjnn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.237185Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gdnhbhfhnjcfhakagfdeeblhnpjcfjnn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gdnhbhfhnjcfhakagfdeeblhnpjcfjnn", "external_id": "gdnhbhfhnjcfhakagfdeeblhnpjcfjnn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9f32cc2c-d630-4c75-ae58-f708ba243135", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.238227Z", "modified": "2026-06-02T15:57:34.238227Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gdnhikbabcflemolpeaaknnieodgpiie) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gdnhikbabcflemolpeaaknnieodgpiie']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.23819Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gdnhikbabcflemolpeaaknnieodgpiie", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gdnhikbabcflemolpeaaknnieodgpiie", "external_id": "gdnhikbabcflemolpeaaknnieodgpiie"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--afc663aa-ea56-44d7-a3ca-e5cd5fa1f4e8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.239238Z", "modified": "2026-06-02T15:57:34.239238Z", "name": "Malicious Extension: \u0130SGPratik Bot", "description": "Malicious browser extension: \u0130SGPratik Bot (gejgekoijpmoplecdpbbnldgcbhnfmpo) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=42). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gejgekoijpmoplecdpbbnldgcbhnfmpo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.239201Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gejgekoijpmoplecdpbbnldgcbhnfmpo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gejgekoijpmoplecdpbbnldgcbhnfmpo", "external_id": "gejgekoijpmoplecdpbbnldgcbhnfmpo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6221e699-a326-4b12-acc4-7343c016e05f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.240234Z", "modified": "2026-06-02T15:57:34.240234Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gekkidfpdpfnbdndcomgknkohnpihooh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gekkidfpdpfnbdndcomgknkohnpihooh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.240197Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gekkidfpdpfnbdndcomgknkohnpihooh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gekkidfpdpfnbdndcomgknkohnpihooh", "external_id": "gekkidfpdpfnbdndcomgknkohnpihooh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7754104a-58b6-4444-acc5-1b0c685eeb4e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.241215Z", "modified": "2026-06-02T15:57:34.241215Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gengfhhkjekmlejbhmmopegofnoifnjp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gengfhhkjekmlejbhmmopegofnoifnjp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.241178Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gengfhhkjekmlejbhmmopegofnoifnjp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gengfhhkjekmlejbhmmopegofnoifnjp", "external_id": "gengfhhkjekmlejbhmmopegofnoifnjp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--483f2239-5c30-469b-a839-8e581a477110", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.24219Z", "modified": "2026-06-02T15:57:34.24219Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gfcligffighgnnfljcamdhgppbgfjddb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gfcligffighgnnfljcamdhgppbgfjddb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.242153Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gfcligffighgnnfljcamdhgppbgfjddb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gfcligffighgnnfljcamdhgppbgfjddb", "external_id": "gfcligffighgnnfljcamdhgppbgfjddb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c89fa11f-d4cd-40b8-8988-6c220e6678ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.243188Z", "modified": "2026-06-02T15:57:34.243188Z", "name": "Malicious Extension: Amazon Keyword Cloud Generator", "description": "Malicious browser extension: Amazon Keyword Cloud Generator (gfdbbmngalhmegpkejhidhgdpmehlmnd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gfdbbmngalhmegpkejhidhgdpmehlmnd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.243145Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gfdbbmngalhmegpkejhidhgdpmehlmnd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gfdbbmngalhmegpkejhidhgdpmehlmnd", "external_id": "gfdbbmngalhmegpkejhidhgdpmehlmnd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--95659260-bb09-4c74-8c8a-47f653cf5218", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.245169Z", "modified": "2026-06-02T15:57:34.245169Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gfechfioaanebemclajhfgkfaopcaibo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gfechfioaanebemclajhfgkfaopcaibo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.245129Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gfechfioaanebemclajhfgkfaopcaibo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gfechfioaanebemclajhfgkfaopcaibo", "external_id": "gfechfioaanebemclajhfgkfaopcaibo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5857f656-1148-45d2-9013-6756cb82812e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.246242Z", "modified": "2026-06-02T15:57:34.246242Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gfgpciipppjpfjmjhcjmfnapfilhikdg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gfgpciipppjpfjmjhcjmfnapfilhikdg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.246204Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gfgpciipppjpfjmjhcjmfnapfilhikdg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gfgpciipppjpfjmjhcjmfnapfilhikdg", "external_id": "gfgpciipppjpfjmjhcjmfnapfilhikdg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e24b7ea5-b723-48f0-811d-551cff262356", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.247272Z", "modified": "2026-06-02T15:57:34.247272Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gfjnealmblpoonngajddhaenfebhfajh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gfjnealmblpoonngajddhaenfebhfajh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.247234Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gfjnealmblpoonngajddhaenfebhfajh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gfjnealmblpoonngajddhaenfebhfajh", "external_id": "gfjnealmblpoonngajddhaenfebhfajh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8c61b092-1961-475d-acaa-2649f93c9dee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.24827Z", "modified": "2026-06-02T15:57:34.24827Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ggfemjndlhnpnjinndhpkfnnhdchchde) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ggfemjndlhnpnjinndhpkfnnhdchchde']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.248233Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ggfemjndlhnpnjinndhpkfnnhdchchde", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ggfemjndlhnpnjinndhpkfnnhdchchde", "external_id": "ggfemjndlhnpnjinndhpkfnnhdchchde"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f1f323ca-f031-4dbc-9639-0b0adcbb5a26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.249264Z", "modified": "2026-06-02T15:57:34.249264Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gghdfkafnhfpaooiolhncejnlgglhkhe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gghdfkafnhfpaooiolhncejnlgglhkhe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.249219Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gghdfkafnhfpaooiolhncejnlgglhkhe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gghdfkafnhfpaooiolhncejnlgglhkhe", "external_id": "gghdfkafnhfpaooiolhncejnlgglhkhe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ea106bb5-b5ad-4f5e-be4a-a28a60d39dbf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.250249Z", "modified": "2026-06-02T15:57:34.250249Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ggijepplmdjopbidkeoeheohojgiclma) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ggijepplmdjopbidkeoeheohojgiclma']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.250212Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ggijepplmdjopbidkeoeheohojgiclma", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ggijepplmdjopbidkeoeheohojgiclma", "external_id": "ggijepplmdjopbidkeoeheohojgiclma"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d3040d6e-cf2b-4782-8501-f51e82d4dc96", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.251258Z", "modified": "2026-06-02T15:57:34.251258Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ggjlkinaanncojaippgbndimlhcdlohf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ggjlkinaanncojaippgbndimlhcdlohf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.251218Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ggjlkinaanncojaippgbndimlhcdlohf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ggjlkinaanncojaippgbndimlhcdlohf", "external_id": "ggjlkinaanncojaippgbndimlhcdlohf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dfcd7886-a068-4362-92df-d1be2f5597cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.252431Z", "modified": "2026-06-02T15:57:34.252431Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gglbjeoapomacolgaddjppmbdncglcio) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gglbjeoapomacolgaddjppmbdncglcio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.252394Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gglbjeoapomacolgaddjppmbdncglcio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gglbjeoapomacolgaddjppmbdncglcio", "external_id": "gglbjeoapomacolgaddjppmbdncglcio"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--83ccc42b-7b50-4250-96d5-744efd6fa314", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.253443Z", "modified": "2026-06-02T15:57:34.253443Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ghaggkcfafofhcfppignflhlocmcfimd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ghaggkcfafofhcfppignflhlocmcfimd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.253405Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ghaggkcfafofhcfppignflhlocmcfimd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ghaggkcfafofhcfppignflhlocmcfimd", "external_id": "ghaggkcfafofhcfppignflhlocmcfimd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--41429ac7-3f44-42c7-bf55-5ea72a979929", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.254478Z", "modified": "2026-06-02T15:57:34.254478Z", "name": "Malicious Extension: WaBest", "description": "Malicious browser extension: WaBest (ghajfmiecdhdkifpapbjngmcdbedjmgg) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ghajfmiecdhdkifpapbjngmcdbedjmgg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.25444Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ghajfmiecdhdkifpapbjngmcdbedjmgg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ghajfmiecdhdkifpapbjngmcdbedjmgg", "external_id": "ghajfmiecdhdkifpapbjngmcdbedjmgg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b678006d-bb7c-41b8-a302-c0a73042a4c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.255492Z", "modified": "2026-06-02T15:57:34.255492Z", "name": "Malicious Extension: FATURE MAIS", "description": "Malicious browser extension: FATURE MAIS (ghfhbalboihigmncnabikapdldfdikng) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ghfhbalboihigmncnabikapdldfdikng']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.255454Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ghfhbalboihigmncnabikapdldfdikng", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ghfhbalboihigmncnabikapdldfdikng", "external_id": "ghfhbalboihigmncnabikapdldfdikng"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dfc336ba-ab95-4fa5-aa88-42aa8d185919", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.256476Z", "modified": "2026-06-02T15:57:34.256476Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ghhddclfklljabeodmcejjjlhoaaiban) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ghhddclfklljabeodmcejjjlhoaaiban']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.256438Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ghhddclfklljabeodmcejjjlhoaaiban", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ghhddclfklljabeodmcejjjlhoaaiban", "external_id": "ghhddclfklljabeodmcejjjlhoaaiban"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7d348c85-eaae-43fe-ab9d-4f94cff2061e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.257463Z", "modified": "2026-06-02T15:57:34.257463Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ghiknhfdbocjbinidgohlpaccgpjfolj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ghiknhfdbocjbinidgohlpaccgpjfolj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.25742Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ghiknhfdbocjbinidgohlpaccgpjfolj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ghiknhfdbocjbinidgohlpaccgpjfolj", "external_id": "ghiknhfdbocjbinidgohlpaccgpjfolj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--66960c81-ec1f-4f0c-a951-de5ee8c26d02", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.258451Z", "modified": "2026-06-02T15:57:34.258451Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ghoagfhlabpingcilncecimoegncljmd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ghoagfhlabpingcilncecimoegncljmd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.258414Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ghoagfhlabpingcilncecimoegncljmd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ghoagfhlabpingcilncecimoegncljmd", "external_id": "ghoagfhlabpingcilncecimoegncljmd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--71b61c14-6d16-4acd-8579-e3ccae6c2e5f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.259615Z", "modified": "2026-06-02T15:57:34.259615Z", "name": "Malicious Extension: DeepSeek v3", "description": "Malicious browser extension: DeepSeek v3 (giaooddllfkkkblpaedgkhfmhocponbo) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=72). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/giaooddllfkkkblpaedgkhfmhocponbo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.259577Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:giaooddllfkkkblpaedgkhfmhocponbo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/giaooddllfkkkblpaedgkhfmhocponbo", "external_id": "giaooddllfkkkblpaedgkhfmhocponbo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fa10461f-ba43-46fe-9377-5a35f6a41af7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.260613Z", "modified": "2026-06-02T15:57:34.260613Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gibojgncpopnmbjnfdgnfihhkpooodie) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gibojgncpopnmbjnfdgnfihhkpooodie']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.260576Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gibojgncpopnmbjnfdgnfihhkpooodie", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gibojgncpopnmbjnfdgnfihhkpooodie", "external_id": "gibojgncpopnmbjnfdgnfihhkpooodie"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--43d0d57a-410d-41ba-881c-7c9934aaad79", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.261593Z", "modified": "2026-06-02T15:57:34.261593Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (giecgobdmgdamgffeoankaipjkdjbfep) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/giecgobdmgdamgffeoankaipjkdjbfep']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.261556Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:giecgobdmgdamgffeoankaipjkdjbfep", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/giecgobdmgdamgffeoankaipjkdjbfep", "external_id": "giecgobdmgdamgffeoankaipjkdjbfep"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--492c44d9-a92b-4c01-a84f-c451ff4a04dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.262581Z", "modified": "2026-06-02T15:57:34.262581Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gihpjdkaalndncchppfeoeeelkdemfim) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gihpjdkaalndncchppfeoeeelkdemfim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.262544Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gihpjdkaalndncchppfeoeeelkdemfim", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gihpjdkaalndncchppfeoeeelkdemfim", "external_id": "gihpjdkaalndncchppfeoeeelkdemfim"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fe4099ba-f034-4bc2-9f4b-f6ac9674824a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.263575Z", "modified": "2026-06-02T15:57:34.263575Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gijlkeaijpeaoihdajcgmiajeoonnkoj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gijlkeaijpeaoihdajcgmiajeoonnkoj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.263537Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gijlkeaijpeaoihdajcgmiajeoonnkoj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gijlkeaijpeaoihdajcgmiajeoonnkoj", "external_id": "gijlkeaijpeaoihdajcgmiajeoonnkoj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--143d1647-aa0a-4689-9b26-4d553ae23ed3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.264566Z", "modified": "2026-06-02T15:57:34.264566Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gikcjnmpegacammmaigabkhiifjdacec) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gikcjnmpegacammmaigabkhiifjdacec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.264529Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gikcjnmpegacammmaigabkhiifjdacec", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gikcjnmpegacammmaigabkhiifjdacec", "external_id": "gikcjnmpegacammmaigabkhiifjdacec"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--31cb34a8-7b37-4284-90de-302b236db0e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.265553Z", "modified": "2026-06-02T15:57:34.265553Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (giofhmdgihebfjkdadokickedgbbglcf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/giofhmdgihebfjkdadokickedgbbglcf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.265515Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:giofhmdgihebfjkdadokickedgbbglcf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/giofhmdgihebfjkdadokickedgbbglcf", "external_id": "giofhmdgihebfjkdadokickedgbbglcf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c16bc8ec-5632-42a0-89e6-c433306b7d69", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.2667Z", "modified": "2026-06-02T15:57:34.2667Z", "name": "Malicious Extension: WhaScale - Um passo \u00e0 frente do seu concorrente", "description": "Malicious browser extension: WhaScale - Um passo \u00e0 frente do seu concorrente (gjbfdbkfhgdfiieppgdpbglhjhljhhmk) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gjbfdbkfhgdfiieppgdpbglhjhljhhmk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.266663Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gjbfdbkfhgdfiieppgdpbglhjhljhhmk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gjbfdbkfhgdfiieppgdpbglhjhljhhmk", "external_id": "gjbfdbkfhgdfiieppgdpbglhjhljhhmk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dba2092d-1456-43a6-82f5-a777e5d269f4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.267723Z", "modified": "2026-06-02T15:57:34.267723Z", "name": "Malicious Extension: SutoflyCRM, WhatsApp Web organizado, automatizado e vendendo", "description": "Malicious browser extension: SutoflyCRM, WhatsApp Web organizado, automatizado e vendendo (gjdchlihfacnabnppldhmnimolipgnmj) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gjdchlihfacnabnppldhmnimolipgnmj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.267685Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gjdchlihfacnabnppldhmnimolipgnmj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gjdchlihfacnabnppldhmnimolipgnmj", "external_id": "gjdchlihfacnabnppldhmnimolipgnmj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c8ad2a2e-225e-41a8-8c20-6d8af0ff51f4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.268713Z", "modified": "2026-06-02T15:57:34.268713Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gjjlblcalfeokfdpnbmgjplphbkacpbd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gjjlblcalfeokfdpnbmgjplphbkacpbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.268672Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gjjlblcalfeokfdpnbmgjplphbkacpbd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gjjlblcalfeokfdpnbmgjplphbkacpbd", "external_id": "gjjlblcalfeokfdpnbmgjplphbkacpbd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4a1b8a2a-615f-43a2-983b-29182c531329", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.269697Z", "modified": "2026-06-02T15:57:34.269697Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gjkjjhgjcalgefcimahpbacihndicccn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gjkjjhgjcalgefcimahpbacihndicccn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.269659Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gjkjjhgjcalgefcimahpbacihndicccn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gjkjjhgjcalgefcimahpbacihndicccn", "external_id": "gjkjjhgjcalgefcimahpbacihndicccn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cded9ab6-5580-41ca-a0fb-88c46aa0c678", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.270676Z", "modified": "2026-06-02T15:57:34.270676Z", "name": "Malicious Extension: Shopify Search By Image", "description": "Malicious browser extension: Shopify Search By Image (gjlbbcimkbncedhofeknicfkhgaocohl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gjlbbcimkbncedhofeknicfkhgaocohl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.270639Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gjlbbcimkbncedhofeknicfkhgaocohl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gjlbbcimkbncedhofeknicfkhgaocohl", "external_id": "gjlbbcimkbncedhofeknicfkhgaocohl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3a9eac9a-d870-4a27-bafe-dc45f9bcf05d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.27169Z", "modified": "2026-06-02T15:57:34.27169Z", "name": "Malicious Extension: waTidy : CRM no whatsapp, Automa\u00e7\u00f5es e Ferramentas para venda", "description": "Malicious browser extension: waTidy : CRM no whatsapp, Automa\u00e7\u00f5es e Ferramentas para venda (gjlfpggiddcminhebiejofeglfjmleli) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gjlfpggiddcminhebiejofeglfjmleli']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.271653Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gjlfpggiddcminhebiejofeglfjmleli", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gjlfpggiddcminhebiejofeglfjmleli", "external_id": "gjlfpggiddcminhebiejofeglfjmleli"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--794fb329-6a76-4aa6-807b-35afa9e84bfc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.272665Z", "modified": "2026-06-02T15:57:34.272665Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gjmaklcpjjoobahngamchjbimnofiigm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gjmaklcpjjoobahngamchjbimnofiigm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.272628Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gjmaklcpjjoobahngamchjbimnofiigm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gjmaklcpjjoobahngamchjbimnofiigm", "external_id": "gjmaklcpjjoobahngamchjbimnofiigm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3330d98e-c30b-4f4c-a8bc-8319f889d20b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.273791Z", "modified": "2026-06-02T15:57:34.273791Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gkanlgbbnncfafkhlchnadcopcgjkfli) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gkanlgbbnncfafkhlchnadcopcgjkfli']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.273753Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gkanlgbbnncfafkhlchnadcopcgjkfli", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gkanlgbbnncfafkhlchnadcopcgjkfli", "external_id": "gkanlgbbnncfafkhlchnadcopcgjkfli"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--47c754c7-5dd9-4942-8c3c-fa2194033c0d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.274806Z", "modified": "2026-06-02T15:57:34.274806Z", "name": "Malicious Extension: Brawl Stars Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Brawl Stars Cursor \u2605 Custom Cursor for Chrome\u2122 (gkbilebmkjlflcijbecemkmgkhnenakm) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gkbilebmkjlflcijbecemkmgkhnenakm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.274768Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gkbilebmkjlflcijbecemkmgkhnenakm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gkbilebmkjlflcijbecemkmgkhnenakm", "external_id": "gkbilebmkjlflcijbecemkmgkhnenakm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c8a5b3e0-cffc-4512-b9a6-18fb20931353", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.275817Z", "modified": "2026-06-02T15:57:34.275817Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gkcamdgljboohmjlfmogjnbckhcbpdhi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gkcamdgljboohmjlfmogjnbckhcbpdhi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.27578Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gkcamdgljboohmjlfmogjnbckhcbpdhi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gkcamdgljboohmjlfmogjnbckhcbpdhi", "external_id": "gkcamdgljboohmjlfmogjnbckhcbpdhi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--00300d18-c239-4642-b10c-0a5e4a9d1f73", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.276816Z", "modified": "2026-06-02T15:57:34.276816Z", "name": "Malicious Extension: Whapro \u2013 Automa\u00e7\u00e3o, CRM e Vendas no WhatsApp Web", "description": "Malicious browser extension: Whapro \u2013 Automa\u00e7\u00e3o, CRM e Vendas no WhatsApp Web (gkdefmghclmhookpgciggdhglejpghoc) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gkdefmghclmhookpgciggdhglejpghoc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.276779Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gkdefmghclmhookpgciggdhglejpghoc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gkdefmghclmhookpgciggdhglejpghoc", "external_id": "gkdefmghclmhookpgciggdhglejpghoc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6b905f20-02ca-43e0-b798-cf3416c0a5d8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.277813Z", "modified": "2026-06-02T15:57:34.277813Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gkelkplbcgjpcalpjeogmceenfkndmoi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gkelkplbcgjpcalpjeogmceenfkndmoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.277775Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gkelkplbcgjpcalpjeogmceenfkndmoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gkelkplbcgjpcalpjeogmceenfkndmoi", "external_id": "gkelkplbcgjpcalpjeogmceenfkndmoi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e63a748c-eca5-4d29-bd41-2b4655b58ade", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.278792Z", "modified": "2026-06-02T15:57:34.278792Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gkhggnaplpjkghjjcmpmnmidjndojpcn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gkhggnaplpjkghjjcmpmnmidjndojpcn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.278755Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gkhggnaplpjkghjjcmpmnmidjndojpcn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gkhggnaplpjkghjjcmpmnmidjndojpcn", "external_id": "gkhggnaplpjkghjjcmpmnmidjndojpcn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1e798341-68fc-4029-81cd-0fe25d3e42de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.279791Z", "modified": "2026-06-02T15:57:34.279791Z", "name": "Malicious Extension: FNaF Cursor - Custom Horror Cursor for Chrome", "description": "Malicious browser extension: FNaF Cursor - Custom Horror Cursor for Chrome (gkjbbfabeojdbiabpjapkjnhpnjcckbf) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gkjbbfabeojdbiabpjapkjnhpnjcckbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.279754Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gkjbbfabeojdbiabpjapkjnhpnjcckbf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gkjbbfabeojdbiabpjapkjnhpnjcckbf", "external_id": "gkjbbfabeojdbiabpjapkjnhpnjcckbf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--815e0463-2040-4fb9-9e15-e92e95c9f051", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.280934Z", "modified": "2026-06-02T15:57:34.280934Z", "name": "Malicious Extension: ZappyGO", "description": "Malicious browser extension: ZappyGO (gkkkdobapmhkaihggejlcdbjemfkhdgk) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gkkkdobapmhkaihggejlcdbjemfkhdgk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.280897Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gkkkdobapmhkaihggejlcdbjemfkhdgk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gkkkdobapmhkaihggejlcdbjemfkhdgk", "external_id": "gkkkdobapmhkaihggejlcdbjemfkhdgk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4636e367-85a3-4542-9f85-429544f63585", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.28192Z", "modified": "2026-06-02T15:57:34.28192Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gklaplooeocndjdlbbadlljfpkdjeiji) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gklaplooeocndjdlbbadlljfpkdjeiji']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.281883Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gklaplooeocndjdlbbadlljfpkdjeiji", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gklaplooeocndjdlbbadlljfpkdjeiji", "external_id": "gklaplooeocndjdlbbadlljfpkdjeiji"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--966f2f21-5716-43e0-9dc4-36eb6605f21f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.282902Z", "modified": "2026-06-02T15:57:34.282902Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gkoaehhpdkfkjgjbnlahcneebidamclf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gkoaehhpdkfkjgjbnlahcneebidamclf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.282865Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gkoaehhpdkfkjgjbnlahcneebidamclf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gkoaehhpdkfkjgjbnlahcneebidamclf", "external_id": "gkoaehhpdkfkjgjbnlahcneebidamclf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--141a6bf6-daa3-4f65-8b11-a69f3d04897e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.283901Z", "modified": "2026-06-02T15:57:34.283901Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (glbinjackcjdkljjkochlgfheebjongh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/glbinjackcjdkljjkochlgfheebjongh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.283863Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:glbinjackcjdkljjkochlgfheebjongh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/glbinjackcjdkljjkochlgfheebjongh", "external_id": "glbinjackcjdkljjkochlgfheebjongh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7630c579-bee9-4743-8a13-b0d75a8ab026", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.284887Z", "modified": "2026-06-02T15:57:34.284887Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (glckmpfajbjppappjlnhhlofhdhlcgaj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/glckmpfajbjppappjlnhhlofhdhlcgaj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.28485Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:glckmpfajbjppappjlnhhlofhdhlcgaj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/glckmpfajbjppappjlnhhlofhdhlcgaj", "external_id": "glckmpfajbjppappjlnhhlofhdhlcgaj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--93c2a2fc-500f-4267-beaf-e807880c288c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.285868Z", "modified": "2026-06-02T15:57:34.285868Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (glfddenhiaacfmhoiebfeljnfkkkmbjb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/glfddenhiaacfmhoiebfeljnfkkkmbjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.28583Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:glfddenhiaacfmhoiebfeljnfkkkmbjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/glfddenhiaacfmhoiebfeljnfkkkmbjb", "external_id": "glfddenhiaacfmhoiebfeljnfkkkmbjb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f37e8c5e-ff9a-4811-aff1-12c858b08dac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.28685Z", "modified": "2026-06-02T15:57:34.28685Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gmbebpcapalekeaoekfhpbioilghcfmp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gmbebpcapalekeaoekfhpbioilghcfmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.286813Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gmbebpcapalekeaoekfhpbioilghcfmp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gmbebpcapalekeaoekfhpbioilghcfmp", "external_id": "gmbebpcapalekeaoekfhpbioilghcfmp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--546ade63-ac16-449d-9507-f0b376dce774", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.288006Z", "modified": "2026-06-02T15:57:34.288006Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gmciomcaholgmklbfangdjkneihfkddd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gmciomcaholgmklbfangdjkneihfkddd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.287968Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gmciomcaholgmklbfangdjkneihfkddd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gmciomcaholgmklbfangdjkneihfkddd", "external_id": "gmciomcaholgmklbfangdjkneihfkddd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--10eeba0c-bf2a-4e7f-aa75-f65377595a2e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.289009Z", "modified": "2026-06-02T15:57:34.289009Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gmekdebdabobofpnlcepmakijkokadla) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gmekdebdabobofpnlcepmakijkokadla']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.288972Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gmekdebdabobofpnlcepmakijkokadla", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gmekdebdabobofpnlcepmakijkokadla", "external_id": "gmekdebdabobofpnlcepmakijkokadla"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ad226a11-ae12-4e55-b21c-e5c4a3bda50c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.290028Z", "modified": "2026-06-02T15:57:34.290028Z", "name": "Malicious Extension: SevenSales", "description": "Malicious browser extension: SevenSales (gmidblfofjdiajmlnfiagijikmojkhia) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gmidblfofjdiajmlnfiagijikmojkhia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.289991Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gmidblfofjdiajmlnfiagijikmojkhia", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gmidblfofjdiajmlnfiagijikmojkhia", "external_id": "gmidblfofjdiajmlnfiagijikmojkhia"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ef15e9a5-5b4d-4049-9413-364e31faf543", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.291019Z", "modified": "2026-06-02T15:57:34.291019Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gmigkpkjegnpmjpmnmgnkhmoinpgdnfc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gmigkpkjegnpmjpmnmgnkhmoinpgdnfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.29098Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gmigkpkjegnpmjpmnmgnkhmoinpgdnfc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gmigkpkjegnpmjpmnmgnkhmoinpgdnfc", "external_id": "gmigkpkjegnpmjpmnmgnkhmoinpgdnfc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--554eb4aa-1ca1-4f01-9faa-00a767bed7e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.292022Z", "modified": "2026-06-02T15:57:34.292022Z", "name": "Malicious Extension: Dogs Cursor - Custom Dog Cursor for Chrome", "description": "Malicious browser extension: Dogs Cursor - Custom Dog Cursor for Chrome (gmjibldihkpammmelmkiipjcgmhdcdmb) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gmjibldihkpammmelmkiipjcgmhdcdmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.291984Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gmjibldihkpammmelmkiipjcgmhdcdmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gmjibldihkpammmelmkiipjcgmhdcdmb", "external_id": "gmjibldihkpammmelmkiipjcgmhdcdmb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--65fd894f-a6ed-43f6-9848-1d92221f80fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.293016Z", "modified": "2026-06-02T15:57:34.293016Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gmjjkabeoioigljnanihcnbpmcplklli) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gmjjkabeoioigljnanihcnbpmcplklli']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.292979Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gmjjkabeoioigljnanihcnbpmcplklli", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gmjjkabeoioigljnanihcnbpmcplklli", "external_id": "gmjjkabeoioigljnanihcnbpmcplklli"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b35f5ad2-1901-462c-8bce-b77e67f29bbb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.293998Z", "modified": "2026-06-02T15:57:34.293998Z", "name": "Malicious Extension: Edit anything - Boost any page", "description": "Malicious browser extension: Edit anything - Boost any page (gmmhcbmmnclgmmjimiiefhiagmpamdlb) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=72). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gmmhcbmmnclgmmjimiiefhiagmpamdlb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.29396Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gmmhcbmmnclgmmjimiiefhiagmpamdlb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gmmhcbmmnclgmmjimiiefhiagmpamdlb", "external_id": "gmmhcbmmnclgmmjimiiefhiagmpamdlb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ad9aed89-404f-411f-b4f2-ed97c0add90b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.295152Z", "modified": "2026-06-02T15:57:34.295152Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gnaekhndaddbimfllbgmecjijbbfpabc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gnaekhndaddbimfllbgmecjijbbfpabc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.295113Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gnaekhndaddbimfllbgmecjijbbfpabc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gnaekhndaddbimfllbgmecjijbbfpabc", "external_id": "gnaekhndaddbimfllbgmecjijbbfpabc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--66abef07-ae04-427a-b20f-b1f43d53b383", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.296165Z", "modified": "2026-06-02T15:57:34.296165Z", "name": "Malicious Extension: Whats Expert", "description": "Malicious browser extension: Whats Expert (gnmmfdohfcohcflccikmlodaeignlkce) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gnmmfdohfcohcflccikmlodaeignlkce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.296127Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gnmmfdohfcohcflccikmlodaeignlkce", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gnmmfdohfcohcflccikmlodaeignlkce", "external_id": "gnmmfdohfcohcflccikmlodaeignlkce"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--08d0321e-4f70-474c-8252-6e1b6a46fd8f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.297147Z", "modified": "2026-06-02T15:57:34.297147Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gogbiohkminacikoppmljeolgccpmlop) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gogbiohkminacikoppmljeolgccpmlop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.29711Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gogbiohkminacikoppmljeolgccpmlop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gogbiohkminacikoppmljeolgccpmlop", "external_id": "gogbiohkminacikoppmljeolgccpmlop"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6eeb74e1-1e29-47bb-ae08-37fa752ad4b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.298156Z", "modified": "2026-06-02T15:57:34.298156Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gohgeedemmaohocbaccllpkabadoogpl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gohgeedemmaohocbaccllpkabadoogpl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.298118Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gohgeedemmaohocbaccllpkabadoogpl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gohgeedemmaohocbaccllpkabadoogpl", "external_id": "gohgeedemmaohocbaccllpkabadoogpl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e599f001-3d93-46a0-864a-ae63258cce83", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.299175Z", "modified": "2026-06-02T15:57:34.299175Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gohlpddecngpmpoakfmnaegegjnapkla) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gohlpddecngpmpoakfmnaegegjnapkla']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.299135Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gohlpddecngpmpoakfmnaegegjnapkla", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gohlpddecngpmpoakfmnaegegjnapkla", "external_id": "gohlpddecngpmpoakfmnaegegjnapkla"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--115854e6-cd5d-4346-85bd-ef9912eea02d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.300187Z", "modified": "2026-06-02T15:57:34.300187Z", "name": "Malicious Extension: Amazon Character Count & Seller Tools", "description": "Malicious browser extension: Amazon Character Count & Seller Tools (goikoilmhcgfidolicnbgggdpckdcoam) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/goikoilmhcgfidolicnbgggdpckdcoam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.300149Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:goikoilmhcgfidolicnbgggdpckdcoam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/goikoilmhcgfidolicnbgggdpckdcoam", "external_id": "goikoilmhcgfidolicnbgggdpckdcoam"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--01f011e8-2679-46a7-a66c-ddfb0b69a358", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.301185Z", "modified": "2026-06-02T15:57:34.301185Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gokcmhknbfbkchaljcbjloaebnoblcnd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gokcmhknbfbkchaljcbjloaebnoblcnd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.301148Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gokcmhknbfbkchaljcbjloaebnoblcnd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gokcmhknbfbkchaljcbjloaebnoblcnd", "external_id": "gokcmhknbfbkchaljcbjloaebnoblcnd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4cf2765f-83b2-46c1-8c3d-d39c95d84781", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.302363Z", "modified": "2026-06-02T15:57:34.302363Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (golbngjhpfdobdopaebpdofbmhghfkpm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/golbngjhpfdobdopaebpdofbmhghfkpm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.302326Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:golbngjhpfdobdopaebpdofbmhghfkpm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/golbngjhpfdobdopaebpdofbmhghfkpm", "external_id": "golbngjhpfdobdopaebpdofbmhghfkpm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e06380f1-b115-462c-b516-66c7a5d17e30", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.303393Z", "modified": "2026-06-02T15:57:34.303393Z", "name": "Malicious Extension: Master Engage", "description": "Malicious browser extension: Master Engage (gollbfedpcfodjgfjddbkfnkkfdedknn) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gollbfedpcfodjgfjddbkfnkkfdedknn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.303356Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:gollbfedpcfodjgfjddbkfnkkfdedknn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gollbfedpcfodjgfjddbkfnkkfdedknn", "external_id": "gollbfedpcfodjgfjddbkfnkkfdedknn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--90f0aeb4-91a9-4660-8dd6-9e6721803ecb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.304394Z", "modified": "2026-06-02T15:57:34.304394Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (googojfbnbhbbnpfpdnffnklipgifngn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/googojfbnbhbbnpfpdnffnklipgifngn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.304355Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:googojfbnbhbbnpfpdnffnklipgifngn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/googojfbnbhbbnpfpdnffnklipgifngn", "external_id": "googojfbnbhbbnpfpdnffnklipgifngn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eb35845d-81ca-48d1-a36a-9ecceb979937", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.305384Z", "modified": "2026-06-02T15:57:34.305384Z", "name": "Malicious Extension: Pokemon Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Pokemon Cursor \u2605 Custom Cursor for Chrome\u2122 (gpacldldkpfobgbdabaollodfoilfela) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gpacldldkpfobgbdabaollodfoilfela']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.305345Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gpacldldkpfobgbdabaollodfoilfela", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gpacldldkpfobgbdabaollodfoilfela", "external_id": "gpacldldkpfobgbdabaollodfoilfela"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bd8a817a-f957-4ef0-9258-cfd46a2d7e3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.306372Z", "modified": "2026-06-02T15:57:34.306372Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gpbnhdjoknjmghjfljgcankdldimokmk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gpbnhdjoknjmghjfljgcankdldimokmk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.306335Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gpbnhdjoknjmghjfljgcankdldimokmk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gpbnhdjoknjmghjfljgcankdldimokmk", "external_id": "gpbnhdjoknjmghjfljgcankdldimokmk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a7fdd92f-8f2e-4867-b29a-0a37b903c967", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.307401Z", "modified": "2026-06-02T15:57:34.307401Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gpghckfoffcjppkochpddgpjhifpkfhl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gpghckfoffcjppkochpddgpjhifpkfhl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.307364Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gpghckfoffcjppkochpddgpjhifpkfhl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gpghckfoffcjppkochpddgpjhifpkfhl", "external_id": "gpghckfoffcjppkochpddgpjhifpkfhl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dd540f27-d932-4253-a23b-f109073b84ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.308414Z", "modified": "2026-06-02T15:57:34.308414Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gpghebehjahceknfdcfifeifhdbongld) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gpghebehjahceknfdcfifeifhdbongld']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.308377Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gpghebehjahceknfdcfifeifhdbongld", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gpghebehjahceknfdcfifeifhdbongld", "external_id": "gpghebehjahceknfdcfifeifhdbongld"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--01337871-a87b-4d49-a769-1c46f0bced2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.309574Z", "modified": "2026-06-02T15:57:34.309574Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gphjkkbkmaiccfnhcoiibpkfpmpnkfeb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gphjkkbkmaiccfnhcoiibpkfpmpnkfeb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.309537Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gphjkkbkmaiccfnhcoiibpkfpmpnkfeb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gphjkkbkmaiccfnhcoiibpkfpmpnkfeb", "external_id": "gphjkkbkmaiccfnhcoiibpkfpmpnkfeb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--64cb56d8-1a6e-45dc-ac59-15e2fd28daf7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.31056Z", "modified": "2026-06-02T15:57:34.31056Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gpibjjfllodpcfhcjpamonnblkbinbie) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gpibjjfllodpcfhcjpamonnblkbinbie']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.310523Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gpibjjfllodpcfhcjpamonnblkbinbie", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gpibjjfllodpcfhcjpamonnblkbinbie", "external_id": "gpibjjfllodpcfhcjpamonnblkbinbie"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9caac11f-d116-4fe5-95c2-819e782e90b9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.311549Z", "modified": "2026-06-02T15:57:34.311549Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gpkcecbpfdlbocbkimkmgelaojfkihgh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gpkcecbpfdlbocbkimkmgelaojfkihgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.311512Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gpkcecbpfdlbocbkimkmgelaojfkihgh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gpkcecbpfdlbocbkimkmgelaojfkihgh", "external_id": "gpkcecbpfdlbocbkimkmgelaojfkihgh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1f9f74ee-76a3-47ea-959b-431936d53474", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.312531Z", "modified": "2026-06-02T15:57:34.312531Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (gpolcigkhldaighngmmmcjldkkiaonbg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gpolcigkhldaighngmmmcjldkkiaonbg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.312494Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gpolcigkhldaighngmmmcjldkkiaonbg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gpolcigkhldaighngmmmcjldkkiaonbg", "external_id": "gpolcigkhldaighngmmmcjldkkiaonbg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0a44b970-081b-46af-a32a-0c6e6fcf9013", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.313508Z", "modified": "2026-06-02T15:57:34.313508Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hacogolfhplehfdeknkjnlblnghglfbp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hacogolfhplehfdeknkjnlblnghglfbp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.313472Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hacogolfhplehfdeknkjnlblnghglfbp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hacogolfhplehfdeknkjnlblnghglfbp", "external_id": "hacogolfhplehfdeknkjnlblnghglfbp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4d3d355b-cf1c-4c9d-b9e2-dc6fde4f3e6d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.314493Z", "modified": "2026-06-02T15:57:34.314493Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hadkldcldaanpomhhllacdmglkoepaed) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hadkldcldaanpomhhllacdmglkoepaed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.314456Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hadkldcldaanpomhhllacdmglkoepaed", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hadkldcldaanpomhhllacdmglkoepaed", "external_id": "hadkldcldaanpomhhllacdmglkoepaed"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cad10f8e-bd3c-413d-869e-1282677ce196", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.315497Z", "modified": "2026-06-02T15:57:34.315497Z", "name": "Malicious Extension: Grok AI", "description": "Malicious browser extension: Grok AI (hafhkoalnlpoifpidohfjlmeemfifndi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hafhkoalnlpoifpidohfjlmeemfifndi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.31546Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hafhkoalnlpoifpidohfjlmeemfifndi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hafhkoalnlpoifpidohfjlmeemfifndi", "external_id": "hafhkoalnlpoifpidohfjlmeemfifndi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--50a41c4c-5f41-4577-bbab-850bca5ba98a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.316646Z", "modified": "2026-06-02T15:57:34.316646Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hainageelgfgkahipebbjeefhjnaopkh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hainageelgfgkahipebbjeefhjnaopkh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.316609Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hainageelgfgkahipebbjeefhjnaopkh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hainageelgfgkahipebbjeefhjnaopkh", "external_id": "hainageelgfgkahipebbjeefhjnaopkh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a0b159f0-78ed-43d0-8d33-1a59bc84220c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.317667Z", "modified": "2026-06-02T15:57:34.317667Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hanfebikglcfkkeoelhdkpiamjmahjen) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hanfebikglcfkkeoelhdkpiamjmahjen']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.31763Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hanfebikglcfkkeoelhdkpiamjmahjen", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hanfebikglcfkkeoelhdkpiamjmahjen", "external_id": "hanfebikglcfkkeoelhdkpiamjmahjen"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--30c8dd97-130a-42e4-a27a-5c372c8ca54b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.318661Z", "modified": "2026-06-02T15:57:34.318661Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hapemhaolkielighkknclgncbaocnclc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hapemhaolkielighkknclgncbaocnclc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.318624Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hapemhaolkielighkknclgncbaocnclc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hapemhaolkielighkknclgncbaocnclc", "external_id": "hapemhaolkielighkknclgncbaocnclc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fd10f259-72a2-4040-a44c-90aa714d30fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.319666Z", "modified": "2026-06-02T15:57:34.319666Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hbaamilhgknggfanbiceijijemigbbah) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hbaamilhgknggfanbiceijijemigbbah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.319629Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hbaamilhgknggfanbiceijijemigbbah", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hbaamilhgknggfanbiceijijemigbbah", "external_id": "hbaamilhgknggfanbiceijijemigbbah"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--caa659d4-718d-4193-aef5-1bb9acf3a3f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.320659Z", "modified": "2026-06-02T15:57:34.320659Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hbdodmeapnhejpalnjemjceipcanjdjk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hbdodmeapnhejpalnjemjceipcanjdjk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.320622Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hbdodmeapnhejpalnjemjceipcanjdjk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hbdodmeapnhejpalnjemjceipcanjdjk", "external_id": "hbdodmeapnhejpalnjemjceipcanjdjk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--467be853-c62a-4f45-ba7b-d448c0e5ba6e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.321639Z", "modified": "2026-06-02T15:57:34.321639Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hbghbdhfibifdgnbpaogepnkekonkdgc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hbghbdhfibifdgnbpaogepnkekonkdgc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.321602Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hbghbdhfibifdgnbpaogepnkekonkdgc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hbghbdhfibifdgnbpaogepnkekonkdgc", "external_id": "hbghbdhfibifdgnbpaogepnkekonkdgc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8fbf254f-e8e6-4bda-9a2f-e098d1dbf6f7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.322626Z", "modified": "2026-06-02T15:57:34.322626Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hbghfkabaomclpcofjbokbnigcocfdla) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hbghfkabaomclpcofjbokbnigcocfdla']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.322583Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hbghfkabaomclpcofjbokbnigcocfdla", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hbghfkabaomclpcofjbokbnigcocfdla", "external_id": "hbghfkabaomclpcofjbokbnigcocfdla"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8714e7a0-bbe8-44e4-a187-727367aa671c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.323789Z", "modified": "2026-06-02T15:57:34.323789Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hblfamjdifnhiioifbfamlnkjfenhfed) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hblfamjdifnhiioifbfamlnkjfenhfed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.323752Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hblfamjdifnhiioifbfamlnkjfenhfed", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hblfamjdifnhiioifbfamlnkjfenhfed", "external_id": "hblfamjdifnhiioifbfamlnkjfenhfed"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--06952e62-3c55-4c4f-895a-93b6f6e71b57", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.324786Z", "modified": "2026-06-02T15:57:34.324786Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hcajdpmoffefpkboepbgggjagedbdolf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hcajdpmoffefpkboepbgggjagedbdolf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.324748Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hcajdpmoffefpkboepbgggjagedbdolf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hcajdpmoffefpkboepbgggjagedbdolf", "external_id": "hcajdpmoffefpkboepbgggjagedbdolf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1fcde5a1-2a19-4c85-a47c-364957897a72", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.325794Z", "modified": "2026-06-02T15:57:34.325794Z", "name": "Malicious Extension: ZAPPROFIT CRM", "description": "Malicious browser extension: ZAPPROFIT CRM (hcbmcbkjjklkjidikpggmmfpfklcpnmb) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hcbmcbkjjklkjidikpggmmfpfklcpnmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.325756Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hcbmcbkjjklkjidikpggmmfpfklcpnmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hcbmcbkjjklkjidikpggmmfpfklcpnmb", "external_id": "hcbmcbkjjklkjidikpggmmfpfklcpnmb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--36e22999-2b6b-49d4-983e-7eba08b8ed0d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.326853Z", "modified": "2026-06-02T15:57:34.326853Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hccflbcmekoegenjodacikdoponodeid) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hccflbcmekoegenjodacikdoponodeid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.326815Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hccflbcmekoegenjodacikdoponodeid", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hccflbcmekoegenjodacikdoponodeid", "external_id": "hccflbcmekoegenjodacikdoponodeid"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0c00b460-219a-41f9-b7c6-5f5e48724b57", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.327892Z", "modified": "2026-06-02T15:57:34.327892Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hceobhjokpdbogjkplmfjeomkeckkngi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hceobhjokpdbogjkplmfjeomkeckkngi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.327853Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hceobhjokpdbogjkplmfjeomkeckkngi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hceobhjokpdbogjkplmfjeomkeckkngi", "external_id": "hceobhjokpdbogjkplmfjeomkeckkngi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--66798b17-5c05-45c1-8b1c-48d106205aa8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.328973Z", "modified": "2026-06-02T15:57:34.328973Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hchjbnccpaonhbbdfaidcohekjnljgjj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hchjbnccpaonhbbdfaidcohekjnljgjj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.328934Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hchjbnccpaonhbbdfaidcohekjnljgjj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hchjbnccpaonhbbdfaidcohekjnljgjj", "external_id": "hchjbnccpaonhbbdfaidcohekjnljgjj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4520ca01-27ff-48d3-a42b-b451a792c570", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.330087Z", "modified": "2026-06-02T15:57:34.330087Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hchmfokcihnfaljjkdafaclojmgibcgm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hchmfokcihnfaljjkdafaclojmgibcgm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.330045Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hchmfokcihnfaljjkdafaclojmgibcgm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hchmfokcihnfaljjkdafaclojmgibcgm", "external_id": "hchmfokcihnfaljjkdafaclojmgibcgm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--70edb049-8175-4196-8d38-32ec22aa7773", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.332238Z", "modified": "2026-06-02T15:57:34.332238Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hcicfibkpbfgbiodaliaemhhoodakdco) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hcicfibkpbfgbiodaliaemhhoodakdco']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.332196Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hcicfibkpbfgbiodaliaemhhoodakdco", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hcicfibkpbfgbiodaliaemhhoodakdco", "external_id": "hcicfibkpbfgbiodaliaemhhoodakdco"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c279c9e8-95b0-444c-ae65-fdcd2f2d7e08", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.333402Z", "modified": "2026-06-02T15:57:34.333402Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hdfjcnbkkbdbapfpmlglnemkjonimkgp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdfjcnbkkbdbapfpmlglnemkjonimkgp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.333363Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdfjcnbkkbdbapfpmlglnemkjonimkgp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdfjcnbkkbdbapfpmlglnemkjonimkgp", "external_id": "hdfjcnbkkbdbapfpmlglnemkjonimkgp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--90a48319-1e9b-44d5-8836-7cd5ffddf606", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.334424Z", "modified": "2026-06-02T15:57:34.334424Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hdfknlljfbdfjdjhfgoonpphpigjjjak) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdfknlljfbdfjdjhfgoonpphpigjjjak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.334386Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdfknlljfbdfjdjhfgoonpphpigjjjak", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdfknlljfbdfjdjhfgoonpphpigjjjak", "external_id": "hdfknlljfbdfjdjhfgoonpphpigjjjak"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--131fde3a-6412-4a11-a2f5-c9d8e1525aee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.335445Z", "modified": "2026-06-02T15:57:34.335445Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hdhdedfhkdahflplchfiaileigiffpio) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdhdedfhkdahflplchfiaileigiffpio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.335401Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdhdedfhkdahflplchfiaileigiffpio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdhdedfhkdahflplchfiaileigiffpio", "external_id": "hdhdedfhkdahflplchfiaileigiffpio"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ec772d00-c045-4af0-a931-d7bf1d61d2dc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.336445Z", "modified": "2026-06-02T15:57:34.336445Z", "name": "Malicious Extension: Death Note Cursor - Custom Anime Cursor for Chrome", "description": "Malicious browser extension: Death Note Cursor - Custom Anime Cursor for Chrome (hdholjicmhinpjcbmigoffjedkiihlen) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdholjicmhinpjcbmigoffjedkiihlen']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.336407Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdholjicmhinpjcbmigoffjedkiihlen", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdholjicmhinpjcbmigoffjedkiihlen", "external_id": "hdholjicmhinpjcbmigoffjedkiihlen"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c5e45712-8db8-4a13-a417-d1f49a67a3df", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.337436Z", "modified": "2026-06-02T15:57:34.337436Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hdigpgnfpockednepfiinhdjebkmpicn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdigpgnfpockednepfiinhdjebkmpicn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.337399Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdigpgnfpockednepfiinhdjebkmpicn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdigpgnfpockednepfiinhdjebkmpicn", "external_id": "hdigpgnfpockednepfiinhdjebkmpicn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--18903672-8e03-4818-9427-84e3324d3815", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.338417Z", "modified": "2026-06-02T15:57:34.338417Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hdnidhhchlodblcfhgbeladogdkboaog) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdnidhhchlodblcfhgbeladogdkboaog']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.33838Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdnidhhchlodblcfhgbeladogdkboaog", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdnidhhchlodblcfhgbeladogdkboaog", "external_id": "hdnidhhchlodblcfhgbeladogdkboaog"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--822c3d0d-01c6-4fc5-b5e7-0014f04083ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.341056Z", "modified": "2026-06-02T15:57:34.341056Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hdpmmcmblgbkllldbccfdejchjlpochf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hdpmmcmblgbkllldbccfdejchjlpochf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.341012Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hdpmmcmblgbkllldbccfdejchjlpochf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hdpmmcmblgbkllldbccfdejchjlpochf", "external_id": "hdpmmcmblgbkllldbccfdejchjlpochf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dab47e17-fe5d-484b-8481-49683e6c2c3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.342241Z", "modified": "2026-06-02T15:57:34.342241Z", "name": "Malicious Extension: wazippy", "description": "Malicious browser extension: wazippy (hecbfkaeblempihjgpoeapkpjnkhlmli) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hecbfkaeblempihjgpoeapkpjnkhlmli']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.342202Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hecbfkaeblempihjgpoeapkpjnkhlmli", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hecbfkaeblempihjgpoeapkpjnkhlmli", "external_id": "hecbfkaeblempihjgpoeapkpjnkhlmli"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--18e7b38d-be20-4a2a-94b2-9d62811fdc71", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.343259Z", "modified": "2026-06-02T15:57:34.343259Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hedaeppeldiloaikmgmiokoidnbjbhhl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hedaeppeldiloaikmgmiokoidnbjbhhl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.343222Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hedaeppeldiloaikmgmiokoidnbjbhhl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hedaeppeldiloaikmgmiokoidnbjbhhl", "external_id": "hedaeppeldiloaikmgmiokoidnbjbhhl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--39042c60-af28-4f8c-b99e-46a6987de5b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.34425Z", "modified": "2026-06-02T15:57:34.34425Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (heehbfcijoikjphilbhaldjgoplpplok) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/heehbfcijoikjphilbhaldjgoplpplok']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.344212Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:heehbfcijoikjphilbhaldjgoplpplok", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/heehbfcijoikjphilbhaldjgoplpplok", "external_id": "heehbfcijoikjphilbhaldjgoplpplok"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a7a664b0-d2f6-4019-8c01-79b4dd964787", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.345246Z", "modified": "2026-06-02T15:57:34.345246Z", "name": "Malicious Extension: Video Ad Blocker Plus", "description": "Malicious browser extension: Video Ad Blocker Plus (hegneaniplmfjcmohoclabblbahcbjoe) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=132). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hegneaniplmfjcmohoclabblbahcbjoe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.345198Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hegneaniplmfjcmohoclabblbahcbjoe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hegneaniplmfjcmohoclabblbahcbjoe", "external_id": "hegneaniplmfjcmohoclabblbahcbjoe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--af3fbcd0-8d6d-4980-845f-b61964f93e9f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.34623Z", "modified": "2026-06-02T15:57:34.34623Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hegpgapbnfiibpbkanjemgmdpmmlecbc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hegpgapbnfiibpbkanjemgmdpmmlecbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.346192Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hegpgapbnfiibpbkanjemgmdpmmlecbc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hegpgapbnfiibpbkanjemgmdpmmlecbc", "external_id": "hegpgapbnfiibpbkanjemgmdpmmlecbc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--36993581-0219-4b8b-a7a7-383a8d14be93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.347235Z", "modified": "2026-06-02T15:57:34.347235Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hfdpdgblphooommgcjdnnmhpglleaafj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hfdpdgblphooommgcjdnnmhpglleaafj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.347197Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hfdpdgblphooommgcjdnnmhpglleaafj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hfdpdgblphooommgcjdnnmhpglleaafj", "external_id": "hfdpdgblphooommgcjdnnmhpglleaafj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a3c11f59-2df3-41f6-8d56-3210111bc2d1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.348381Z", "modified": "2026-06-02T15:57:34.348381Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hfeialplaojonefabmojhobdmghnjkmf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hfeialplaojonefabmojhobdmghnjkmf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.348344Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hfeialplaojonefabmojhobdmghnjkmf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hfeialplaojonefabmojhobdmghnjkmf", "external_id": "hfeialplaojonefabmojhobdmghnjkmf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--724a6b8c-131b-48fb-899c-08fa2dc74dd4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.349376Z", "modified": "2026-06-02T15:57:34.349376Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hffnjemmnepkggdecfbgmfbmncponjco) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hffnjemmnepkggdecfbgmfbmncponjco']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.349334Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hffnjemmnepkggdecfbgmfbmncponjco", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hffnjemmnepkggdecfbgmfbmncponjco", "external_id": "hffnjemmnepkggdecfbgmfbmncponjco"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eb457b60-d818-4962-ae57-f3dbc07b17f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.350361Z", "modified": "2026-06-02T15:57:34.350361Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hflemfieklefhnefolpanacemfclbalb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hflemfieklefhnefolpanacemfclbalb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.350324Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hflemfieklefhnefolpanacemfclbalb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hflemfieklefhnefolpanacemfclbalb", "external_id": "hflemfieklefhnefolpanacemfclbalb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--64820130-411d-4b7a-a1cd-08c704e1dc70", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.351349Z", "modified": "2026-06-02T15:57:34.351349Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hfokkkgobhlkcagflcbgcokdbnknfngo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hfokkkgobhlkcagflcbgcokdbnknfngo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.351313Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hfokkkgobhlkcagflcbgcokdbnknfngo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hfokkkgobhlkcagflcbgcokdbnknfngo", "external_id": "hfokkkgobhlkcagflcbgcokdbnknfngo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3bf7de79-ffdd-4fde-9e36-0999a87ba4ba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.352347Z", "modified": "2026-06-02T15:57:34.352347Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hgechpjoacihidaifilgojfcfcobobgd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hgechpjoacihidaifilgojfcfcobobgd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.352309Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hgechpjoacihidaifilgojfcfcobobgd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hgechpjoacihidaifilgojfcfcobobgd", "external_id": "hgechpjoacihidaifilgojfcfcobobgd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6a0ed9e7-7f05-441e-b17b-79cd73b95874", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.353338Z", "modified": "2026-06-02T15:57:34.353338Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hghdaddeefonkenhdkhjpmlglikaccpd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hghdaddeefonkenhdkhjpmlglikaccpd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.353301Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hghdaddeefonkenhdkhjpmlglikaccpd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hghdaddeefonkenhdkhjpmlglikaccpd", "external_id": "hghdaddeefonkenhdkhjpmlglikaccpd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--526fbd96-e596-45f0-a4bd-c9f54509f129", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.354332Z", "modified": "2026-06-02T15:57:34.354332Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hgnjolbjpjmhepcbjgeeallnamkjnfgi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hgnjolbjpjmhepcbjgeeallnamkjnfgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.354294Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hgnjolbjpjmhepcbjgeeallnamkjnfgi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hgnjolbjpjmhepcbjgeeallnamkjnfgi", "external_id": "hgnjolbjpjmhepcbjgeeallnamkjnfgi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ffbd70f7-cc91-463b-9db9-f9e0f0fdb211", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.355485Z", "modified": "2026-06-02T15:57:34.355485Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hgnmfhhafegjjcofnbbikgocfcoapmfj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hgnmfhhafegjjcofnbbikgocfcoapmfj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.355448Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hgnmfhhafegjjcofnbbikgocfcoapmfj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hgnmfhhafegjjcofnbbikgocfcoapmfj", "external_id": "hgnmfhhafegjjcofnbbikgocfcoapmfj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--17b1e8ea-3cfd-45f0-9dc4-4b34227fd463", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.356483Z", "modified": "2026-06-02T15:57:34.356483Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hgolomhkdcpmbgckhebdhdknaemlbbaa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hgolomhkdcpmbgckhebdhdknaemlbbaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.356445Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hgolomhkdcpmbgckhebdhdknaemlbbaa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hgolomhkdcpmbgckhebdhdknaemlbbaa", "external_id": "hgolomhkdcpmbgckhebdhdknaemlbbaa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aa203d33-ceaa-4add-adc0-ef8af92b944a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.357472Z", "modified": "2026-06-02T15:57:34.357472Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hhdndjedmkghgpojgaajgmcjdnhnlejm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hhdndjedmkghgpojgaajgmcjdnhnlejm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.357435Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hhdndjedmkghgpojgaajgmcjdnhnlejm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hhdndjedmkghgpojgaajgmcjdnhnlejm", "external_id": "hhdndjedmkghgpojgaajgmcjdnhnlejm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ab0a3318-128d-45a4-b05a-6c286db07365", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.358469Z", "modified": "2026-06-02T15:57:34.358469Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hhhhdjncldiadmngelcpiimmeoalekhf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hhhhdjncldiadmngelcpiimmeoalekhf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.358431Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hhhhdjncldiadmngelcpiimmeoalekhf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hhhhdjncldiadmngelcpiimmeoalekhf", "external_id": "hhhhdjncldiadmngelcpiimmeoalekhf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f6546f80-d86e-448c-9452-71bbd271a3d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.359466Z", "modified": "2026-06-02T15:57:34.359466Z", "name": "Malicious Extension: CSS validator", "description": "Malicious browser extension: CSS validator (hhlcpmdhlcoghhfgiiopcjbkfmdliknc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hhlcpmdhlcoghhfgiiopcjbkfmdliknc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.359429Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hhlcpmdhlcoghhfgiiopcjbkfmdliknc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hhlcpmdhlcoghhfgiiopcjbkfmdliknc", "external_id": "hhlcpmdhlcoghhfgiiopcjbkfmdliknc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--67d83370-cdca-4157-95b3-30aa8e9c8022", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.360461Z", "modified": "2026-06-02T15:57:34.360461Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hhllgokdpekfchhhiknedpppjhgicfgg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hhllgokdpekfchhhiknedpppjhgicfgg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.360424Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hhllgokdpekfchhhiknedpppjhgicfgg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hhllgokdpekfchhhiknedpppjhgicfgg", "external_id": "hhllgokdpekfchhhiknedpppjhgicfgg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bc7e449b-72f1-480f-82da-d74a464991d0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.361443Z", "modified": "2026-06-02T15:57:34.361443Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hhngeobomadcaamnncdaafhnankmmcic) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hhngeobomadcaamnncdaafhnankmmcic']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.361406Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hhngeobomadcaamnncdaafhnankmmcic", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hhngeobomadcaamnncdaafhnankmmcic", "external_id": "hhngeobomadcaamnncdaafhnankmmcic"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0d6adaca-f41a-45af-8be9-29a9acf6a0ef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.362576Z", "modified": "2026-06-02T15:57:34.362576Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hiiahmfpljemgmnhlaepofeldnnhphmi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hiiahmfpljemgmnhlaepofeldnnhphmi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.362538Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hiiahmfpljemgmnhlaepofeldnnhphmi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hiiahmfpljemgmnhlaepofeldnnhphmi", "external_id": "hiiahmfpljemgmnhlaepofeldnnhphmi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cc67bd13-99d8-404e-a390-0f466eb15c39", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.363585Z", "modified": "2026-06-02T15:57:34.363585Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hiiildgldbpfbegcfgemoliikibfhaeh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hiiildgldbpfbegcfgemoliikibfhaeh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.363548Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hiiildgldbpfbegcfgemoliikibfhaeh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hiiildgldbpfbegcfgemoliikibfhaeh", "external_id": "hiiildgldbpfbegcfgemoliikibfhaeh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8580d6e2-b89e-45a4-b9bf-f5dfdd6c116d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.364569Z", "modified": "2026-06-02T15:57:34.364569Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hilgkhepkfjdkkdigphhcgmghefdledg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hilgkhepkfjdkkdigphhcgmghefdledg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.364533Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hilgkhepkfjdkkdigphhcgmghefdledg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hilgkhepkfjdkkdigphhcgmghefdledg", "external_id": "hilgkhepkfjdkkdigphhcgmghefdledg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ae6d4ab6-b7b5-4056-af7e-786bca061ce0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.365575Z", "modified": "2026-06-02T15:57:34.365575Z", "name": "Malicious Extension: \u0421\u043b\u043e\u0432\u0430\u0440\u0451\u043a", "description": "Malicious browser extension: \u0421\u043b\u043e\u0432\u0430\u0440\u0451\u043a (himipdblnokdafogmdlmajgokiopcbjk) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=92). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/himipdblnokdafogmdlmajgokiopcbjk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.365538Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:himipdblnokdafogmdlmajgokiopcbjk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/himipdblnokdafogmdlmajgokiopcbjk", "external_id": "himipdblnokdafogmdlmajgokiopcbjk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--11511813-2a0a-456b-adb0-3db212e4c333", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.366568Z", "modified": "2026-06-02T15:57:34.366568Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hiodlpcelfelhpinhgngoopbmclcaghd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hiodlpcelfelhpinhgngoopbmclcaghd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.366527Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hiodlpcelfelhpinhgngoopbmclcaghd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hiodlpcelfelhpinhgngoopbmclcaghd", "external_id": "hiodlpcelfelhpinhgngoopbmclcaghd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9a8f5a5d-1db3-4de9-94fc-d8e93fdfaa82", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.367558Z", "modified": "2026-06-02T15:57:34.367558Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hjchjajelldmdegnajehbipdeepdloko) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hjchjajelldmdegnajehbipdeepdloko']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.367521Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hjchjajelldmdegnajehbipdeepdloko", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hjchjajelldmdegnajehbipdeepdloko", "external_id": "hjchjajelldmdegnajehbipdeepdloko"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--84463d24-3327-4dcb-b087-0c1e06152a30", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.368547Z", "modified": "2026-06-02T15:57:34.368547Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hjepnlaapopkiedfendjaieefldndecd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hjepnlaapopkiedfendjaieefldndecd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.36851Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hjepnlaapopkiedfendjaieefldndecd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hjepnlaapopkiedfendjaieefldndecd", "external_id": "hjepnlaapopkiedfendjaieefldndecd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c9237f5f-98bc-4265-8511-e1f06cfb3cee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.369691Z", "modified": "2026-06-02T15:57:34.369691Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hjfmkkelabjoojjmjljidocklbibphgl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hjfmkkelabjoojjmjljidocklbibphgl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.369654Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hjfmkkelabjoojjmjljidocklbibphgl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hjfmkkelabjoojjmjljidocklbibphgl", "external_id": "hjfmkkelabjoojjmjljidocklbibphgl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cb53e6d3-a2f4-4269-ab5a-0a4c13472f26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.370685Z", "modified": "2026-06-02T15:57:34.370685Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hjljmggepgoedlhpmmnnlhgnpnhpciel) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hjljmggepgoedlhpmmnnlhgnpnhpciel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.370648Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hjljmggepgoedlhpmmnnlhgnpnhpciel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hjljmggepgoedlhpmmnnlhgnpnhpciel", "external_id": "hjljmggepgoedlhpmmnnlhgnpnhpciel"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--69068810-5e81-4e46-aa01-87db1d629503", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.371689Z", "modified": "2026-06-02T15:57:34.371689Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hjobpecmhlmolgpmkejgadabjejpjcgm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hjobpecmhlmolgpmkejgadabjejpjcgm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.371652Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hjobpecmhlmolgpmkejgadabjejpjcgm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hjobpecmhlmolgpmkejgadabjejpjcgm", "external_id": "hjobpecmhlmolgpmkejgadabjejpjcgm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--32d642e0-87a1-4836-9ce7-8e2ef96c1410", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.372677Z", "modified": "2026-06-02T15:57:34.372677Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hkanhigmilpgifamljmnfppnllckkpda) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hkanhigmilpgifamljmnfppnllckkpda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.372639Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hkanhigmilpgifamljmnfppnllckkpda", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hkanhigmilpgifamljmnfppnllckkpda", "external_id": "hkanhigmilpgifamljmnfppnllckkpda"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--17abee0c-3ace-4d05-89be-aa91a7db6729", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.373662Z", "modified": "2026-06-02T15:57:34.373662Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hkcbibfkelanabcbbmfoggcefieeboml) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hkcbibfkelanabcbbmfoggcefieeboml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.373625Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hkcbibfkelanabcbbmfoggcefieeboml", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hkcbibfkelanabcbbmfoggcefieeboml", "external_id": "hkcbibfkelanabcbbmfoggcefieeboml"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--319ccde6-8294-4be2-8e0d-1eea39fd7a64", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.374654Z", "modified": "2026-06-02T15:57:34.374654Z", "name": "Malicious Extension: WATEND", "description": "Malicious browser extension: WATEND (hkdbocoaofpdmbbgpimdkhcafenpkikn) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hkdbocoaofpdmbbgpimdkhcafenpkikn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.374616Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hkdbocoaofpdmbbgpimdkhcafenpkikn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hkdbocoaofpdmbbgpimdkhcafenpkikn", "external_id": "hkdbocoaofpdmbbgpimdkhcafenpkikn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8d65a02a-d3ec-4ef6-8787-a532f1cc9dea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.375648Z", "modified": "2026-06-02T15:57:34.375648Z", "name": "Malicious Extension: Amazon Sticky Notes", "description": "Malicious browser extension: Amazon Sticky Notes (hkhmodcdjhcidbcncgmnknjppphcpgmh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hkhmodcdjhcidbcncgmnknjppphcpgmh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.375611Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hkhmodcdjhcidbcncgmnknjppphcpgmh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hkhmodcdjhcidbcncgmnknjppphcpgmh", "external_id": "hkhmodcdjhcidbcncgmnknjppphcpgmh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--891cd310-bf7c-484b-afb6-019b80c2e4c2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.376782Z", "modified": "2026-06-02T15:57:34.376782Z", "name": "Malicious Extension: Amazon Negative Review Highlighter", "description": "Malicious browser extension: Amazon Negative Review Highlighter (hkkkipfcdagiocekjdhobgmlkhejjfoj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hkkkipfcdagiocekjdhobgmlkhejjfoj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.376745Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hkkkipfcdagiocekjdhobgmlkhejjfoj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hkkkipfcdagiocekjdhobgmlkhejjfoj", "external_id": "hkkkipfcdagiocekjdhobgmlkhejjfoj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6281d217-0236-42e6-aa73-8f833a442715", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.377774Z", "modified": "2026-06-02T15:57:34.377774Z", "name": "Malicious Extension: Free VPN for Chrome: Secure VPN Proxy in One Click", "description": "Malicious browser extension: Free VPN for Chrome: Secure VPN Proxy in One Click (hklhhkchffegjfojbofhfkckjidfbjhe) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=62). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hklhhkchffegjfojbofhfkckjidfbjhe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.377737Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hklhhkchffegjfojbofhfkckjidfbjhe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hklhhkchffegjfojbofhfkckjidfbjhe", "external_id": "hklhhkchffegjfojbofhfkckjidfbjhe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6bd1bbdb-3b30-4818-b29c-4117a6ee528e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.378781Z", "modified": "2026-06-02T15:57:34.378781Z", "name": "Malicious Extension: autozai \u2013 Otimize o tempo e multiplique as vendas no WhatsApp", "description": "Malicious browser extension: autozai \u2013 Otimize o tempo e multiplique as vendas no WhatsApp (hknmlgmbiononigjnihhflhmmmhfbjpl) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hknmlgmbiononigjnihhflhmmmhfbjpl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.378744Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:hknmlgmbiononigjnihhflhmmmhfbjpl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hknmlgmbiononigjnihhflhmmmhfbjpl", "external_id": "hknmlgmbiononigjnihhflhmmmhfbjpl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c583cb0c-aca5-4396-94af-c886dae45c9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.379809Z", "modified": "2026-06-02T15:57:34.379809Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hlglicejgohbanllnmnjllajhmnhjjel) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hlglicejgohbanllnmnjllajhmnhjjel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.379772Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hlglicejgohbanllnmnjllajhmnhjjel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hlglicejgohbanllnmnjllajhmnhjjel", "external_id": "hlglicejgohbanllnmnjllajhmnhjjel"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a5e37c26-d1ca-49e8-b702-07ce2a86e162", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.380823Z", "modified": "2026-06-02T15:57:34.380823Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hljdedgemmmkdalbnmnpoimdedckdkhm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hljdedgemmmkdalbnmnpoimdedckdkhm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.380785Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hljdedgemmmkdalbnmnpoimdedckdkhm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hljdedgemmmkdalbnmnpoimdedckdkhm", "external_id": "hljdedgemmmkdalbnmnpoimdedckdkhm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0fc0fedd-bbea-4ec3-85ee-ba1edbcf0911", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.381806Z", "modified": "2026-06-02T15:57:34.381806Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hmbacpfgehmmoloinfmkgkpjoagiogai) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmbacpfgehmmoloinfmkgkpjoagiogai']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.381769Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmbacpfgehmmoloinfmkgkpjoagiogai", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmbacpfgehmmoloinfmkgkpjoagiogai", "external_id": "hmbacpfgehmmoloinfmkgkpjoagiogai"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bcc6d11f-684d-4b35-99fa-fb0279ad8e9a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.382788Z", "modified": "2026-06-02T15:57:34.382788Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hmdhdelmoedfklkgbleddopfgacmhfik) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmdhdelmoedfklkgbleddopfgacmhfik']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.38275Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmdhdelmoedfklkgbleddopfgacmhfik", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmdhdelmoedfklkgbleddopfgacmhfik", "external_id": "hmdhdelmoedfklkgbleddopfgacmhfik"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4142bbe6-12c7-4828-b569-b5bec8737937", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.383945Z", "modified": "2026-06-02T15:57:34.383945Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hmhhkbhpfikipaiacjfmdbhgbejmkimh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmhhkbhpfikipaiacjfmdbhgbejmkimh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.383907Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmhhkbhpfikipaiacjfmdbhgbejmkimh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmhhkbhpfikipaiacjfmdbhgbejmkimh", "external_id": "hmhhkbhpfikipaiacjfmdbhgbejmkimh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e686c94d-5850-4233-8fb3-a12e4d873fa8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.384949Z", "modified": "2026-06-02T15:57:34.384949Z", "name": "Malicious Extension: Adobe Express: AI Photo, Video", "description": "Malicious browser extension: Adobe Express: AI Photo, Video (hmkcidjcpomiegnklmplkimmbcbklglb) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=42). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmkcidjcpomiegnklmplkimmbcbklglb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.384912Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmkcidjcpomiegnklmplkimmbcbklglb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmkcidjcpomiegnklmplkimmbcbklglb", "external_id": "hmkcidjcpomiegnklmplkimmbcbklglb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--26d971dd-ec82-49b7-ac67-595ee7806006", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.385938Z", "modified": "2026-06-02T15:57:34.385938Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hmldnpigepegofdmmmhbkgjmcnefpgig) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmldnpigepegofdmmmhbkgjmcnefpgig']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.385902Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmldnpigepegofdmmmhbkgjmcnefpgig", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmldnpigepegofdmmmhbkgjmcnefpgig", "external_id": "hmldnpigepegofdmmmhbkgjmcnefpgig"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f991253c-6fee-4398-871e-0d8e349b6d39", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.386943Z", "modified": "2026-06-02T15:57:34.386943Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hmpjibmngagmkafmijncjokocepchnea) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmpjibmngagmkafmijncjokocepchnea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.386905Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmpjibmngagmkafmijncjokocepchnea", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmpjibmngagmkafmijncjokocepchnea", "external_id": "hmpjibmngagmkafmijncjokocepchnea"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ab534c82-20ba-432d-9b34-f29c9feb2ea7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.387956Z", "modified": "2026-06-02T15:57:34.387956Z", "name": "Malicious Extension: Search Everywhere with Google Bard/Gemini", "description": "Malicious browser extension: Search Everywhere with Google Bard/Gemini (hnadleianomnjcoeplifgbkiejchjmah) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=102). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hnadleianomnjcoeplifgbkiejchjmah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.387919Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hnadleianomnjcoeplifgbkiejchjmah", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hnadleianomnjcoeplifgbkiejchjmah", "external_id": "hnadleianomnjcoeplifgbkiejchjmah"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--120876fa-1842-4baa-bc77-4a51913764e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.388942Z", "modified": "2026-06-02T15:57:34.388942Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hoclolhilhbecpefaignjficiaaclpop) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hoclolhilhbecpefaignjficiaaclpop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.388905Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hoclolhilhbecpefaignjficiaaclpop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hoclolhilhbecpefaignjficiaaclpop", "external_id": "hoclolhilhbecpefaignjficiaaclpop"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--43b04191-6f5a-4b83-8d41-66927cca7562", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.38992Z", "modified": "2026-06-02T15:57:34.38992Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hodafefeincjlgijbiabbmaffambjeaa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hodafefeincjlgijbiabbmaffambjeaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.389883Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hodafefeincjlgijbiabbmaffambjeaa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hodafefeincjlgijbiabbmaffambjeaa", "external_id": "hodafefeincjlgijbiabbmaffambjeaa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7bd690be-566a-47e4-8935-2c63cb1696b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.39107Z", "modified": "2026-06-02T15:57:34.39107Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hofaaigdagglolgiefkbencchnekjejl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hofaaigdagglolgiefkbencchnekjejl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.391031Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hofaaigdagglolgiefkbencchnekjejl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hofaaigdagglolgiefkbencchnekjejl", "external_id": "hofaaigdagglolgiefkbencchnekjejl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fc27401b-8fd7-48f1-bd6a-b77b89132304", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.392073Z", "modified": "2026-06-02T15:57:34.392073Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hogoebkpcnajkkjdidfhojkljppfalip) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hogoebkpcnajkkjdidfhojkljppfalip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.392037Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hogoebkpcnajkkjdidfhojkljppfalip", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hogoebkpcnajkkjdidfhojkljppfalip", "external_id": "hogoebkpcnajkkjdidfhojkljppfalip"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--54f4c0ba-8b28-4f17-909e-f48c29d2c921", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.393062Z", "modified": "2026-06-02T15:57:34.393062Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hohobnhiiohgcipklpncfmjkjpmejjni) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hohobnhiiohgcipklpncfmjkjpmejjni']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.393019Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hohobnhiiohgcipklpncfmjkjpmejjni", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hohobnhiiohgcipklpncfmjkjpmejjni", "external_id": "hohobnhiiohgcipklpncfmjkjpmejjni"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8cfb02b5-2956-45a0-8c4d-db6cbabf9acd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.394053Z", "modified": "2026-06-02T15:57:34.394053Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hokdpdlchkgcenfpiibjjfkfmleoknkp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hokdpdlchkgcenfpiibjjfkfmleoknkp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.394009Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hokdpdlchkgcenfpiibjjfkfmleoknkp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hokdpdlchkgcenfpiibjjfkfmleoknkp", "external_id": "hokdpdlchkgcenfpiibjjfkfmleoknkp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9b0fc993-9e6c-4c85-9a03-a026d0258783", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.395051Z", "modified": "2026-06-02T15:57:34.395051Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (homgdogceligimmcnljohkohcfbhfokl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/homgdogceligimmcnljohkohcfbhfokl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.395014Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:homgdogceligimmcnljohkohcfbhfokl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/homgdogceligimmcnljohkohcfbhfokl", "external_id": "homgdogceligimmcnljohkohcfbhfokl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cef5deea-9e61-4ffe-ad2d-001936ce8930", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.396049Z", "modified": "2026-06-02T15:57:34.396049Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hopmhonnajbjjdkagglbfmffmdhocbmf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hopmhonnajbjjdkagglbfmffmdhocbmf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.396011Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hopmhonnajbjjdkagglbfmffmdhocbmf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hopmhonnajbjjdkagglbfmffmdhocbmf", "external_id": "hopmhonnajbjjdkagglbfmffmdhocbmf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--55a096af-23f9-4977-811f-f5d4e33a7162", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.397046Z", "modified": "2026-06-02T15:57:34.397046Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hpamjldgeadmapkdklhndmcdankicnch) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hpamjldgeadmapkdklhndmcdankicnch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.397009Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hpamjldgeadmapkdklhndmcdankicnch", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hpamjldgeadmapkdklhndmcdankicnch", "external_id": "hpamjldgeadmapkdklhndmcdankicnch"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--63258efb-8562-4c19-add1-33f1a13801a3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.398188Z", "modified": "2026-06-02T15:57:34.398188Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hpcejjllhbalkcmdikecfngkepppoknd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hpcejjllhbalkcmdikecfngkepppoknd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.398151Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hpcejjllhbalkcmdikecfngkepppoknd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hpcejjllhbalkcmdikecfngkepppoknd", "external_id": "hpcejjllhbalkcmdikecfngkepppoknd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e770150e-082a-4ff1-b081-28e56b21abec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.399189Z", "modified": "2026-06-02T15:57:34.399189Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hpdpddnfjaacnbcnoohlcipfafkbmdja) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hpdpddnfjaacnbcnoohlcipfafkbmdja']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.39915Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hpdpddnfjaacnbcnoohlcipfafkbmdja", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hpdpddnfjaacnbcnoohlcipfafkbmdja", "external_id": "hpdpddnfjaacnbcnoohlcipfafkbmdja"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a452f724-1772-4d1f-be36-683c0e7ac70e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.40019Z", "modified": "2026-06-02T15:57:34.40019Z", "name": "Malicious Extension: flappy birdie (night farm mode)", "description": "Malicious browser extension: flappy birdie (night farm mode) (hpkfkbmcphnigepfjmapkdaedglohgjg) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=62). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hpkfkbmcphnigepfjmapkdaedglohgjg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.400153Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hpkfkbmcphnigepfjmapkdaedglohgjg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hpkfkbmcphnigepfjmapkdaedglohgjg", "external_id": "hpkfkbmcphnigepfjmapkdaedglohgjg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d497e682-7d56-42a2-a013-c0245e6a1381", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.40124Z", "modified": "2026-06-02T15:57:34.40124Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iaccapfapbjahnhcmkgjjonlccbhdpjl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iaccapfapbjahnhcmkgjjonlccbhdpjl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.401194Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iaccapfapbjahnhcmkgjjonlccbhdpjl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iaccapfapbjahnhcmkgjjonlccbhdpjl", "external_id": "iaccapfapbjahnhcmkgjjonlccbhdpjl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--61b1fc8a-4894-4702-bcfb-6dee57f4c9a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.402467Z", "modified": "2026-06-02T15:57:34.402467Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iaemdpdnmdkaphnmcogmcgcmhhafcifd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iaemdpdnmdkaphnmcogmcgcmhhafcifd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.402421Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iaemdpdnmdkaphnmcogmcgcmhhafcifd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iaemdpdnmdkaphnmcogmcgcmhhafcifd", "external_id": "iaemdpdnmdkaphnmcogmcgcmhhafcifd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de6f4f33-14bd-4767-8965-2e9fd229f00a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.403712Z", "modified": "2026-06-02T15:57:34.403712Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ibfpbjfnpcgmiggfildbcngccoomddmj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ibfpbjfnpcgmiggfildbcngccoomddmj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.403666Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ibfpbjfnpcgmiggfildbcngccoomddmj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ibfpbjfnpcgmiggfildbcngccoomddmj", "external_id": "ibfpbjfnpcgmiggfildbcngccoomddmj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d2cbd0a6-eaf4-4128-8a07-1600611a59e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.404932Z", "modified": "2026-06-02T15:57:34.404932Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ibmdocjlknaopfecmnojomdlbeadpdnb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ibmdocjlknaopfecmnojomdlbeadpdnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.404887Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ibmdocjlknaopfecmnojomdlbeadpdnb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ibmdocjlknaopfecmnojomdlbeadpdnb", "external_id": "ibmdocjlknaopfecmnojomdlbeadpdnb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--19b27912-0566-4c06-b65b-e3e88862e377", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.406366Z", "modified": "2026-06-02T15:57:34.406366Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ibmgdfenfldppaodbahpgcoebmmkdbac) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ibmgdfenfldppaodbahpgcoebmmkdbac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.40632Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ibmgdfenfldppaodbahpgcoebmmkdbac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ibmgdfenfldppaodbahpgcoebmmkdbac", "external_id": "ibmgdfenfldppaodbahpgcoebmmkdbac"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--12f605b5-41cf-43a4-9633-77cef81b6055", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.407624Z", "modified": "2026-06-02T15:57:34.407624Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ibnddagnllnjoelaapgbkaelfakcfelb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ibnddagnllnjoelaapgbkaelfakcfelb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.407578Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ibnddagnllnjoelaapgbkaelfakcfelb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ibnddagnllnjoelaapgbkaelfakcfelb", "external_id": "ibnddagnllnjoelaapgbkaelfakcfelb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a5624028-1789-4589-a207-7829f8580ff1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.408853Z", "modified": "2026-06-02T15:57:34.408853Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (icgdnaedamjhnmnomlhkifmkjkijnibb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/icgdnaedamjhnmnomlhkifmkjkijnibb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.408806Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:icgdnaedamjhnmnomlhkifmkjkijnibb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/icgdnaedamjhnmnomlhkifmkjkijnibb", "external_id": "icgdnaedamjhnmnomlhkifmkjkijnibb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--21d4e3e0-b8f9-4180-bde4-8b822937ac20", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.410072Z", "modified": "2026-06-02T15:57:34.410072Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (icjapnpfdhjjpeabbjimindpkhfkclnc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/icjapnpfdhjjpeabbjimindpkhfkclnc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.410025Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:icjapnpfdhjjpeabbjimindpkhfkclnc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/icjapnpfdhjjpeabbjimindpkhfkclnc", "external_id": "icjapnpfdhjjpeabbjimindpkhfkclnc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--74d56e31-c08f-4528-8909-51fbce8452ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.411317Z", "modified": "2026-06-02T15:57:34.411317Z", "name": "Malicious Extension: SQLite browser", "description": "Malicious browser extension: SQLite browser (iclckldkfemlnecocpphinnplnmijkol) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iclckldkfemlnecocpphinnplnmijkol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.41127Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iclckldkfemlnecocpphinnplnmijkol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iclckldkfemlnecocpphinnplnmijkol", "external_id": "iclckldkfemlnecocpphinnplnmijkol"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1323cb8d-64ae-4eb5-a771-f9ca16726140", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.412546Z", "modified": "2026-06-02T15:57:34.412546Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (idfccnbgfoopaopdddphpfamicdhpioe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/idfccnbgfoopaopdddphpfamicdhpioe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.4125Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:idfccnbgfoopaopdddphpfamicdhpioe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/idfccnbgfoopaopdddphpfamicdhpioe", "external_id": "idfccnbgfoopaopdddphpfamicdhpioe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f920435e-7f57-4fcf-b3ad-52c0e31c84e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.413781Z", "modified": "2026-06-02T15:57:34.413781Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (idhknpoceajhnjokpnbicildeoligdgh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/idhknpoceajhnjokpnbicildeoligdgh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.413728Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:idhknpoceajhnjokpnbicildeoligdgh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/idhknpoceajhnjokpnbicildeoligdgh", "external_id": "idhknpoceajhnjokpnbicildeoligdgh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--72101546-4645-4089-b287-d800a2120410", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.415213Z", "modified": "2026-06-02T15:57:34.415213Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (idholfkkmfccbondfiabhlmdfeamnnaj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/idholfkkmfccbondfiabhlmdfeamnnaj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.415164Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:idholfkkmfccbondfiabhlmdfeamnnaj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/idholfkkmfccbondfiabhlmdfeamnnaj", "external_id": "idholfkkmfccbondfiabhlmdfeamnnaj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8be2d5d2-4254-4dbf-9aeb-73d518407c9a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.416453Z", "modified": "2026-06-02T15:57:34.416453Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (idjhfmgaddmdojcfmhcjnnbhnhbmhipd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/idjhfmgaddmdojcfmhcjnnbhnhbmhipd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.416406Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:idjhfmgaddmdojcfmhcjnnbhnhbmhipd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/idjhfmgaddmdojcfmhcjnnbhnhbmhipd", "external_id": "idjhfmgaddmdojcfmhcjnnbhnhbmhipd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ab437546-7c1a-456f-ba5f-3752f39af5c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.417681Z", "modified": "2026-06-02T15:57:34.417681Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (idkdfocppofcdgahffjbehkjiilagofm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/idkdfocppofcdgahffjbehkjiilagofm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.417635Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:idkdfocppofcdgahffjbehkjiilagofm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/idkdfocppofcdgahffjbehkjiilagofm", "external_id": "idkdfocppofcdgahffjbehkjiilagofm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--14d9b484-3850-45f8-9254-2282d3ff6e47", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.418913Z", "modified": "2026-06-02T15:57:34.418913Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (idmmfeifgahenlbokojjpojclkflmdfm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/idmmfeifgahenlbokojjpojclkflmdfm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.418867Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:idmmfeifgahenlbokojjpojclkflmdfm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/idmmfeifgahenlbokojjpojclkflmdfm", "external_id": "idmmfeifgahenlbokojjpojclkflmdfm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--08a8377a-a8d4-409d-ae82-17c0d4612f16", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.420152Z", "modified": "2026-06-02T15:57:34.420152Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (idngjfdlfbfgecemidnhbdcogggnjkpg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/idngjfdlfbfgecemidnhbdcogggnjkpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.420106Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:idngjfdlfbfgecemidnhbdcogggnjkpg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/idngjfdlfbfgecemidnhbdcogggnjkpg", "external_id": "idngjfdlfbfgecemidnhbdcogggnjkpg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3754cb58-8ac9-4976-9cfe-81ac10733e3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.421371Z", "modified": "2026-06-02T15:57:34.421371Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iebajjiigkoboenolgbailggigojofmh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iebajjiigkoboenolgbailggigojofmh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.421324Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iebajjiigkoboenolgbailggigojofmh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iebajjiigkoboenolgbailggigojofmh", "external_id": "iebajjiigkoboenolgbailggigojofmh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ed968c2e-c814-43ad-a773-5b56352912ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.422618Z", "modified": "2026-06-02T15:57:34.422618Z", "name": "Malicious Extension: AI Webcam Effects + Recorder: Google Meet, Zoom, Discord & Other Meetings", "description": "Malicious browser extension: AI Webcam Effects + Recorder: Google Meet, Zoom, Discord & Other Meetings (iedbphhbpflhgpihkcceocomcdnemcbj) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=192). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iedbphhbpflhgpihkcceocomcdnemcbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.422571Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iedbphhbpflhgpihkcceocomcdnemcbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iedbphhbpflhgpihkcceocomcdnemcbj", "external_id": "iedbphhbpflhgpihkcceocomcdnemcbj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--05d0583d-a14f-4aa1-9529-75025d76cd48", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.424988Z", "modified": "2026-06-02T15:57:34.424988Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iedkeilnpbkeecjpmkelnglnjpnacnlh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iedkeilnpbkeecjpmkelnglnjpnacnlh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.42494Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iedkeilnpbkeecjpmkelnglnjpnacnlh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iedkeilnpbkeecjpmkelnglnjpnacnlh", "external_id": "iedkeilnpbkeecjpmkelnglnjpnacnlh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bdbb218e-e259-487b-b620-1e922f4b04d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.4263Z", "modified": "2026-06-02T15:57:34.4263Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ieeedagihannmmfohjajlhcebkdjhhgn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ieeedagihannmmfohjajlhcebkdjhhgn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.426253Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ieeedagihannmmfohjajlhcebkdjhhgn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ieeedagihannmmfohjajlhcebkdjhhgn", "external_id": "ieeedagihannmmfohjajlhcebkdjhhgn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6ea72f46-a853-4645-b28e-fa66c8b6f82c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.427571Z", "modified": "2026-06-02T15:57:34.427571Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iefpkdilnfhogjbkhgnliaomoldgkdlj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iefpkdilnfhogjbkhgnliaomoldgkdlj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.427524Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iefpkdilnfhogjbkhgnliaomoldgkdlj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iefpkdilnfhogjbkhgnliaomoldgkdlj", "external_id": "iefpkdilnfhogjbkhgnliaomoldgkdlj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7f2ad43c-86a7-4be0-89c1-032251a526ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.428807Z", "modified": "2026-06-02T15:57:34.428807Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ielbkcjohpgmjhoiadncabphkglejgih) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ielbkcjohpgmjhoiadncabphkglejgih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.428762Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ielbkcjohpgmjhoiadncabphkglejgih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ielbkcjohpgmjhoiadncabphkglejgih", "external_id": "ielbkcjohpgmjhoiadncabphkglejgih"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bdc74668-2504-4f35-a6c9-f9cf5a3ca320", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.430031Z", "modified": "2026-06-02T15:57:34.430031Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ifdinimahpjflpflcgfbbcakpjkjllfo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ifdinimahpjflpflcgfbbcakpjkjllfo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.429984Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ifdinimahpjflpflcgfbbcakpjkjllfo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ifdinimahpjflpflcgfbbcakpjkjllfo", "external_id": "ifdinimahpjflpflcgfbbcakpjkjllfo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cf316802-7cc3-4c5b-9493-aeb86a92f3c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.431279Z", "modified": "2026-06-02T15:57:34.431279Z", "name": "Malicious Extension: Chat with AI", "description": "Malicious browser extension: Chat with AI (ifhigdhiifbnjanhacoedbadhmlkjgae) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ifhigdhiifbnjanhacoedbadhmlkjgae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.431226Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ifhigdhiifbnjanhacoedbadhmlkjgae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ifhigdhiifbnjanhacoedbadhmlkjgae", "external_id": "ifhigdhiifbnjanhacoedbadhmlkjgae"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ece61835-5748-4bf4-94f8-91bead1e4582", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.432515Z", "modified": "2026-06-02T15:57:34.432515Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ifjimhnbnbniiiaihphlclkpfikcdkab) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ifjimhnbnbniiiaihphlclkpfikcdkab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.432467Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ifjimhnbnbniiiaihphlclkpfikcdkab", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ifjimhnbnbniiiaihphlclkpfikcdkab", "external_id": "ifjimhnbnbniiiaihphlclkpfikcdkab"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--15a28fb1-5752-4177-8209-25e29fc5b5af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.433928Z", "modified": "2026-06-02T15:57:34.433928Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ifklcpoenaammhnoddgedlapnodfcjpn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ifklcpoenaammhnoddgedlapnodfcjpn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.433882Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ifklcpoenaammhnoddgedlapnodfcjpn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ifklcpoenaammhnoddgedlapnodfcjpn", "external_id": "ifklcpoenaammhnoddgedlapnodfcjpn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--659910d4-8fc8-47be-9849-af751d9b0ee6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.435189Z", "modified": "2026-06-02T15:57:34.435189Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ifnhdcdnpkicmmellhmkafcjdgoijail) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ifnhdcdnpkicmmellhmkafcjdgoijail']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.43514Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ifnhdcdnpkicmmellhmkafcjdgoijail", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ifnhdcdnpkicmmellhmkafcjdgoijail", "external_id": "ifnhdcdnpkicmmellhmkafcjdgoijail"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e95b5986-3a19-4ed5-a07e-a1b334643e45", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.436431Z", "modified": "2026-06-02T15:57:34.436431Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (igahhbkcppaollcjeaaoapkijbnphfhb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/igahhbkcppaollcjeaaoapkijbnphfhb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.436379Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:igahhbkcppaollcjeaaoapkijbnphfhb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/igahhbkcppaollcjeaaoapkijbnphfhb", "external_id": "igahhbkcppaollcjeaaoapkijbnphfhb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2e8a596f-dcbb-427d-9914-23420e91b5a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.437661Z", "modified": "2026-06-02T15:57:34.437661Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (igcfeiobmdohnoihbbgcehmecnhgnmfe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/igcfeiobmdohnoihbbgcehmecnhgnmfe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.437615Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:igcfeiobmdohnoihbbgcehmecnhgnmfe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/igcfeiobmdohnoihbbgcehmecnhgnmfe", "external_id": "igcfeiobmdohnoihbbgcehmecnhgnmfe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3361fb14-e693-4b66-9637-7a1c083a5f6f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.438889Z", "modified": "2026-06-02T15:57:34.438889Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (igiakpjhacibmaichhgbagdkjmjbnanl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/igiakpjhacibmaichhgbagdkjmjbnanl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.438843Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:igiakpjhacibmaichhgbagdkjmjbnanl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/igiakpjhacibmaichhgbagdkjmjbnanl", "external_id": "igiakpjhacibmaichhgbagdkjmjbnanl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--44eaf8f0-70ec-4345-b638-3ff02206c145", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.440157Z", "modified": "2026-06-02T15:57:34.440157Z", "name": "Malicious Extension: Naruto Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Naruto Cursor \u2605 Custom Cursor for Chrome\u2122 (iglgfjffffiknjajejaleginhanmejec) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iglgfjffffiknjajejaleginhanmejec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.440108Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iglgfjffffiknjajejaleginhanmejec", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iglgfjffffiknjajejaleginhanmejec", "external_id": "iglgfjffffiknjajejaleginhanmejec"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1ec83457-89ca-4c90-88d9-8e2ede9987d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.441449Z", "modified": "2026-06-02T15:57:34.441449Z", "name": "Malicious Extension: Fallout Cursor - Custom Game Cursor for Chrome", "description": "Malicious browser extension: Fallout Cursor - Custom Game Cursor for Chrome (igmblpicjfppdloljoabpiafdlokogno) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/igmblpicjfppdloljoabpiafdlokogno']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.441402Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:igmblpicjfppdloljoabpiafdlokogno", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/igmblpicjfppdloljoabpiafdlokogno", "external_id": "igmblpicjfppdloljoabpiafdlokogno"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6bcb2e7d-e0dc-4656-b466-39548cbf64e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.442893Z", "modified": "2026-06-02T15:57:34.442893Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ihdnbohcfnegemgomjcpckmpnkdgopon) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ihdnbohcfnegemgomjcpckmpnkdgopon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.442847Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ihdnbohcfnegemgomjcpckmpnkdgopon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ihdnbohcfnegemgomjcpckmpnkdgopon", "external_id": "ihdnbohcfnegemgomjcpckmpnkdgopon"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9699996e-00e8-45b5-8568-b38aeffe2018", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.444152Z", "modified": "2026-06-02T15:57:34.444152Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ihhnjdagbgkemablkohbinkpokljlbam) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ihhnjdagbgkemablkohbinkpokljlbam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.444106Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ihhnjdagbgkemablkohbinkpokljlbam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ihhnjdagbgkemablkohbinkpokljlbam", "external_id": "ihhnjdagbgkemablkohbinkpokljlbam"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5e053d83-586c-43b5-a058-48b529c8bdfb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.445386Z", "modified": "2026-06-02T15:57:34.445386Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ihpaojljekidelbeegeekmkinheehbje) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ihpaojljekidelbeegeekmkinheehbje']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.44534Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ihpaojljekidelbeegeekmkinheehbje", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ihpaojljekidelbeegeekmkinheehbje", "external_id": "ihpaojljekidelbeegeekmkinheehbje"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9768010a-6762-45fb-8dfe-86e3246ac65d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.446623Z", "modified": "2026-06-02T15:57:34.446623Z", "name": "Malicious Extension: AtendaZap", "description": "Malicious browser extension: AtendaZap (iibldfhmeiipohbjlkhfgnjhcmkknffi) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iibldfhmeiipohbjlkhfgnjhcmkknffi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.446576Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:iibldfhmeiipohbjlkhfgnjhcmkknffi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iibldfhmeiipohbjlkhfgnjhcmkknffi", "external_id": "iibldfhmeiipohbjlkhfgnjhcmkknffi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dc661aa2-91fb-418a-98b5-62c4af53e8fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.447873Z", "modified": "2026-06-02T15:57:34.447873Z", "name": "Malicious Extension: Infinite Mario Bros Offline", "description": "Malicious browser extension: Infinite Mario Bros Offline (iiclalbandeleomiglahokbnnlmbajpl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iiclalbandeleomiglahokbnnlmbajpl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.447818Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iiclalbandeleomiglahokbnnlmbajpl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iiclalbandeleomiglahokbnnlmbajpl", "external_id": "iiclalbandeleomiglahokbnnlmbajpl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--74db1c25-9047-4a99-a13c-a66fe39fff48", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.449106Z", "modified": "2026-06-02T15:57:34.449106Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iiegilogjnagependdonbfcmfmmaamon) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iiegilogjnagependdonbfcmfmmaamon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.449059Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iiegilogjnagependdonbfcmfmmaamon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iiegilogjnagependdonbfcmfmmaamon", "external_id": "iiegilogjnagependdonbfcmfmmaamon"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a07bd37b-cd63-43f5-81f9-b6281ba5c417", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.45034Z", "modified": "2026-06-02T15:57:34.45034Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iikipimjoiepbfmpiglnkgkcepnkjfie) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iikipimjoiepbfmpiglnkgkcepnkjfie']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.450289Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iikipimjoiepbfmpiglnkgkcepnkjfie", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iikipimjoiepbfmpiglnkgkcepnkjfie", "external_id": "iikipimjoiepbfmpiglnkgkcepnkjfie"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--39b1cee2-0157-4df8-b58a-cafe5e82b885", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.451784Z", "modified": "2026-06-02T15:57:34.451784Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ijapakghdgckgblfgjobhcfglebbkebf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ijapakghdgckgblfgjobhcfglebbkebf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.451735Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ijapakghdgckgblfgjobhcfglebbkebf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ijapakghdgckgblfgjobhcfglebbkebf", "external_id": "ijapakghdgckgblfgjobhcfglebbkebf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bf9e9922-982d-4002-94ef-9fa55931b47b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.45317Z", "modified": "2026-06-02T15:57:34.45317Z", "name": "Malicious Extension: Hunter x Hunter Cursor - Custom Anime Cursor for Chrome", "description": "Malicious browser extension: Hunter x Hunter Cursor - Custom Anime Cursor for Chrome (ijccagageaijbfaefkflkepnglppdlnn) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ijccagageaijbfaefkflkepnglppdlnn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.453122Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ijccagageaijbfaefkflkepnglppdlnn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ijccagageaijbfaefkflkepnglppdlnn", "external_id": "ijccagageaijbfaefkflkepnglppdlnn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0ab6fc08-fffd-441e-9138-d302def6fb4d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.454453Z", "modified": "2026-06-02T15:57:34.454453Z", "name": "Malicious Extension: Verk - Direto no whatsapp, Automa\u00e7\u00f5es e IA para vendas", "description": "Malicious browser extension: Verk - Direto no whatsapp, Automa\u00e7\u00f5es e IA para vendas (ijdgdpgjggoehifckpmpdmfpnkdakkne) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ijdgdpgjggoehifckpmpdmfpnkdakkne']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.454406Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ijdgdpgjggoehifckpmpdmfpnkdakkne", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ijdgdpgjggoehifckpmpdmfpnkdakkne", "external_id": "ijdgdpgjggoehifckpmpdmfpnkdakkne"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--700d862a-2e8b-4477-bb74-45e2489d6d9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.455713Z", "modified": "2026-06-02T15:57:34.455713Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ijhbioflmfpgfmgapjnojopobfncdeif) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ijhbioflmfpgfmgapjnojopobfncdeif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.455666Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ijhbioflmfpgfmgapjnojopobfncdeif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ijhbioflmfpgfmgapjnojopobfncdeif", "external_id": "ijhbioflmfpgfmgapjnojopobfncdeif"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fde2b856-cb93-44a4-a4f7-1fb1880298dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.456943Z", "modified": "2026-06-02T15:57:34.456943Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ikajognfijokhbgjdhgpemljgcjclpmn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ikajognfijokhbgjdhgpemljgcjclpmn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.456896Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ikajognfijokhbgjdhgpemljgcjclpmn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ikajognfijokhbgjdhgpemljgcjclpmn", "external_id": "ikajognfijokhbgjdhgpemljgcjclpmn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c4ed092e-5c74-43a5-9c6c-639519de6c5d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.458193Z", "modified": "2026-06-02T15:57:34.458193Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ikfmaobmeapnkohnoaflbanhmfocgiob) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ikfmaobmeapnkohnoaflbanhmfocgiob']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.458146Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ikfmaobmeapnkohnoaflbanhmfocgiob", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ikfmaobmeapnkohnoaflbanhmfocgiob", "external_id": "ikfmaobmeapnkohnoaflbanhmfocgiob"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aedf35a1-1cef-4a4f-8e8e-bd18e38deea9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.459435Z", "modified": "2026-06-02T15:57:34.459435Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ikgaleggljchgbihlaanjbkekmmgccam) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ikgaleggljchgbihlaanjbkekmmgccam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.459389Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ikgaleggljchgbihlaanjbkekmmgccam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ikgaleggljchgbihlaanjbkekmmgccam", "external_id": "ikgaleggljchgbihlaanjbkekmmgccam"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e86a045d-32a3-412b-a50a-89016bdc35e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.460852Z", "modified": "2026-06-02T15:57:34.460852Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ikhpipnkpbedjbmlgppdejmcdnjecded) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ikhpipnkpbedjbmlgppdejmcdnjecded']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.460807Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ikhpipnkpbedjbmlgppdejmcdnjecded", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ikhpipnkpbedjbmlgppdejmcdnjecded", "external_id": "ikhpipnkpbedjbmlgppdejmcdnjecded"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c514c57c-f8ad-4d83-9fb0-0c0e7c69d177", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.462089Z", "modified": "2026-06-02T15:57:34.462089Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ikkoanocgpdmmiamnkogipbpdpckcahn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ikkoanocgpdmmiamnkogipbpdpckcahn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.462041Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ikkoanocgpdmmiamnkogipbpdpckcahn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ikkoanocgpdmmiamnkogipbpdpckcahn", "external_id": "ikkoanocgpdmmiamnkogipbpdpckcahn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--47bac6c6-8cd8-4da9-ab94-4fcaba347968", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.463339Z", "modified": "2026-06-02T15:57:34.463339Z", "name": "Malicious Extension: Kentro", "description": "Malicious browser extension: Kentro (ikliliinakofoiojghnipegfphmoljla) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ikliliinakofoiojghnipegfphmoljla']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.463292Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ikliliinakofoiojghnipegfphmoljla", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ikliliinakofoiojghnipegfphmoljla", "external_id": "ikliliinakofoiojghnipegfphmoljla"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ee5b649f-e7cf-49a7-acf3-a2796890fe9c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.464576Z", "modified": "2026-06-02T15:57:34.464576Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ilcjgmjecbhpgpipmkfkibjopafpbcag) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ilcjgmjecbhpgpipmkfkibjopafpbcag']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.464521Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ilcjgmjecbhpgpipmkfkibjopafpbcag", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ilcjgmjecbhpgpipmkfkibjopafpbcag", "external_id": "ilcjgmjecbhpgpipmkfkibjopafpbcag"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8d7ad215-777c-487a-88cc-57d62380c427", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.465821Z", "modified": "2026-06-02T15:57:34.465821Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ileojfedpkdbkcchpnghhaebfoimamop) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ileojfedpkdbkcchpnghhaebfoimamop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.465775Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ileojfedpkdbkcchpnghhaebfoimamop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ileojfedpkdbkcchpnghhaebfoimamop", "external_id": "ileojfedpkdbkcchpnghhaebfoimamop"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c5228807-84a2-43bd-93a8-921e15f7f3d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.467058Z", "modified": "2026-06-02T15:57:34.467058Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ilgbcnkedmncjlhpfconadpjnhlflejf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ilgbcnkedmncjlhpfconadpjnhlflejf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.467006Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ilgbcnkedmncjlhpfconadpjnhlflejf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ilgbcnkedmncjlhpfconadpjnhlflejf", "external_id": "ilgbcnkedmncjlhpfconadpjnhlflejf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d0226885-4053-43ef-88e7-8319d1656fcd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.468321Z", "modified": "2026-06-02T15:57:34.468321Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ilhmpmehcagdoeijhdondmidljihohfc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ilhmpmehcagdoeijhdondmidljihohfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.468273Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ilhmpmehcagdoeijhdondmidljihohfc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ilhmpmehcagdoeijhdondmidljihohfc", "external_id": "ilhmpmehcagdoeijhdondmidljihohfc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0544b0a4-150f-44e2-9a5a-f6d1d8e7d9c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.469798Z", "modified": "2026-06-02T15:57:34.469798Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ilkeadgdlbmabcdkgmiogcamcogbjoii) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ilkeadgdlbmabcdkgmiogcamcogbjoii']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.46975Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ilkeadgdlbmabcdkgmiogcamcogbjoii", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ilkeadgdlbmabcdkgmiogcamcogbjoii", "external_id": "ilkeadgdlbmabcdkgmiogcamcogbjoii"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ef0a03a0-9fe5-4d0b-80c3-a04c6dcb460e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.47109Z", "modified": "2026-06-02T15:57:34.47109Z", "name": "Malicious Extension: WaSeller - Perder vendas no WhatsApp n\u00e3o \u00e9 normal", "description": "Malicious browser extension: WaSeller - Perder vendas no WhatsApp n\u00e3o \u00e9 normal (illemhbijpiebjfilfmgebahaakajkpe) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/illemhbijpiebjfilfmgebahaakajkpe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.471041Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:illemhbijpiebjfilfmgebahaakajkpe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/illemhbijpiebjfilfmgebahaakajkpe", "external_id": "illemhbijpiebjfilfmgebahaakajkpe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3683dcd8-3750-4d80-9d3b-cee793a4d6a3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.472405Z", "modified": "2026-06-02T15:57:34.472405Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (imdfikikfkflcgioaidldbhhoknmdfee) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/imdfikikfkflcgioaidldbhhoknmdfee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.472355Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:imdfikikfkflcgioaidldbhhoknmdfee", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/imdfikikfkflcgioaidldbhhoknmdfee", "external_id": "imdfikikfkflcgioaidldbhhoknmdfee"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0f00ff66-ce4f-4b98-a90b-f918c3a331ea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.473717Z", "modified": "2026-06-02T15:57:34.473717Z", "name": "Malicious Extension: WaClinic", "description": "Malicious browser extension: WaClinic (imgjapefioodjkjipgpnohmceghomkmb) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/imgjapefioodjkjipgpnohmceghomkmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.473669Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:imgjapefioodjkjipgpnohmceghomkmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/imgjapefioodjkjipgpnohmceghomkmb", "external_id": "imgjapefioodjkjipgpnohmceghomkmb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2e3acabd-3547-4140-b0c8-5e0daa1dc90a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.474999Z", "modified": "2026-06-02T15:57:34.474999Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (imgobajicoilkgmmoolognglaljhokno) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/imgobajicoilkgmmoolognglaljhokno']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.474951Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:imgobajicoilkgmmoolognglaljhokno", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/imgobajicoilkgmmoolognglaljhokno", "external_id": "imgobajicoilkgmmoolognglaljhokno"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--17da4131-a674-48a3-b52b-85cde2514c39", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.476288Z", "modified": "2026-06-02T15:57:34.476288Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (imhlnhlbiencamnbpigopiibddajimep) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/imhlnhlbiencamnbpigopiibddajimep']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.476241Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:imhlnhlbiencamnbpigopiibddajimep", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/imhlnhlbiencamnbpigopiibddajimep", "external_id": "imhlnhlbiencamnbpigopiibddajimep"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8357fd41-bf3d-4e4e-8770-b69640321adc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.477549Z", "modified": "2026-06-02T15:57:34.477549Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (imkngaibigegepnlckfcbecjoilcjbhf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/imkngaibigegepnlckfcbecjoilcjbhf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.477503Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:imkngaibigegepnlckfcbecjoilcjbhf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/imkngaibigegepnlckfcbecjoilcjbhf", "external_id": "imkngaibigegepnlckfcbecjoilcjbhf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4a925119-1bc7-4da7-8589-73233fad4ed6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.479058Z", "modified": "2026-06-02T15:57:34.479058Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (immheffbkopbhdlaaahedhehiaakkpaj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/immheffbkopbhdlaaahedhehiaakkpaj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.478995Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:immheffbkopbhdlaaahedhehiaakkpaj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/immheffbkopbhdlaaahedhehiaakkpaj", "external_id": "immheffbkopbhdlaaahedhehiaakkpaj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ec4fc5ec-0a59-4d45-87aa-f41bcb934270", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.480602Z", "modified": "2026-06-02T15:57:34.480602Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (inbiiigaagjmcbibnecadfgeihghhfja) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/inbiiigaagjmcbibnecadfgeihghhfja']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.480554Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:inbiiigaagjmcbibnecadfgeihghhfja", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/inbiiigaagjmcbibnecadfgeihghhfja", "external_id": "inbiiigaagjmcbibnecadfgeihghhfja"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--97a05772-1369-47fe-96f2-92e58fa3f634", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.481964Z", "modified": "2026-06-02T15:57:34.481964Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (inbmcaiilhlpeepmlenjhnblgflmknme) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/inbmcaiilhlpeepmlenjhnblgflmknme']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.481908Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:inbmcaiilhlpeepmlenjhnblgflmknme", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/inbmcaiilhlpeepmlenjhnblgflmknme", "external_id": "inbmcaiilhlpeepmlenjhnblgflmknme"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bb1fd2b0-987d-4149-8f89-3745ceee65af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.483328Z", "modified": "2026-06-02T15:57:34.483328Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (inhiciabodleebpfchicllicbijcefhg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/inhiciabodleebpfchicllicbijcefhg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.48328Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:inhiciabodleebpfchicllicbijcefhg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/inhiciabodleebpfchicllicbijcefhg", "external_id": "inhiciabodleebpfchicllicbijcefhg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--76ca5c84-a898-4f49-bc09-bdf2012a6d6b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.484666Z", "modified": "2026-06-02T15:57:34.484666Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (inhliijakcoojghlfgbogapleildhghb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/inhliijakcoojghlfgbogapleildhghb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.484607Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:inhliijakcoojghlfgbogapleildhghb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/inhliijakcoojghlfgbogapleildhghb", "external_id": "inhliijakcoojghlfgbogapleildhghb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1a414b11-b16e-4745-a629-1f71e5a80866", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.485964Z", "modified": "2026-06-02T15:57:34.485964Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (inhmbedecadikokanjcblbdaijhpjjln) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/inhmbedecadikokanjcblbdaijhpjjln']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.485915Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:inhmbedecadikokanjcblbdaijhpjjln", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/inhmbedecadikokanjcblbdaijhpjjln", "external_id": "inhmbedecadikokanjcblbdaijhpjjln"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--694933e9-4e9b-44fc-8bd5-3f6a732259e0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.487237Z", "modified": "2026-06-02T15:57:34.487237Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (inidhkdhmknfjijeokklpobceghknimk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/inidhkdhmknfjijeokklpobceghknimk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.487189Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:inidhkdhmknfjijeokklpobceghknimk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/inidhkdhmknfjijeokklpobceghknimk", "external_id": "inidhkdhmknfjijeokklpobceghknimk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--73890bd5-eff7-42be-b2c9-2f9a7d543d61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.488709Z", "modified": "2026-06-02T15:57:34.488709Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (injnjbcogjhcjhnhcbmlahgikemedbko) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/injnjbcogjhcjhnhcbmlahgikemedbko']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.488663Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:injnjbcogjhcjhnhcbmlahgikemedbko", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/injnjbcogjhcjhnhcbmlahgikemedbko", "external_id": "injnjbcogjhcjhnhcbmlahgikemedbko"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--42ba12d3-1837-421c-80ad-f41ab4ada3ba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.489959Z", "modified": "2026-06-02T15:57:34.489959Z", "name": "Malicious Extension: ConnectGenie - Linkedin AI Assistant", "description": "Malicious browser extension: ConnectGenie - Linkedin AI Assistant (inloipbahbmhelpokmejailbmcegccal) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=52). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/inloipbahbmhelpokmejailbmcegccal']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.489913Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:inloipbahbmhelpokmejailbmcegccal", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/inloipbahbmhelpokmejailbmcegccal", "external_id": "inloipbahbmhelpokmejailbmcegccal"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b716ea85-394a-4653-a635-534b9bc31c8e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.491204Z", "modified": "2026-06-02T15:57:34.491204Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ioaeacncbhpmlkediaagefiegegknglc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ioaeacncbhpmlkediaagefiegegknglc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.491156Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ioaeacncbhpmlkediaagefiegegknglc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ioaeacncbhpmlkediaagefiegegknglc", "external_id": "ioaeacncbhpmlkediaagefiegegknglc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--72e6dae4-ea26-46f4-bf1d-e54395db75f5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.492447Z", "modified": "2026-06-02T15:57:34.492447Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iocbgfeimcjdcnlppmhjpjonciejmhnp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iocbgfeimcjdcnlppmhjpjonciejmhnp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.492399Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iocbgfeimcjdcnlppmhjpjonciejmhnp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iocbgfeimcjdcnlppmhjpjonciejmhnp", "external_id": "iocbgfeimcjdcnlppmhjpjonciejmhnp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e9587fac-15af-46a6-8f5e-90285118da7f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.493684Z", "modified": "2026-06-02T15:57:34.493684Z", "name": "Malicious Extension: Palette Creator", "description": "Malicious browser extension: Palette Creator (iofmialeiddolmdlkbheakaefefkjokp) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=72). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iofmialeiddolmdlkbheakaefefkjokp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.493637Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iofmialeiddolmdlkbheakaefefkjokp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iofmialeiddolmdlkbheakaefefkjokp", "external_id": "iofmialeiddolmdlkbheakaefefkjokp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--64c341cf-33db-4c36-9e73-bff9b8d23a53", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.494903Z", "modified": "2026-06-02T15:57:34.494903Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iojoiocmnkglehhfhfmhobpbikieodle) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iojoiocmnkglehhfhfmhobpbikieodle']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.494858Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iojoiocmnkglehhfhfmhobpbikieodle", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iojoiocmnkglehhfhfmhobpbikieodle", "external_id": "iojoiocmnkglehhfhfmhobpbikieodle"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8ab81fb8-f88f-4c18-ba7d-e236466e78be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.496142Z", "modified": "2026-06-02T15:57:34.496142Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ioofbfcjhabkdfhngedpocamlakdanlk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ioofbfcjhabkdfhngedpocamlakdanlk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.496096Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ioofbfcjhabkdfhngedpocamlakdanlk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ioofbfcjhabkdfhngedpocamlakdanlk", "external_id": "ioofbfcjhabkdfhngedpocamlakdanlk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--824a9d5e-2bd2-41ca-9503-b922d2e59ad4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.497566Z", "modified": "2026-06-02T15:57:34.497566Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ipanmolgobfbmpggfgpjjojjmbndafhn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ipanmolgobfbmpggfgpjjojjmbndafhn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.497518Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ipanmolgobfbmpggfgpjjojjmbndafhn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ipanmolgobfbmpggfgpjjojjmbndafhn", "external_id": "ipanmolgobfbmpggfgpjjojjmbndafhn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a7abb310-2c0f-4a5d-abe4-b8df8754aa8d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.498811Z", "modified": "2026-06-02T15:57:34.498811Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iphacjobmeoknlhenjfiilbkddgaljad) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iphacjobmeoknlhenjfiilbkddgaljad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.498765Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iphacjobmeoknlhenjfiilbkddgaljad", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iphacjobmeoknlhenjfiilbkddgaljad", "external_id": "iphacjobmeoknlhenjfiilbkddgaljad"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b48b8b10-4910-4958-95e2-68bba2b8913b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.500061Z", "modified": "2026-06-02T15:57:34.500061Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ipijpioemaopkhpjhihdibldodmdpfjl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ipijpioemaopkhpjhihdibldodmdpfjl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.500014Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ipijpioemaopkhpjhihdibldodmdpfjl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ipijpioemaopkhpjhihdibldodmdpfjl", "external_id": "ipijpioemaopkhpjhihdibldodmdpfjl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dfbfcf27-4788-4b1b-bcdc-5824fc7e977f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.501295Z", "modified": "2026-06-02T15:57:34.501295Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ipjgfhcjeckaibnohigmbcaonfcjepmb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ipjgfhcjeckaibnohigmbcaonfcjepmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.501249Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ipjgfhcjeckaibnohigmbcaonfcjepmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ipjgfhcjeckaibnohigmbcaonfcjepmb", "external_id": "ipjgfhcjeckaibnohigmbcaonfcjepmb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a6142a73-80b7-43a6-baa4-9306e5a40372", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.50232Z", "modified": "2026-06-02T15:57:34.50232Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ipmmidjikilclkbnglogmgoofbhjikgb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ipmmidjikilclkbnglogmgoofbhjikgb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.502283Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ipmmidjikilclkbnglogmgoofbhjikgb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ipmmidjikilclkbnglogmgoofbhjikgb", "external_id": "ipmmidjikilclkbnglogmgoofbhjikgb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d252e15c-2bd3-49b3-b443-053df6fa03b8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.503332Z", "modified": "2026-06-02T15:57:34.503332Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ipnlcfhfdicbfbchfoihipknbaeenenm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ipnlcfhfdicbfbchfoihipknbaeenenm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.503295Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ipnlcfhfdicbfbchfoihipknbaeenenm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ipnlcfhfdicbfbchfoihipknbaeenenm", "external_id": "ipnlcfhfdicbfbchfoihipknbaeenenm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7117fec9-d753-488c-81ac-75b55069b416", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.504329Z", "modified": "2026-06-02T15:57:34.504329Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ipokalojgdmhfpagmhnjokidnpjfnfik) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ipokalojgdmhfpagmhnjokidnpjfnfik']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.504292Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ipokalojgdmhfpagmhnjokidnpjfnfik", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ipokalojgdmhfpagmhnjokidnpjfnfik", "external_id": "ipokalojgdmhfpagmhnjokidnpjfnfik"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6048cd34-7570-4a1c-b495-ec38da3c1061", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.505487Z", "modified": "2026-06-02T15:57:34.505487Z", "name": "Malicious Extension: WAFACIL", "description": "Malicious browser extension: WAFACIL (jacgfjfdnjamjbdkihblimkekfoiiafi) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jacgfjfdnjamjbdkihblimkekfoiiafi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.50545Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jacgfjfdnjamjbdkihblimkekfoiiafi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jacgfjfdnjamjbdkihblimkekfoiiafi", "external_id": "jacgfjfdnjamjbdkihblimkekfoiiafi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cb732453-2bc9-48f3-af8d-e6f910fb637d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.506479Z", "modified": "2026-06-02T15:57:34.506479Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jacilgchggenbmgbfnehcegalhlgpnhf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jacilgchggenbmgbfnehcegalhlgpnhf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.506442Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jacilgchggenbmgbfnehcegalhlgpnhf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jacilgchggenbmgbfnehcegalhlgpnhf", "external_id": "jacilgchggenbmgbfnehcegalhlgpnhf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fb37cf8d-4a42-402c-b1ac-b33cadca2d0b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.507494Z", "modified": "2026-06-02T15:57:34.507494Z", "name": "Malicious Extension: WaPROdy", "description": "Malicious browser extension: WaPROdy (jadgponjpllhepidoclncpogkhcnepac) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jadgponjpllhepidoclncpogkhcnepac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.507456Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jadgponjpllhepidoclncpogkhcnepac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jadgponjpllhepidoclncpogkhcnepac", "external_id": "jadgponjpllhepidoclncpogkhcnepac"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e9cbda4c-b1b1-4d54-acdd-2a9a802320bb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.508487Z", "modified": "2026-06-02T15:57:34.508487Z", "name": "Malicious Extension: Care.Sale", "description": "Malicious browser extension: Care.Sale (jaioobipjdejpeckgojiojjahmkiaihp) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=252). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jaioobipjdejpeckgojiojjahmkiaihp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.50845Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jaioobipjdejpeckgojiojjahmkiaihp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jaioobipjdejpeckgojiojjahmkiaihp", "external_id": "jaioobipjdejpeckgojiojjahmkiaihp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2fad0693-091a-4127-bae1-f4d2f388cfa9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.509467Z", "modified": "2026-06-02T15:57:34.509467Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jajikjbellknnfcomfjjinfjokihcfoi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jajikjbellknnfcomfjjinfjokihcfoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.509431Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jajikjbellknnfcomfjjinfjokihcfoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jajikjbellknnfcomfjjinfjokihcfoi", "external_id": "jajikjbellknnfcomfjjinfjokihcfoi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--89595dd3-1d35-4969-991e-f4603d2e95b2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.510456Z", "modified": "2026-06-02T15:57:34.510456Z", "name": "Malicious Extension: Dragon Ball Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Dragon Ball Cursor \u2605 Custom Cursor for Chrome\u2122 (jalaoplogcelljfhlodnagfepednmilm) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jalaoplogcelljfhlodnagfepednmilm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.510418Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jalaoplogcelljfhlodnagfepednmilm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jalaoplogcelljfhlodnagfepednmilm", "external_id": "jalaoplogcelljfhlodnagfepednmilm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eb15175c-f54a-47a8-b9db-ae58891e4da7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.511445Z", "modified": "2026-06-02T15:57:34.511445Z", "name": "Malicious Extension: Amazon Listing Score Checker", "description": "Malicious browser extension: Amazon Listing Score Checker (jaojpdijbaolkhkifpgbjnhfbmckoojh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jaojpdijbaolkhkifpgbjnhfbmckoojh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.511409Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jaojpdijbaolkhkifpgbjnhfbmckoojh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jaojpdijbaolkhkifpgbjnhfbmckoojh", "external_id": "jaojpdijbaolkhkifpgbjnhfbmckoojh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--003311f4-313e-4509-b2ae-5e4b3c5e8f92", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.512621Z", "modified": "2026-06-02T15:57:34.512621Z", "name": "Malicious Extension: Waat: CRM e Vendas no WhatsApp Web", "description": "Malicious browser extension: Waat: CRM e Vendas no WhatsApp Web (jaonmiiccahaddjkdhaonhfhdiagfbdh) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jaonmiiccahaddjkdhaonhfhdiagfbdh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.512583Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jaonmiiccahaddjkdhaonhfhdiagfbdh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jaonmiiccahaddjkdhaonhfhdiagfbdh", "external_id": "jaonmiiccahaddjkdhaonhfhdiagfbdh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bdcb8d61-7550-429b-9fea-2798d71b81b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.513615Z", "modified": "2026-06-02T15:57:34.513615Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jbajdpebknffiaenkdhopebkolgdlfaf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jbajdpebknffiaenkdhopebkolgdlfaf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.513578Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jbajdpebknffiaenkdhopebkolgdlfaf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jbajdpebknffiaenkdhopebkolgdlfaf", "external_id": "jbajdpebknffiaenkdhopebkolgdlfaf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--839a418d-1e72-4862-a462-1cf2f5f0dbb8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.514597Z", "modified": "2026-06-02T15:57:34.514597Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jbbanajdakjmholbhekdkcfekhibilhg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jbbanajdakjmholbhekdkcfekhibilhg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.514559Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jbbanajdakjmholbhekdkcfekhibilhg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jbbanajdakjmholbhekdkcfekhibilhg", "external_id": "jbbanajdakjmholbhekdkcfekhibilhg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0e7b815c-89ee-4775-af0a-05b3a898a65b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.515588Z", "modified": "2026-06-02T15:57:34.515588Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jbdegnmcajkhjemebonejojlgkgcddhc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jbdegnmcajkhjemebonejojlgkgcddhc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.515551Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jbdegnmcajkhjemebonejojlgkgcddhc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jbdegnmcajkhjemebonejojlgkgcddhc", "external_id": "jbdegnmcajkhjemebonejojlgkgcddhc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c7b041e3-54d4-4520-abe6-829f0861b3db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.516575Z", "modified": "2026-06-02T15:57:34.516575Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jbkldgcpnklohmbllpghikjpbookjkfa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jbkldgcpnklohmbllpghikjpbookjkfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.516538Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jbkldgcpnklohmbllpghikjpbookjkfa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jbkldgcpnklohmbllpghikjpbookjkfa", "external_id": "jbkldgcpnklohmbllpghikjpbookjkfa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--525c105f-2732-49b4-968b-88e8fdf68653", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.517551Z", "modified": "2026-06-02T15:57:34.517551Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jcfjkcgmoglkdoljgbenmiijodgjdnof) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jcfjkcgmoglkdoljgbenmiijodgjdnof']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.517515Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jcfjkcgmoglkdoljgbenmiijodgjdnof", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jcfjkcgmoglkdoljgbenmiijodgjdnof", "external_id": "jcfjkcgmoglkdoljgbenmiijodgjdnof"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3e5937ea-e57f-4b05-8c0a-480da8e0e908", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.518537Z", "modified": "2026-06-02T15:57:34.518537Z", "name": "Malicious Extension: ZarpGo", "description": "Malicious browser extension: ZarpGo (jcjodbceolndbhnbljiedcanmglmhmop) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jcjodbceolndbhnbljiedcanmglmhmop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.5185Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jcjodbceolndbhnbljiedcanmglmhmop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jcjodbceolndbhnbljiedcanmglmhmop", "external_id": "jcjodbceolndbhnbljiedcanmglmhmop"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ff915287-6b77-47fc-bc31-2719cd8ba032", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.519698Z", "modified": "2026-06-02T15:57:34.519698Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jckkfbfmofganecnnpfndfjifnimpcel) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jckkfbfmofganecnnpfndfjifnimpcel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.519661Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jckkfbfmofganecnnpfndfjifnimpcel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jckkfbfmofganecnnpfndfjifnimpcel", "external_id": "jckkfbfmofganecnnpfndfjifnimpcel"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b0cc18d7-08f3-4c79-a7a8-1d0e9467ad2e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.520691Z", "modified": "2026-06-02T15:57:34.520691Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jckoejjnaljgkmgblmbodoegoefofhee) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jckoejjnaljgkmgblmbodoegoefofhee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.520653Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jckoejjnaljgkmgblmbodoegoefofhee", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jckoejjnaljgkmgblmbodoegoefofhee", "external_id": "jckoejjnaljgkmgblmbodoegoefofhee"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b4109068-66be-482e-a0a7-578dafa3b830", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.521674Z", "modified": "2026-06-02T15:57:34.521674Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jcmafjkjpkcdeiehphcopnelbgjeekge) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jcmafjkjpkcdeiehphcopnelbgjeekge']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.521637Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jcmafjkjpkcdeiehphcopnelbgjeekge", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jcmafjkjpkcdeiehphcopnelbgjeekge", "external_id": "jcmafjkjpkcdeiehphcopnelbgjeekge"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3a4f1a7e-6c3a-4fb7-95a4-67a03b915917", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.522665Z", "modified": "2026-06-02T15:57:34.522665Z", "name": "Malicious Extension: BTS Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: BTS Cursor \u2605 Custom Cursor for Chrome\u2122 (jddaakabhmcbgfnbkgcjfeigbnbcdjgn) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jddaakabhmcbgfnbkgcjfeigbnbcdjgn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.522627Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jddaakabhmcbgfnbkgcjfeigbnbcdjgn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jddaakabhmcbgfnbkgcjfeigbnbcdjgn", "external_id": "jddaakabhmcbgfnbkgcjfeigbnbcdjgn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--56de459f-4df4-4cf5-b3ca-ef7b658e5979", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.523666Z", "modified": "2026-06-02T15:57:34.523666Z", "name": "Malicious Extension: Supercars Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Supercars Cursor \u2605 Custom Cursor for Chrome\u2122 (jddgindpdjdojhenigliipabmmckcofh) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jddgindpdjdojhenigliipabmmckcofh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.523629Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jddgindpdjdojhenigliipabmmckcofh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jddgindpdjdojhenigliipabmmckcofh", "external_id": "jddgindpdjdojhenigliipabmmckcofh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--37e796e4-4d4e-44f4-8c4d-bccb439c706f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.524652Z", "modified": "2026-06-02T15:57:34.524652Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jdehnhjckcbfdkgnlbfjokofagpbbdgl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jdehnhjckcbfdkgnlbfjokofagpbbdgl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.524614Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jdehnhjckcbfdkgnlbfjokofagpbbdgl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jdehnhjckcbfdkgnlbfjokofagpbbdgl", "external_id": "jdehnhjckcbfdkgnlbfjokofagpbbdgl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3b9e25d8-4a64-4302-8bfd-2b1088227290", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.525681Z", "modified": "2026-06-02T15:57:34.525681Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jdfhogfabmocclgjnkfhokhaoecbmijj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jdfhogfabmocclgjnkfhokhaoecbmijj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.525643Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jdfhogfabmocclgjnkfhokhaoecbmijj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jdfhogfabmocclgjnkfhokhaoecbmijj", "external_id": "jdfhogfabmocclgjnkfhokhaoecbmijj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4238f191-d585-4cda-83f5-c2f0b128e072", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.527667Z", "modified": "2026-06-02T15:57:34.527667Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jdhlmbbkcnblagpianmgafolcpmlmbfa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jdhlmbbkcnblagpianmgafolcpmlmbfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.527621Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jdhlmbbkcnblagpianmgafolcpmlmbfa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jdhlmbbkcnblagpianmgafolcpmlmbfa", "external_id": "jdhlmbbkcnblagpianmgafolcpmlmbfa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a0a5917d-bca1-4b0a-befa-0b0789672bf2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.528733Z", "modified": "2026-06-02T15:57:34.528733Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jdlefhppknmjnjopnlhemlhofecafkhd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jdlefhppknmjnjopnlhemlhofecafkhd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.528696Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jdlefhppknmjnjopnlhemlhofecafkhd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jdlefhppknmjnjopnlhemlhofecafkhd", "external_id": "jdlefhppknmjnjopnlhemlhofecafkhd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--29f806d1-b550-4a4c-ab16-de1cd069bc6d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.52974Z", "modified": "2026-06-02T15:57:34.52974Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jeaebbdndojkbnnfcaihgokhnakocbnf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jeaebbdndojkbnnfcaihgokhnakocbnf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.529703Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jeaebbdndojkbnnfcaihgokhnakocbnf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jeaebbdndojkbnnfcaihgokhnakocbnf", "external_id": "jeaebbdndojkbnnfcaihgokhnakocbnf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2bacbba9-1b0d-4b5c-8cde-180d19e3564d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.530827Z", "modified": "2026-06-02T15:57:34.530827Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jedaibnliemmghjomdaejniddjcdbhom) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jedaibnliemmghjomdaejniddjcdbhom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.530789Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jedaibnliemmghjomdaejniddjcdbhom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jedaibnliemmghjomdaejniddjcdbhom", "external_id": "jedaibnliemmghjomdaejniddjcdbhom"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a7d7fced-c1af-4e87-ad9a-2082cb0c25c9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.531838Z", "modified": "2026-06-02T15:57:34.531838Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jedmjcmddadejphppaligbfldbhamnih) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jedmjcmddadejphppaligbfldbhamnih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.531801Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jedmjcmddadejphppaligbfldbhamnih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jedmjcmddadejphppaligbfldbhamnih", "external_id": "jedmjcmddadejphppaligbfldbhamnih"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--52e00c87-67e2-4fcc-b80d-4fe844993269", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.532843Z", "modified": "2026-06-02T15:57:34.532843Z", "name": "Malicious Extension: ENOCRM | Gest\u00e3o de Leads no WhatsAPP", "description": "Malicious browser extension: ENOCRM | Gest\u00e3o de Leads no WhatsAPP (jeicljefnlpdoblklfdephbpihhjgphf) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jeicljefnlpdoblklfdephbpihhjgphf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.532805Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jeicljefnlpdoblklfdephbpihhjgphf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jeicljefnlpdoblklfdephbpihhjgphf", "external_id": "jeicljefnlpdoblklfdephbpihhjgphf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3cb32772-7656-4042-971c-6a4b5f195735", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.533833Z", "modified": "2026-06-02T15:57:34.533833Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jejifplcapdlbhjagfeginbledjpggod) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jejifplcapdlbhjagfeginbledjpggod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.533797Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jejifplcapdlbhjagfeginbledjpggod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jejifplcapdlbhjagfeginbledjpggod", "external_id": "jejifplcapdlbhjagfeginbledjpggod"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a8302d05-84f0-4034-8490-f9d53b856576", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.534972Z", "modified": "2026-06-02T15:57:34.534972Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jelgelidmodjpmohbapbghdgcpncahki) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jelgelidmodjpmohbapbghdgcpncahki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.534935Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jelgelidmodjpmohbapbghdgcpncahki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jelgelidmodjpmohbapbghdgcpncahki", "external_id": "jelgelidmodjpmohbapbghdgcpncahki"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--43c03bb1-d951-4fa4-ac5f-3beb1346478a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.535984Z", "modified": "2026-06-02T15:57:34.535984Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jeoigaeiibcpalnemoppabmfecmhfoda) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jeoigaeiibcpalnemoppabmfecmhfoda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.535946Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jeoigaeiibcpalnemoppabmfecmhfoda", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jeoigaeiibcpalnemoppabmfecmhfoda", "external_id": "jeoigaeiibcpalnemoppabmfecmhfoda"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a88f6e57-923b-465f-8318-95722a3d8a76", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.536972Z", "modified": "2026-06-02T15:57:34.536972Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jfaijficgmogbfdkiihojhjfildgppdf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jfaijficgmogbfdkiihojhjfildgppdf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.536935Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jfaijficgmogbfdkiihojhjfildgppdf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jfaijficgmogbfdkiihojhjfildgppdf", "external_id": "jfaijficgmogbfdkiihojhjfildgppdf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a13eecf3-ab5c-4f52-b374-0194403b180e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.538084Z", "modified": "2026-06-02T15:57:34.538084Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jfglacfdockpdpbfodkipgcjplgnojel) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jfglacfdockpdpbfodkipgcjplgnojel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.538047Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jfglacfdockpdpbfodkipgcjplgnojel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jfglacfdockpdpbfodkipgcjplgnojel", "external_id": "jfglacfdockpdpbfodkipgcjplgnojel"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fd0433e2-1444-4a7c-9a9a-e43b8010137a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.539092Z", "modified": "2026-06-02T15:57:34.539092Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jfjgodhodlbbmchladiboammimaonoea) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jfjgodhodlbbmchladiboammimaonoea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.539054Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jfjgodhodlbbmchladiboammimaonoea", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jfjgodhodlbbmchladiboammimaonoea", "external_id": "jfjgodhodlbbmchladiboammimaonoea"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a5836436-39ca-4f66-a77e-eddb9d657e66", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.540098Z", "modified": "2026-06-02T15:57:34.540098Z", "name": "Malicious Extension: Haikyuu Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Haikyuu Cursor \u2605 Custom Cursor for Chrome\u2122 (jfliobjbgdclhcjgpgimckaijlcbkmdk) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jfliobjbgdclhcjgpgimckaijlcbkmdk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.540059Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jfliobjbgdclhcjgpgimckaijlcbkmdk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jfliobjbgdclhcjgpgimckaijlcbkmdk", "external_id": "jfliobjbgdclhcjgpgimckaijlcbkmdk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--67f32c9c-b9ba-4c2c-a096-eddff67de666", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.5411Z", "modified": "2026-06-02T15:57:34.5411Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jfpipjgidnagjbmdfhogcoklclacgnhk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jfpipjgidnagjbmdfhogcoklclacgnhk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.541064Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jfpipjgidnagjbmdfhogcoklclacgnhk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jfpipjgidnagjbmdfhogcoklclacgnhk", "external_id": "jfpipjgidnagjbmdfhogcoklclacgnhk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e5378c93-94af-43f1-8776-a2fb4bf72344", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.542248Z", "modified": "2026-06-02T15:57:34.542248Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jgajjllfidghjkjfipmjbaegafkdpfha) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jgajjllfidghjkjfipmjbaegafkdpfha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.54221Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jgajjllfidghjkjfipmjbaegafkdpfha", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jgajjllfidghjkjfipmjbaegafkdpfha", "external_id": "jgajjllfidghjkjfipmjbaegafkdpfha"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5b674927-62ac-4cbe-9c21-a59964e8bf34", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.543286Z", "modified": "2026-06-02T15:57:34.543286Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jgjkbmccdkmjecomjfbnkgopgeaaikkc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jgjkbmccdkmjecomjfbnkgopgeaaikkc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.543248Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jgjkbmccdkmjecomjfbnkgopgeaaikkc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jgjkbmccdkmjecomjfbnkgopgeaaikkc", "external_id": "jgjkbmccdkmjecomjfbnkgopgeaaikkc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--87a14c50-5824-4cb6-9db9-7b2e915c5fb3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.544285Z", "modified": "2026-06-02T15:57:34.544285Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jglpailiijgdhnmgbjbjpcfeecjhjblp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jglpailiijgdhnmgbjbjpcfeecjhjblp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.544248Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jglpailiijgdhnmgbjbjpcfeecjhjblp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jglpailiijgdhnmgbjbjpcfeecjhjblp", "external_id": "jglpailiijgdhnmgbjbjpcfeecjhjblp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--845c7f10-89fc-41de-b4a9-3c4118baac63", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.545265Z", "modified": "2026-06-02T15:57:34.545265Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jgofflaejgklikbnoefbfmhfohlnockd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jgofflaejgklikbnoefbfmhfohlnockd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.545228Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jgofflaejgklikbnoefbfmhfohlnockd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jgofflaejgklikbnoefbfmhfohlnockd", "external_id": "jgofflaejgklikbnoefbfmhfohlnockd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2f93d150-0d2f-40da-847b-c70dea74909b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.546245Z", "modified": "2026-06-02T15:57:34.546245Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jhanhfphenjhghflpeldoiklkikkjbpb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jhanhfphenjhghflpeldoiklkikkjbpb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.546207Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jhanhfphenjhghflpeldoiklkikkjbpb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jhanhfphenjhghflpeldoiklkikkjbpb", "external_id": "jhanhfphenjhghflpeldoiklkikkjbpb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d16eed3a-ddee-4f74-a823-d347a5cf2249", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.547235Z", "modified": "2026-06-02T15:57:34.547235Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jhfipnjkdcnncppbfdplmikdhlppdepd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jhfipnjkdcnncppbfdplmikdhlppdepd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.547198Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jhfipnjkdcnncppbfdplmikdhlppdepd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jhfipnjkdcnncppbfdplmikdhlppdepd", "external_id": "jhfipnjkdcnncppbfdplmikdhlppdepd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e97befdd-095d-4980-92c0-5d06d71d3176", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.54824Z", "modified": "2026-06-02T15:57:34.54824Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jhgfinhjcamijjoikplacnfknpchndgb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jhgfinhjcamijjoikplacnfknpchndgb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.548202Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jhgfinhjcamijjoikplacnfknpchndgb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jhgfinhjcamijjoikplacnfknpchndgb", "external_id": "jhgfinhjcamijjoikplacnfknpchndgb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b6bfb479-b11b-4a1f-bcd4-f30e840419f9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.549369Z", "modified": "2026-06-02T15:57:34.549369Z", "name": "Malicious Extension: Chat AI for Chrome", "description": "Malicious browser extension: Chat AI for Chrome (jhhjbaicgmecddbaobeobkikgmfffaeg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jhhjbaicgmecddbaobeobkikgmfffaeg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.549333Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jhhjbaicgmecddbaobeobkikgmfffaeg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jhhjbaicgmecddbaobeobkikgmfffaeg", "external_id": "jhhjbaicgmecddbaobeobkikgmfffaeg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5be36b9d-585e-49af-b38c-d4bd01a7e138", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.550355Z", "modified": "2026-06-02T15:57:34.550355Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jhigofkbdbndeooldpdhmphldaglejlh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jhigofkbdbndeooldpdhmphldaglejlh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.550318Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jhigofkbdbndeooldpdhmphldaglejlh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jhigofkbdbndeooldpdhmphldaglejlh", "external_id": "jhigofkbdbndeooldpdhmphldaglejlh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--22a74f4f-6a23-4cd1-91ef-faf10140b08a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.551348Z", "modified": "2026-06-02T15:57:34.551348Z", "name": "Malicious Extension: Stacker - Falling Block", "description": "Malicious browser extension: Stacker - Falling Block (jhjomhjgolkejjhnglnammeflgedabbo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jhjomhjgolkejjhnglnammeflgedabbo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.551311Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jhjomhjgolkejjhnglnammeflgedabbo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jhjomhjgolkejjhnglnammeflgedabbo", "external_id": "jhjomhjgolkejjhnglnammeflgedabbo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--80685d9f-d86f-492f-8ea6-1e82a92c2d8d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.552327Z", "modified": "2026-06-02T15:57:34.552327Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jhohjhmbiakpgedidneeloaoloadlbdj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jhohjhmbiakpgedidneeloaoloadlbdj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.55229Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jhohjhmbiakpgedidneeloaoloadlbdj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jhohjhmbiakpgedidneeloaoloadlbdj", "external_id": "jhohjhmbiakpgedidneeloaoloadlbdj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f6bee44f-59b8-4480-b5c3-f231a5acd2d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.553431Z", "modified": "2026-06-02T15:57:34.553431Z", "name": "Malicious Extension: Dispar\u00f4/Wa - Disparo no WhatsApp, CRM, Automa\u00e7\u00f5es, Ferramentas para Venda", "description": "Malicious browser extension: Dispar\u00f4/Wa - Disparo no WhatsApp, CRM, Automa\u00e7\u00f5es, Ferramentas para Venda (jhokpeoaapahcoaigkfnienliabeaang) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jhokpeoaapahcoaigkfnienliabeaang']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.553383Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jhokpeoaapahcoaigkfnienliabeaang", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jhokpeoaapahcoaigkfnienliabeaang", "external_id": "jhokpeoaapahcoaigkfnienliabeaang"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9d82a888-bdcc-4111-bae0-ed0e31c0136f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.55449Z", "modified": "2026-06-02T15:57:34.55449Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jihipmfmicjjpbpmoceapfjmigmemfam) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jihipmfmicjjpbpmoceapfjmigmemfam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.554453Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jihipmfmicjjpbpmoceapfjmigmemfam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jihipmfmicjjpbpmoceapfjmigmemfam", "external_id": "jihipmfmicjjpbpmoceapfjmigmemfam"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--32d9f244-156a-4080-a447-8a698ba9c220", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.555503Z", "modified": "2026-06-02T15:57:34.555503Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jihpefgcigdagkkekbggjofiipgbgedo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jihpefgcigdagkkekbggjofiipgbgedo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.555466Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jihpefgcigdagkkekbggjofiipgbgedo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jihpefgcigdagkkekbggjofiipgbgedo", "external_id": "jihpefgcigdagkkekbggjofiipgbgedo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fdc77387-3cfc-47bc-b36b-caa3525c5c03", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.556671Z", "modified": "2026-06-02T15:57:34.556671Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jiiggekklbbojgfmdenimcdkmidnfofl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jiiggekklbbojgfmdenimcdkmidnfofl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.556633Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jiiggekklbbojgfmdenimcdkmidnfofl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jiiggekklbbojgfmdenimcdkmidnfofl", "external_id": "jiiggekklbbojgfmdenimcdkmidnfofl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--52ea8f2c-a793-487b-b1b9-8605abb8669b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.55767Z", "modified": "2026-06-02T15:57:34.55767Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jiopaphnoebconjcblfkljoedjlplhbd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jiopaphnoebconjcblfkljoedjlplhbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.557633Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jiopaphnoebconjcblfkljoedjlplhbd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jiopaphnoebconjcblfkljoedjlplhbd", "external_id": "jiopaphnoebconjcblfkljoedjlplhbd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c519f6ed-bce4-4807-b5a9-d6be1f3f77f7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.558658Z", "modified": "2026-06-02T15:57:34.558658Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jipclfaahkhinbelbojjblmbcpkaipko) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jipclfaahkhinbelbojjblmbcpkaipko']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.55862Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jipclfaahkhinbelbojjblmbcpkaipko", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jipclfaahkhinbelbojjblmbcpkaipko", "external_id": "jipclfaahkhinbelbojjblmbcpkaipko"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b78aed1d-8381-4612-8ca5-aa4be578446a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.559657Z", "modified": "2026-06-02T15:57:34.559657Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jjdhjfgoadphekgihokkigfghndfmffb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jjdhjfgoadphekgihokkigfghndfmffb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.559619Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jjdhjfgoadphekgihokkigfghndfmffb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jjdhjfgoadphekgihokkigfghndfmffb", "external_id": "jjdhjfgoadphekgihokkigfghndfmffb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--25b70e9c-77b1-4227-9701-0e3359488906", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.560649Z", "modified": "2026-06-02T15:57:34.560649Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jjijhajiibghbdnmbkeidhgkafliocja) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jjijhajiibghbdnmbkeidhgkafliocja']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.560612Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jjijhajiibghbdnmbkeidhgkafliocja", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jjijhajiibghbdnmbkeidhgkafliocja", "external_id": "jjijhajiibghbdnmbkeidhgkafliocja"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b4e93ab5-aa37-4c6f-9fb1-9dcc89b90cb3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.561641Z", "modified": "2026-06-02T15:57:34.561641Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jjnfhbcilcppomkcmkbbmcadoihkkgah) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jjnfhbcilcppomkcmkbbmcadoihkkgah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.561605Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jjnfhbcilcppomkcmkbbmcadoihkkgah", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jjnfhbcilcppomkcmkbbmcadoihkkgah", "external_id": "jjnfhbcilcppomkcmkbbmcadoihkkgah"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b7ad2fd8-4145-4cec-9ba5-5eef8ceeec5e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.562612Z", "modified": "2026-06-02T15:57:34.562612Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jkaafnmmjecejakfanneehifglpdpccp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jkaafnmmjecejakfanneehifglpdpccp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.562575Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jkaafnmmjecejakfanneehifglpdpccp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jkaafnmmjecejakfanneehifglpdpccp", "external_id": "jkaafnmmjecejakfanneehifglpdpccp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--211e1636-485a-4ac5-9e92-ee2cfcbc98e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.563795Z", "modified": "2026-06-02T15:57:34.563795Z", "name": "Malicious Extension: MERLIN BOT", "description": "Malicious browser extension: MERLIN BOT (jkblcpmoooocmdcfjojdecccejlkicap) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jkblcpmoooocmdcfjojdecccejlkicap']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.563757Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jkblcpmoooocmdcfjojdecccejlkicap", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jkblcpmoooocmdcfjojdecccejlkicap", "external_id": "jkblcpmoooocmdcfjojdecccejlkicap"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dc62c94f-eeba-4a04-9979-27b0092fb525", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.564804Z", "modified": "2026-06-02T15:57:34.564804Z", "name": "Malicious Extension: InterZap", "description": "Malicious browser extension: InterZap (jkeogjcccehfccanacclmckcdgepkifo) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jkeogjcccehfccanacclmckcdgepkifo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.564766Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jkeogjcccehfccanacclmckcdgepkifo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jkeogjcccehfccanacclmckcdgepkifo", "external_id": "jkeogjcccehfccanacclmckcdgepkifo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9c6fa002-7701-4cd3-967b-3850e3bc5dfb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.565798Z", "modified": "2026-06-02T15:57:34.565798Z", "name": "Malicious Extension: Lunabot - AI on any webpages", "description": "Malicious browser extension: Lunabot - AI on any webpages (jkeolmadidncndcbnajhaojepbolajag) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=112). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jkeolmadidncndcbnajhaojepbolajag']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.56576Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jkeolmadidncndcbnajhaojepbolajag", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jkeolmadidncndcbnajhaojepbolajag", "external_id": "jkeolmadidncndcbnajhaojepbolajag"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d6819ffc-900c-46a4-8309-231effdaf560", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.566798Z", "modified": "2026-06-02T15:57:34.566798Z", "name": "Malicious Extension: RED Chat CRM", "description": "Malicious browser extension: RED Chat CRM (jkflhidejcmhenikpjhidoofogahicjp) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jkflhidejcmhenikpjhidoofogahicjp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.566755Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:jkflhidejcmhenikpjhidoofogahicjp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jkflhidejcmhenikpjhidoofogahicjp", "external_id": "jkflhidejcmhenikpjhidoofogahicjp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--03dd3212-b51a-4559-9ba6-25b292378b61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.5678Z", "modified": "2026-06-02T15:57:34.5678Z", "name": "Malicious Extension: Netflix Picture in Picture now for Prime & D+ [QVI]", "description": "Malicious browser extension: Netflix Picture in Picture now for Prime & D+ [QVI] (jkmakgpojigahjdalffbkimpnpabelio) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=62). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jkmakgpojigahjdalffbkimpnpabelio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.567757Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jkmakgpojigahjdalffbkimpnpabelio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jkmakgpojigahjdalffbkimpnpabelio", "external_id": "jkmakgpojigahjdalffbkimpnpabelio"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bef44c6e-aec3-4313-be71-c943ff67b846", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.568782Z", "modified": "2026-06-02T15:57:34.568782Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jkphinfhmfkckkcnifhjiplhfoiefffl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jkphinfhmfkckkcnifhjiplhfoiefffl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.568745Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jkphinfhmfkckkcnifhjiplhfoiefffl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jkphinfhmfkckkcnifhjiplhfoiefffl", "external_id": "jkphinfhmfkckkcnifhjiplhfoiefffl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--acc39b54-5525-4638-8599-f59aeba7483f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.56976Z", "modified": "2026-06-02T15:57:34.56976Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jkpmldmclchiccdelednphcmkcaoechb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jkpmldmclchiccdelednphcmkcaoechb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.569723Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jkpmldmclchiccdelednphcmkcaoechb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jkpmldmclchiccdelednphcmkcaoechb", "external_id": "jkpmldmclchiccdelednphcmkcaoechb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eed4ab24-021c-4cdb-bd48-d9db714e9c41", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.570894Z", "modified": "2026-06-02T15:57:34.570894Z", "name": "Malicious Extension: AI Toolbox: Folders, Prompts, Advanced Search & Export for AI Chats", "description": "Malicious browser extension: AI Toolbox: Folders, Prompts, Advanced Search & Export for AI Chats (jlalnhjkfiogoeonamcnngdndjbneina) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=92). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jlalnhjkfiogoeonamcnngdndjbneina']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.570857Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jlalnhjkfiogoeonamcnngdndjbneina", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jlalnhjkfiogoeonamcnngdndjbneina", "external_id": "jlalnhjkfiogoeonamcnngdndjbneina"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3088e185-5d00-4f70-85ee-e495d46e6a73", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.571892Z", "modified": "2026-06-02T15:57:34.571892Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jlcfpljmkpplfckldccmccihcpamelki) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jlcfpljmkpplfckldccmccihcpamelki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.571856Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jlcfpljmkpplfckldccmccihcpamelki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jlcfpljmkpplfckldccmccihcpamelki", "external_id": "jlcfpljmkpplfckldccmccihcpamelki"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5961838f-c40a-4160-b0c7-320b260d3b0f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.572883Z", "modified": "2026-06-02T15:57:34.572883Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jleoggokcekdenochinmpenphepdnkem) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jleoggokcekdenochinmpenphepdnkem']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.572846Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jleoggokcekdenochinmpenphepdnkem", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jleoggokcekdenochinmpenphepdnkem", "external_id": "jleoggokcekdenochinmpenphepdnkem"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--02a0c099-543c-46dc-8995-a7d1d1924078", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.573858Z", "modified": "2026-06-02T15:57:34.573858Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jleonlfcaijhkgejhhjfjinedgficgaj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jleonlfcaijhkgejhhjfjinedgficgaj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.573821Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jleonlfcaijhkgejhhjfjinedgficgaj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jleonlfcaijhkgejhhjfjinedgficgaj", "external_id": "jleonlfcaijhkgejhhjfjinedgficgaj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cea3563e-7b63-4873-8a8e-314a69abf27a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.574866Z", "modified": "2026-06-02T15:57:34.574866Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jljejbnelnechodgbdnomodaliifgaek) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jljejbnelnechodgbdnomodaliifgaek']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.574828Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jljejbnelnechodgbdnomodaliifgaek", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jljejbnelnechodgbdnomodaliifgaek", "external_id": "jljejbnelnechodgbdnomodaliifgaek"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7f113964-160d-4429-9be4-7e61b7a7ae87", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.575864Z", "modified": "2026-06-02T15:57:34.575864Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jlkbobmppgphpgcnabncnianglgmglkk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jlkbobmppgphpgcnabncnianglgmglkk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.575828Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jlkbobmppgphpgcnabncnianglgmglkk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jlkbobmppgphpgcnabncnianglgmglkk", "external_id": "jlkbobmppgphpgcnabncnianglgmglkk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5697a487-6f6f-444c-b3d8-ac0b39890921", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.576849Z", "modified": "2026-06-02T15:57:34.576849Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jllebjcjaeddkfhohacafldffhbdpedp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jllebjcjaeddkfhohacafldffhbdpedp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.576812Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jllebjcjaeddkfhohacafldffhbdpedp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jllebjcjaeddkfhohacafldffhbdpedp", "external_id": "jllebjcjaeddkfhohacafldffhbdpedp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6d3a1054-8ea6-4065-bc61-46a37db02701", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.577978Z", "modified": "2026-06-02T15:57:34.577978Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jlolcgbicggpnaaljnflepfmnaaceeln) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jlolcgbicggpnaaljnflepfmnaaceeln']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.577941Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jlolcgbicggpnaaljnflepfmnaaceeln", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jlolcgbicggpnaaljnflepfmnaaceeln", "external_id": "jlolcgbicggpnaaljnflepfmnaaceeln"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5a8eda36-9346-487e-8359-917b64b457f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.578967Z", "modified": "2026-06-02T15:57:34.578967Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jlpchojjamcikhgmedobmfodcefjmccn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jlpchojjamcikhgmedobmfodcefjmccn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.57893Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jlpchojjamcikhgmedobmfodcefjmccn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jlpchojjamcikhgmedobmfodcefjmccn", "external_id": "jlpchojjamcikhgmedobmfodcefjmccn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f9766a20-6acc-44d5-85de-31527925268b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.579961Z", "modified": "2026-06-02T15:57:34.579961Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jmbegcegjknachdgnichfcnjilebcojn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jmbegcegjknachdgnichfcnjilebcojn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.579918Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jmbegcegjknachdgnichfcnjilebcojn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jmbegcegjknachdgnichfcnjilebcojn", "external_id": "jmbegcegjknachdgnichfcnjilebcojn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--39222f89-9cef-41e3-a34d-51ac92eb26c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.580946Z", "modified": "2026-06-02T15:57:34.580946Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jmklaacdggogjblaiofpikjjhblhicop) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jmklaacdggogjblaiofpikjjhblhicop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.580907Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jmklaacdggogjblaiofpikjjhblhicop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jmklaacdggogjblaiofpikjjhblhicop", "external_id": "jmklaacdggogjblaiofpikjjhblhicop"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5675558e-71d6-46a4-ba14-8693b5ba266a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.581927Z", "modified": "2026-06-02T15:57:34.581927Z", "name": "Malicious Extension: AliExpress Deals Countdown - Flash Sale Timer", "description": "Malicious browser extension: AliExpress Deals Countdown - Flash Sale Timer (jmlgkeaofknfmnbpmlmadnfnfajdlehn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jmlgkeaofknfmnbpmlmadnfnfajdlehn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.58189Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jmlgkeaofknfmnbpmlmadnfnfajdlehn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jmlgkeaofknfmnbpmlmadnfnfajdlehn", "external_id": "jmlgkeaofknfmnbpmlmadnfnfajdlehn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a8e83ce4-79a1-424b-9f74-a9b74939287d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.582902Z", "modified": "2026-06-02T15:57:34.582902Z", "name": "Malicious Extension: DeepSeek AI Chat", "description": "Malicious browser extension: DeepSeek AI Chat (jmpcodajbcpgkebjipbmjdoboehfiddd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jmpcodajbcpgkebjipbmjdoboehfiddd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.582865Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jmpcodajbcpgkebjipbmjdoboehfiddd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jmpcodajbcpgkebjipbmjdoboehfiddd", "external_id": "jmpcodajbcpgkebjipbmjdoboehfiddd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2eae5690-94fb-4385-aede-567400859b04", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.583888Z", "modified": "2026-06-02T15:57:34.583888Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jndboabnjeeeepiipnmjnpcbgjpffikm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jndboabnjeeeepiipnmjnpcbgjpffikm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.583851Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jndboabnjeeeepiipnmjnpcbgjpffikm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jndboabnjeeeepiipnmjnpcbgjpffikm", "external_id": "jndboabnjeeeepiipnmjnpcbgjpffikm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1234fd80-2369-4cca-86d0-622441a79dcc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.585028Z", "modified": "2026-06-02T15:57:34.585028Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jndldoeopjgmpakgmieaeeelhnjnfgkj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jndldoeopjgmpakgmieaeeelhnjnfgkj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.58499Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jndldoeopjgmpakgmieaeeelhnjnfgkj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jndldoeopjgmpakgmieaeeelhnjnfgkj", "external_id": "jndldoeopjgmpakgmieaeeelhnjnfgkj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d499cabe-0be1-42bc-84d2-dcf72631487e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.586023Z", "modified": "2026-06-02T15:57:34.586023Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jndpihobigkijmhfcedncpbebnjficad) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jndpihobigkijmhfcedncpbebnjficad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.585987Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jndpihobigkijmhfcedncpbebnjficad", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jndpihobigkijmhfcedncpbebnjficad", "external_id": "jndpihobigkijmhfcedncpbebnjficad"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--95272097-0bdd-4fb8-b51b-9a63680e344f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.587014Z", "modified": "2026-06-02T15:57:34.587014Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jnjdjeepcbenfebncaemmboeplmdccaj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jnjdjeepcbenfebncaemmboeplmdccaj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.586977Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jnjdjeepcbenfebncaemmboeplmdccaj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jnjdjeepcbenfebncaemmboeplmdccaj", "external_id": "jnjdjeepcbenfebncaemmboeplmdccaj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9aebdefc-3928-490f-9e83-8fa31977fd9f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.588043Z", "modified": "2026-06-02T15:57:34.588043Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jnkmepoonohhfijlbajdphhinhkoefjn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jnkmepoonohhfijlbajdphhinhkoefjn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.588005Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jnkmepoonohhfijlbajdphhinhkoefjn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jnkmepoonohhfijlbajdphhinhkoefjn", "external_id": "jnkmepoonohhfijlbajdphhinhkoefjn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--23ca490a-562b-45eb-a254-5a98d2425c57", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.589027Z", "modified": "2026-06-02T15:57:34.589027Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (joaobbbiagpjnhgbppfdjcbeabbbjokm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/joaobbbiagpjnhgbppfdjcbeabbbjokm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.58899Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:joaobbbiagpjnhgbppfdjcbeabbbjokm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/joaobbbiagpjnhgbppfdjcbeabbbjokm", "external_id": "joaobbbiagpjnhgbppfdjcbeabbbjokm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--17ca0968-59a6-4ea2-b594-8185f9a1f43e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.590011Z", "modified": "2026-06-02T15:57:34.590011Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jobfmpppoaapbjmgbejgdfkigomnjihe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jobfmpppoaapbjmgbejgdfkigomnjihe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.589975Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jobfmpppoaapbjmgbejgdfkigomnjihe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jobfmpppoaapbjmgbejgdfkigomnjihe", "external_id": "jobfmpppoaapbjmgbejgdfkigomnjihe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6f06cab4-71e1-4376-8030-0a8923a3080d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.591Z", "modified": "2026-06-02T15:57:34.591Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jocnjcakendmllafpmjailfnlndaaklf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jocnjcakendmllafpmjailfnlndaaklf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.590963Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jocnjcakendmllafpmjailfnlndaaklf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jocnjcakendmllafpmjailfnlndaaklf", "external_id": "jocnjcakendmllafpmjailfnlndaaklf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--169dc5b2-87a8-4f79-9fc2-7450172c4e57", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.592176Z", "modified": "2026-06-02T15:57:34.592176Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jodgpofgbnifpjpikmagibgcfiipkgkb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jodgpofgbnifpjpikmagibgcfiipkgkb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.592139Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jodgpofgbnifpjpikmagibgcfiipkgkb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jodgpofgbnifpjpikmagibgcfiipkgkb", "external_id": "jodgpofgbnifpjpikmagibgcfiipkgkb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--68f8486b-7f1c-49ce-b085-ee83a1e00ca7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.593171Z", "modified": "2026-06-02T15:57:34.593171Z", "name": "Malicious Extension: Amazon Stock Checker & 999 Trick", "description": "Malicious browser extension: Amazon Stock Checker & 999 Trick (johobikccpnmifjjpephegmfpipfbfme) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/johobikccpnmifjjpephegmfpipfbfme']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.593134Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:johobikccpnmifjjpephegmfpipfbfme", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/johobikccpnmifjjpephegmfpipfbfme", "external_id": "johobikccpnmifjjpephegmfpipfbfme"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--66bd7d1e-ac26-4e8a-a739-a41f4e10044a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.59416Z", "modified": "2026-06-02T15:57:34.59416Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jooiimddfkjoomennmpjabdbbpdocjng) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jooiimddfkjoomennmpjabdbbpdocjng']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.594122Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jooiimddfkjoomennmpjabdbbpdocjng", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jooiimddfkjoomennmpjabdbbpdocjng", "external_id": "jooiimddfkjoomennmpjabdbbpdocjng"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c0b72120-9616-448a-a08d-58614c2fe5eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.595155Z", "modified": "2026-06-02T15:57:34.595155Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jpdhdeabikbmklmacididiaifpcploif) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jpdhdeabikbmklmacididiaifpcploif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.595116Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jpdhdeabikbmklmacididiaifpcploif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jpdhdeabikbmklmacididiaifpcploif", "external_id": "jpdhdeabikbmklmacididiaifpcploif"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aea335e5-c6ac-491b-9dd1-8ad8bcc2bb26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.596136Z", "modified": "2026-06-02T15:57:34.596136Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jplifhpepfnogkdnmimaoembccjpepmb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jplifhpepfnogkdnmimaoembccjpepmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.596099Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jplifhpepfnogkdnmimaoembccjpepmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jplifhpepfnogkdnmimaoembccjpepmb", "external_id": "jplifhpepfnogkdnmimaoembccjpepmb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de721d9f-fa3d-48d1-b38b-fdad00c168b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.59712Z", "modified": "2026-06-02T15:57:34.59712Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jpoofbjomdefajdjcimmaoildecebkjc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jpoofbjomdefajdjcimmaoildecebkjc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.597082Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jpoofbjomdefajdjcimmaoildecebkjc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jpoofbjomdefajdjcimmaoildecebkjc", "external_id": "jpoofbjomdefajdjcimmaoildecebkjc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a239c7f8-376e-4af7-b791-0d3ee295591a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.598111Z", "modified": "2026-06-02T15:57:34.598111Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kabbfhmcaaodobkfbnnehopcghicgffo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kabbfhmcaaodobkfbnnehopcghicgffo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.598074Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kabbfhmcaaodobkfbnnehopcghicgffo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kabbfhmcaaodobkfbnnehopcghicgffo", "external_id": "kabbfhmcaaodobkfbnnehopcghicgffo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--12f383e4-f477-41d5-b5d6-f21877208037", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.599258Z", "modified": "2026-06-02T15:57:34.599258Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kadlpmlnemnmcbpginfbbakompmgiahj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kadlpmlnemnmcbpginfbbakompmgiahj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.59922Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kadlpmlnemnmcbpginfbbakompmgiahj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kadlpmlnemnmcbpginfbbakompmgiahj", "external_id": "kadlpmlnemnmcbpginfbbakompmgiahj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de0a09dc-0036-4dfc-b29c-f21bd0942809", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.600242Z", "modified": "2026-06-02T15:57:34.600242Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kahhommiipafgepbkjpajpmdchjpclml) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kahhommiipafgepbkjpajpmdchjpclml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.600206Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kahhommiipafgepbkjpajpmdchjpclml", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kahhommiipafgepbkjpajpmdchjpclml", "external_id": "kahhommiipafgepbkjpajpmdchjpclml"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cfff751d-7ab9-4a36-89eb-0b2bc95ae6aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.601227Z", "modified": "2026-06-02T15:57:34.601227Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kakbikilhofblljdlmnncmicnjhcndmk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kakbikilhofblljdlmnncmicnjhcndmk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.601189Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kakbikilhofblljdlmnncmicnjhcndmk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kakbikilhofblljdlmnncmicnjhcndmk", "external_id": "kakbikilhofblljdlmnncmicnjhcndmk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5c102609-a8b9-4ef8-9f45-e6bea3442a7d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.602201Z", "modified": "2026-06-02T15:57:34.602201Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kbaofbaehfbehifbkhplkifihabcicoi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kbaofbaehfbehifbkhplkifihabcicoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.602164Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kbaofbaehfbehifbkhplkifihabcicoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kbaofbaehfbehifbkhplkifihabcicoi", "external_id": "kbaofbaehfbehifbkhplkifihabcicoi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c46f003d-580b-4e66-89b9-0b216ecbb0a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.603191Z", "modified": "2026-06-02T15:57:34.603191Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kbhhacnmeeljkelinngfddddmgnpfagc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kbhhacnmeeljkelinngfddddmgnpfagc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.603153Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kbhhacnmeeljkelinngfddddmgnpfagc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kbhhacnmeeljkelinngfddddmgnpfagc", "external_id": "kbhhacnmeeljkelinngfddddmgnpfagc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9f2cdeec-8c0e-4cff-83a6-2f072dc4f8f7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.604174Z", "modified": "2026-06-02T15:57:34.604174Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kbifpojhlkdoidmndacedmkbjopeekgl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kbifpojhlkdoidmndacedmkbjopeekgl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.604138Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kbifpojhlkdoidmndacedmkbjopeekgl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kbifpojhlkdoidmndacedmkbjopeekgl", "external_id": "kbifpojhlkdoidmndacedmkbjopeekgl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e8b33051-f93f-4f10-bbe2-edb0405fdd78", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.605148Z", "modified": "2026-06-02T15:57:34.605148Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kbkajekcpifoekenleplhefobiponkmp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kbkajekcpifoekenleplhefobiponkmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.605111Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kbkajekcpifoekenleplhefobiponkmp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kbkajekcpifoekenleplhefobiponkmp", "external_id": "kbkajekcpifoekenleplhefobiponkmp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3d3c5788-3447-4606-8c25-ecc0fafe414f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.606309Z", "modified": "2026-06-02T15:57:34.606309Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kblengdlefjpjkekanpoidgoghdngdgl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kblengdlefjpjkekanpoidgoghdngdgl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.606268Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kblengdlefjpjkekanpoidgoghdngdgl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kblengdlefjpjkekanpoidgoghdngdgl", "external_id": "kblengdlefjpjkekanpoidgoghdngdgl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fc11791f-b64b-4491-ba58-6e95f7bb0fcf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.607322Z", "modified": "2026-06-02T15:57:34.607322Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kcbmdejmlcdjmfdiaepfblnocimhlnfm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kcbmdejmlcdjmfdiaepfblnocimhlnfm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.607285Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kcbmdejmlcdjmfdiaepfblnocimhlnfm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kcbmdejmlcdjmfdiaepfblnocimhlnfm", "external_id": "kcbmdejmlcdjmfdiaepfblnocimhlnfm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--198dc93e-5e27-41cb-a388-8def99d33455", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.608311Z", "modified": "2026-06-02T15:57:34.608311Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kckhadoijmchkeomaphocmobgpgmbnek) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kckhadoijmchkeomaphocmobgpgmbnek']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.608274Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kckhadoijmchkeomaphocmobgpgmbnek", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kckhadoijmchkeomaphocmobgpgmbnek", "external_id": "kckhadoijmchkeomaphocmobgpgmbnek"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8c31dcdc-b3ba-4068-8c94-053b5048191a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.609298Z", "modified": "2026-06-02T15:57:34.609298Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kconabncdpbdoapacohccnlgemnnghbp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kconabncdpbdoapacohccnlgemnnghbp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.609261Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kconabncdpbdoapacohccnlgemnnghbp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kconabncdpbdoapacohccnlgemnnghbp", "external_id": "kconabncdpbdoapacohccnlgemnnghbp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4161e8c5-61b3-43e5-a2e1-1d2c02826c1b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.610277Z", "modified": "2026-06-02T15:57:34.610277Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kcpegmldgjanlbchfbjiohlmaahblilj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kcpegmldgjanlbchfbjiohlmaahblilj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.61024Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kcpegmldgjanlbchfbjiohlmaahblilj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kcpegmldgjanlbchfbjiohlmaahblilj", "external_id": "kcpegmldgjanlbchfbjiohlmaahblilj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--42e2c6c4-0536-4293-bfb6-01e465f24611", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.611268Z", "modified": "2026-06-02T15:57:34.611268Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kcpkoopmfjhdpgjohcbgkbjpmbjmhgoi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kcpkoopmfjhdpgjohcbgkbjpmbjmhgoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.611229Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kcpkoopmfjhdpgjohcbgkbjpmbjmhgoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kcpkoopmfjhdpgjohcbgkbjpmbjmhgoi", "external_id": "kcpkoopmfjhdpgjohcbgkbjpmbjmhgoi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aa2bd075-6b8c-4973-97d4-114f9d023b09", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.612263Z", "modified": "2026-06-02T15:57:34.612263Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kdenlnncndfnhkognokgfpabgkgehodd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kdenlnncndfnhkognokgfpabgkgehodd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.612225Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kdenlnncndfnhkognokgfpabgkgehodd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kdenlnncndfnhkognokgfpabgkgehodd", "external_id": "kdenlnncndfnhkognokgfpabgkgehodd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0ec7473b-31e8-47c7-a3a4-867e2a0afa9e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.6142Z", "modified": "2026-06-02T15:57:34.6142Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kdgiododfaoegcmimpefnhdjcmbepchk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kdgiododfaoegcmimpefnhdjcmbepchk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.614162Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kdgiododfaoegcmimpefnhdjcmbepchk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kdgiododfaoegcmimpefnhdjcmbepchk", "external_id": "kdgiododfaoegcmimpefnhdjcmbepchk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--95ad1be9-8506-4847-b517-a2b6c90ce2e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.615267Z", "modified": "2026-06-02T15:57:34.615267Z", "name": "Malicious Extension: DiyTab - \u56fe\u7247\u4e0b\u8f7d\u5668", "description": "Malicious browser extension: DiyTab - \u56fe\u7247\u4e0b\u8f7d\u5668 (kdgjiakonpbfmndaacfhamdoangincgp) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=62). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kdgjiakonpbfmndaacfhamdoangincgp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.61523Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kdgjiakonpbfmndaacfhamdoangincgp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kdgjiakonpbfmndaacfhamdoangincgp", "external_id": "kdgjiakonpbfmndaacfhamdoangincgp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--78e73785-1a75-4036-8068-34b880a9315d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.616284Z", "modified": "2026-06-02T15:57:34.616284Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kdmcdkanhnbdcmadgljmhdimdlfpgple) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kdmcdkanhnbdcmadgljmhdimdlfpgple']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.616247Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kdmcdkanhnbdcmadgljmhdimdlfpgple", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kdmcdkanhnbdcmadgljmhdimdlfpgple", "external_id": "kdmcdkanhnbdcmadgljmhdimdlfpgple"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--84a1cb85-e946-4fe1-90c0-df247d54e6d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.617263Z", "modified": "2026-06-02T15:57:34.617263Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kdnhehemkjcjffngpngfopegdfabiiin) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kdnhehemkjcjffngpngfopegdfabiiin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.617227Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kdnhehemkjcjffngpngfopegdfabiiin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kdnhehemkjcjffngpngfopegdfabiiin", "external_id": "kdnhehemkjcjffngpngfopegdfabiiin"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0cc5042d-f192-4223-a442-4e13b6751dcc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.618248Z", "modified": "2026-06-02T15:57:34.618248Z", "name": "Malicious Extension: Squid Game Cursor - Custom Korean Drama Cursor for Chrome", "description": "Malicious browser extension: Squid Game Cursor - Custom Korean Drama Cursor for Chrome (kdnnogfmhpppncphlnecbdhoggpmbkci) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kdnnogfmhpppncphlnecbdhoggpmbkci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.61821Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kdnnogfmhpppncphlnecbdhoggpmbkci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kdnnogfmhpppncphlnecbdhoggpmbkci", "external_id": "kdnnogfmhpppncphlnecbdhoggpmbkci"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--af8785e2-b0d9-4d38-8586-44f060af9307", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.619239Z", "modified": "2026-06-02T15:57:34.619239Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (keeocmalfanaeglbdieodbbpoplbklnb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/keeocmalfanaeglbdieodbbpoplbklnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.619202Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:keeocmalfanaeglbdieodbbpoplbklnb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/keeocmalfanaeglbdieodbbpoplbklnb", "external_id": "keeocmalfanaeglbdieodbbpoplbklnb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f1382fcc-3e92-43bc-8d61-060fc0d4ee61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.620218Z", "modified": "2026-06-02T15:57:34.620218Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kefnabicobeigajdngijnnjmljehknjl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kefnabicobeigajdngijnnjmljehknjl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.620181Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kefnabicobeigajdngijnnjmljehknjl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kefnabicobeigajdngijnnjmljehknjl", "external_id": "kefnabicobeigajdngijnnjmljehknjl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--61de0beb-afd0-4275-9640-24f59d7d8d23", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.621368Z", "modified": "2026-06-02T15:57:34.621368Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kejmegpogpgcjfnckebjadimhnnbfmlg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kejmegpogpgcjfnckebjadimhnnbfmlg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.621331Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kejmegpogpgcjfnckebjadimhnnbfmlg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kejmegpogpgcjfnckebjadimhnnbfmlg", "external_id": "kejmegpogpgcjfnckebjadimhnnbfmlg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--59ed22ae-29b5-4344-9905-d8a4f4c1ea26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.622368Z", "modified": "2026-06-02T15:57:34.622368Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kekfchafjbmmbdecfepbinjoiceidele) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kekfchafjbmmbdecfepbinjoiceidele']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.62233Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kekfchafjbmmbdecfepbinjoiceidele", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kekfchafjbmmbdecfepbinjoiceidele", "external_id": "kekfchafjbmmbdecfepbinjoiceidele"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2ec8b951-2476-423a-9544-0a20c912e842", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.623364Z", "modified": "2026-06-02T15:57:34.623364Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kepibgehhljlecgaeihhnmibnmikbnga) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kepibgehhljlecgaeihhnmibnmikbnga']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.623327Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kepibgehhljlecgaeihhnmibnmikbnga", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kepibgehhljlecgaeihhnmibnmikbnga", "external_id": "kepibgehhljlecgaeihhnmibnmikbnga"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--891a0b8b-8fe7-4e5f-b921-d1869206c864", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.624351Z", "modified": "2026-06-02T15:57:34.624351Z", "name": "Malicious Extension: Become Waifu", "description": "Malicious browser extension: Become Waifu (kfdopiiledmclnopmihkclnfgdiggjna) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=62). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kfdopiiledmclnopmihkclnfgdiggjna']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.624315Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kfdopiiledmclnopmihkclnfgdiggjna", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kfdopiiledmclnopmihkclnfgdiggjna", "external_id": "kfdopiiledmclnopmihkclnfgdiggjna"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3ee34333-c9ff-48ce-90fa-d077b1c88685", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.625344Z", "modified": "2026-06-02T15:57:34.625344Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kfemlcmefehdnnnfjplhckdndgaglnhc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kfemlcmefehdnnnfjplhckdndgaglnhc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.625307Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kfemlcmefehdnnnfjplhckdndgaglnhc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kfemlcmefehdnnnfjplhckdndgaglnhc", "external_id": "kfemlcmefehdnnnfjplhckdndgaglnhc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3567cffc-e9d6-4ab0-9e74-b180dd82b2df", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.626324Z", "modified": "2026-06-02T15:57:34.626324Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kfihpeckbnofhbnaeeoilcokaaphpcfa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kfihpeckbnofhbnaeeoilcokaaphpcfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.626286Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kfihpeckbnofhbnaeeoilcokaaphpcfa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kfihpeckbnofhbnaeeoilcokaaphpcfa", "external_id": "kfihpeckbnofhbnaeeoilcokaaphpcfa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f1ab7f62-697a-4489-ad13-ef4b453e951a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.627322Z", "modified": "2026-06-02T15:57:34.627322Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kfkcgdiimmaafjbljhbjejocjignnajn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kfkcgdiimmaafjbljhbjejocjignnajn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.627285Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kfkcgdiimmaafjbljhbjejocjignnajn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kfkcgdiimmaafjbljhbjejocjignnajn", "external_id": "kfkcgdiimmaafjbljhbjejocjignnajn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7fd88a4e-f366-4a72-90bb-0c92eb595396", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.628467Z", "modified": "2026-06-02T15:57:34.628467Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kfnneegkdeoepbhcgbgofeegbjokkjcn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kfnneegkdeoepbhcgbgofeegbjokkjcn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.62843Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kfnneegkdeoepbhcgbgofeegbjokkjcn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kfnneegkdeoepbhcgbgofeegbjokkjcn", "external_id": "kfnneegkdeoepbhcgbgofeegbjokkjcn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--47a4467e-611d-49fc-b9dd-1e0301edc774", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.629462Z", "modified": "2026-06-02T15:57:34.629462Z", "name": "Malicious Extension: Country Flags Cursor - Custom Flag Cursor for Chrome", "description": "Malicious browser extension: Country Flags Cursor - Custom Flag Cursor for Chrome (kfnphajojmcoapplfnocpegelkfjndom) Pixatab new tab hijacking cluster. Content scripts on all URLs, connects to pixatab[.]xyz/constructor/ for new tab replacement. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kfnphajojmcoapplfnocpegelkfjndom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.629424Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kfnphajojmcoapplfnocpegelkfjndom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kfnphajojmcoapplfnocpegelkfjndom", "external_id": "kfnphajojmcoapplfnocpegelkfjndom"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e00d05c3-5943-464f-9428-542e280c77aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.630443Z", "modified": "2026-06-02T15:57:34.630443Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kfoikllhonpipanjikhgieigdncdhpip) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kfoikllhonpipanjikhgieigdncdhpip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.630405Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kfoikllhonpipanjikhgieigdncdhpip", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kfoikllhonpipanjikhgieigdncdhpip", "external_id": "kfoikllhonpipanjikhgieigdncdhpip"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a2357c92-1168-4777-8705-0a7daa58bcaf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.631436Z", "modified": "2026-06-02T15:57:34.631436Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kfokdmfpdnokpmpbjhjbcabgligoelgp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kfokdmfpdnokpmpbjhjbcabgligoelgp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.631399Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kfokdmfpdnokpmpbjhjbcabgligoelgp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kfokdmfpdnokpmpbjhjbcabgligoelgp", "external_id": "kfokdmfpdnokpmpbjhjbcabgligoelgp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fbf295d4-af3a-40eb-b2a7-6aca53ee3fc7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.632419Z", "modified": "2026-06-02T15:57:34.632419Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kgaejbfladhjcnemijfijpppgglhojok) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kgaejbfladhjcnemijfijpppgglhojok']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.632381Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kgaejbfladhjcnemijfijpppgglhojok", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kgaejbfladhjcnemijfijpppgglhojok", "external_id": "kgaejbfladhjcnemijfijpppgglhojok"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--605cfee1-6094-4ebc-b26e-ec027431ff8d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.633398Z", "modified": "2026-06-02T15:57:34.633398Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kgdjeaonamhfooejllllfpeappcgfpod) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kgdjeaonamhfooejllllfpeappcgfpod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.633361Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kgdjeaonamhfooejllllfpeappcgfpod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kgdjeaonamhfooejllllfpeappcgfpod", "external_id": "kgdjeaonamhfooejllllfpeappcgfpod"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b90b1b72-bcef-44af-a29a-9544b9f3af35", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.634409Z", "modified": "2026-06-02T15:57:34.634409Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kgenlgjkglpmbiocphbgnmknalmfacei) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kgenlgjkglpmbiocphbgnmknalmfacei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.634372Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kgenlgjkglpmbiocphbgnmknalmfacei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kgenlgjkglpmbiocphbgnmknalmfacei", "external_id": "kgenlgjkglpmbiocphbgnmknalmfacei"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--01db3bad-558c-4e84-8482-5cd100ef005e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.635552Z", "modified": "2026-06-02T15:57:34.635552Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kghabofklgjfnipgkjadlogcjbebkeid) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kghabofklgjfnipgkjadlogcjbebkeid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.635516Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kghabofklgjfnipgkjadlogcjbebkeid", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kghabofklgjfnipgkjadlogcjbebkeid", "external_id": "kghabofklgjfnipgkjadlogcjbebkeid"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e6079f1c-1c33-4965-90ba-48ff45db7a15", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.636547Z", "modified": "2026-06-02T15:57:34.636547Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kgmlodoegkmpfkbepkfhgeldidodgohd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kgmlodoegkmpfkbepkfhgeldidodgohd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.63651Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kgmlodoegkmpfkbepkfhgeldidodgohd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kgmlodoegkmpfkbepkfhgeldidodgohd", "external_id": "kgmlodoegkmpfkbepkfhgeldidodgohd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--714c04f6-85f3-47ad-b833-618b19d29e86", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.637527Z", "modified": "2026-06-02T15:57:34.637527Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kgobkoboekohldheakllmiildfkgbbme) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kgobkoboekohldheakllmiildfkgbbme']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.63749Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kgobkoboekohldheakllmiildfkgbbme", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kgobkoboekohldheakllmiildfkgbbme", "external_id": "kgobkoboekohldheakllmiildfkgbbme"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--79aff396-63cb-4ea0-b6ee-b2ad3f43d49c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.638503Z", "modified": "2026-06-02T15:57:34.638503Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (khbegeannolbigamjahgggfpnaacbbmb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/khbegeannolbigamjahgggfpnaacbbmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.638466Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:khbegeannolbigamjahgggfpnaacbbmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/khbegeannolbigamjahgggfpnaacbbmb", "external_id": "khbegeannolbigamjahgggfpnaacbbmb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5c84a1ce-5be1-4090-89c9-f0ad6757c451", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.639487Z", "modified": "2026-06-02T15:57:34.639487Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (khbhbpogabkcfkbjmpenbejldoeciioe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/khbhbpogabkcfkbjmpenbejldoeciioe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.63945Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:khbhbpogabkcfkbjmpenbejldoeciioe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/khbhbpogabkcfkbjmpenbejldoeciioe", "external_id": "khbhbpogabkcfkbjmpenbejldoeciioe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--05ba9a4e-da31-47e5-b245-4a1fde295578", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.640477Z", "modified": "2026-06-02T15:57:34.640477Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (khgkcnmepkkccpojldheccpladhflmen) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/khgkcnmepkkccpojldheccpladhflmen']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.640439Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:khgkcnmepkkccpojldheccpladhflmen", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/khgkcnmepkkccpojldheccpladhflmen", "external_id": "khgkcnmepkkccpojldheccpladhflmen"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3649acab-bf74-4df5-8ad8-4235374c094a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.641454Z", "modified": "2026-06-02T15:57:34.641454Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (khkhnljbiikhodfhkbpfpgeodjmaghek) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/khkhnljbiikhodfhkbpfpgeodjmaghek']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.641417Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:khkhnljbiikhodfhkbpfpgeodjmaghek", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/khkhnljbiikhodfhkbpfpgeodjmaghek", "external_id": "khkhnljbiikhodfhkbpfpgeodjmaghek"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--acc30575-a289-4a32-9aed-ff8a12ef775d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.64258Z", "modified": "2026-06-02T15:57:34.64258Z", "name": "Malicious Extension: Web Bear Search", "description": "Malicious browser extension: Web Bear Search (khoapclcikhbeaggmmfcnckcnhfniijj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/khoapclcikhbeaggmmfcnckcnhfniijj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.642543Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:khoapclcikhbeaggmmfcnckcnhfniijj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/khoapclcikhbeaggmmfcnckcnhfniijj", "external_id": "khoapclcikhbeaggmmfcnckcnhfniijj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c0c5ad3d-d54d-4ac8-9ec1-05b97bd5905e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.6437Z", "modified": "2026-06-02T15:57:34.6437Z", "name": "Malicious Extension: Ask AI", "description": "Malicious browser extension: Ask AI (khoigeopdelmjmimedipaoebcmkoljdg) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=122). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/khoigeopdelmjmimedipaoebcmkoljdg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.643647Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:khoigeopdelmjmimedipaoebcmkoljdg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/khoigeopdelmjmimedipaoebcmkoljdg", "external_id": "khoigeopdelmjmimedipaoebcmkoljdg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7048006a-c9e7-472f-ab44-cf37c1f4bc5a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.644697Z", "modified": "2026-06-02T15:57:34.644697Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kiecdaoopedhfgapicmpebbhodepnbbp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kiecdaoopedhfgapicmpebbhodepnbbp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.644659Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kiecdaoopedhfgapicmpebbhodepnbbp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kiecdaoopedhfgapicmpebbhodepnbbp", "external_id": "kiecdaoopedhfgapicmpebbhodepnbbp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de9924f6-2986-45ab-916a-7ed01b6f799f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.645675Z", "modified": "2026-06-02T15:57:34.645675Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kihfdgpnhlkopkiadeopobhbpeplffam) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kihfdgpnhlkopkiadeopobhbpeplffam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.645639Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kihfdgpnhlkopkiadeopobhbpeplffam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kihfdgpnhlkopkiadeopobhbpeplffam", "external_id": "kihfdgpnhlkopkiadeopobhbpeplffam"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9a8325ce-9ec2-4eed-8aef-6d77acb55098", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.646655Z", "modified": "2026-06-02T15:57:34.646655Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kimfknhghkailpllnopclaelfjechldp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kimfknhghkailpllnopclaelfjechldp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.646618Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kimfknhghkailpllnopclaelfjechldp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kimfknhghkailpllnopclaelfjechldp", "external_id": "kimfknhghkailpllnopclaelfjechldp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0680a16c-7ae7-4fb4-869f-d7815e5f6445", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.647676Z", "modified": "2026-06-02T15:57:34.647676Z", "name": "Malicious Extension: VUTTI CRM", "description": "Malicious browser extension: VUTTI CRM (kiobbadnbgllphgkigmkahaimkmamfln) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kiobbadnbgllphgkigmkahaimkmamfln']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.647639Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kiobbadnbgllphgkigmkahaimkmamfln", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kiobbadnbgllphgkigmkahaimkmamfln", "external_id": "kiobbadnbgllphgkigmkahaimkmamfln"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bac703b1-fa5c-44e3-b5de-ff44b5888e70", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.648683Z", "modified": "2026-06-02T15:57:34.648683Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kjbjbbpjmglncndehlbneolhickdejoa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjbjbbpjmglncndehlbneolhickdejoa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.648645Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjbjbbpjmglncndehlbneolhickdejoa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjbjbbpjmglncndehlbneolhickdejoa", "external_id": "kjbjbbpjmglncndehlbneolhickdejoa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7b87b049-3206-4be8-93c9-c76bac2e9c59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.649814Z", "modified": "2026-06-02T15:57:34.649814Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kjdpnimcnfinmilocccippmododhceol) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjdpnimcnfinmilocccippmododhceol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.649778Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjdpnimcnfinmilocccippmododhceol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjdpnimcnfinmilocccippmododhceol", "external_id": "kjdpnimcnfinmilocccippmododhceol"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d58128e9-3a08-404a-a209-c585bda79f6c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.650804Z", "modified": "2026-06-02T15:57:34.650804Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kjgeglpblmplmceadclemoechgnonlnf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjgeglpblmplmceadclemoechgnonlnf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.650767Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjgeglpblmplmceadclemoechgnonlnf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjgeglpblmplmceadclemoechgnonlnf", "external_id": "kjgeglpblmplmceadclemoechgnonlnf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d471b995-31f0-469b-9ab3-0be3270b4dd6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.651795Z", "modified": "2026-06-02T15:57:34.651795Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kjhjnbdjonamibpaalanflmidplhiehe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjhjnbdjonamibpaalanflmidplhiehe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.651759Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjhjnbdjonamibpaalanflmidplhiehe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjhjnbdjonamibpaalanflmidplhiehe", "external_id": "kjhjnbdjonamibpaalanflmidplhiehe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8d739013-fc9b-473c-b141-b6f664e8c8c3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.652791Z", "modified": "2026-06-02T15:57:34.652791Z", "name": "Malicious Extension: intentleads - Engagement based LinkedIn Leads PREVIEW", "description": "Malicious browser extension: intentleads - Engagement based LinkedIn Leads PREVIEW (kjidkkncdchjnnfpclneimlcmghcfoon) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=42). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjidkkncdchjnnfpclneimlcmghcfoon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.652754Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjidkkncdchjnnfpclneimlcmghcfoon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjidkkncdchjnnfpclneimlcmghcfoon", "external_id": "kjidkkncdchjnnfpclneimlcmghcfoon"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--876e2fcd-d562-4330-9413-50fd3cbe572d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.653776Z", "modified": "2026-06-02T15:57:34.653776Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kjkhljbbodkfgbfnhjfdchkjacdhmeaf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjkhljbbodkfgbfnhjfdchkjacdhmeaf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.653739Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjkhljbbodkfgbfnhjfdchkjacdhmeaf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjkhljbbodkfgbfnhjfdchkjacdhmeaf", "external_id": "kjkhljbbodkfgbfnhjfdchkjacdhmeaf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--342a8a86-3a67-413f-b295-04e175dc6591", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.654778Z", "modified": "2026-06-02T15:57:34.654778Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kjkkejocbgnkfnhiblmfmgancjodcpbm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjkkejocbgnkfnhiblmfmgancjodcpbm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.65474Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjkkejocbgnkfnhiblmfmgancjodcpbm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjkkejocbgnkfnhiblmfmgancjodcpbm", "external_id": "kjkkejocbgnkfnhiblmfmgancjodcpbm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--84cde844-0820-400f-96cd-e1366b575e31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.655777Z", "modified": "2026-06-02T15:57:34.655777Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kjnnneekgbdelkncdkjiggebdacocigm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjnnneekgbdelkncdkjiggebdacocigm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.65574Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjnnneekgbdelkncdkjiggebdacocigm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjnnneekgbdelkncdkjiggebdacocigm", "external_id": "kjnnneekgbdelkncdkjiggebdacocigm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d78f5491-38f5-44b0-a773-d267c05e276d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.656919Z", "modified": "2026-06-02T15:57:34.656919Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kjpccpioamlfbjadkoofkghompkmjjbh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kjpccpioamlfbjadkoofkghompkmjjbh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.656881Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kjpccpioamlfbjadkoofkghompkmjjbh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kjpccpioamlfbjadkoofkghompkmjjbh", "external_id": "kjpccpioamlfbjadkoofkghompkmjjbh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5d1d22dd-f034-4885-b687-2e628d08e4ef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.657915Z", "modified": "2026-06-02T15:57:34.657915Z", "name": "Malicious Extension: Minecraft Cursor for Chrome", "description": "Malicious browser extension: Minecraft Cursor for Chrome (kkchefmfekacdingcjkgiaggdafolhen) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kkchefmfekacdingcjkgiaggdafolhen']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.657878Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kkchefmfekacdingcjkgiaggdafolhen", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kkchefmfekacdingcjkgiaggdafolhen", "external_id": "kkchefmfekacdingcjkgiaggdafolhen"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--85129370-7191-481d-a8bd-065b0c0bb3c2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.658908Z", "modified": "2026-06-02T15:57:34.658908Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kkfobcljflnlpbemjicenfkfnplaggkk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kkfobcljflnlpbemjicenfkfnplaggkk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.65887Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kkfobcljflnlpbemjicenfkfnplaggkk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kkfobcljflnlpbemjicenfkfnplaggkk", "external_id": "kkfobcljflnlpbemjicenfkfnplaggkk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c5429b47-1171-4fac-bbac-afac195b6ca0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.659902Z", "modified": "2026-06-02T15:57:34.659902Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kkgmdjjpobmenpkhcclceelekpbnnana) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kkgmdjjpobmenpkhcclceelekpbnnana']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.659865Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kkgmdjjpobmenpkhcclceelekpbnnana", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kkgmdjjpobmenpkhcclceelekpbnnana", "external_id": "kkgmdjjpobmenpkhcclceelekpbnnana"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bcff8e5c-a20a-43be-b7e5-598c82c59a4a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.660899Z", "modified": "2026-06-02T15:57:34.660899Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kkhajpbefbdihlflckhhahbneaoooeka) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kkhajpbefbdihlflckhhahbneaoooeka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.660862Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kkhajpbefbdihlflckhhahbneaoooeka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kkhajpbefbdihlflckhhahbneaoooeka", "external_id": "kkhajpbefbdihlflckhhahbneaoooeka"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e4012f1b-38e3-4f84-8ea9-b14a5c1097cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.661878Z", "modified": "2026-06-02T15:57:34.661878Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kkhjihaeddnhknninbekkhaklnailngh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kkhjihaeddnhknninbekkhaklnailngh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.661841Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kkhjihaeddnhknninbekkhaklnailngh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kkhjihaeddnhknninbekkhaklnailngh", "external_id": "kkhjihaeddnhknninbekkhaklnailngh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d395f2f0-10a2-4a4c-8c19-e587ac70d680", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.662853Z", "modified": "2026-06-02T15:57:34.662853Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kknkkiffjdiapkinkldibnndmnmdccnn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kknkkiffjdiapkinkldibnndmnmdccnn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.662816Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kknkkiffjdiapkinkldibnndmnmdccnn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kknkkiffjdiapkinkldibnndmnmdccnn", "external_id": "kknkkiffjdiapkinkldibnndmnmdccnn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--104be811-6c84-458f-89b3-216d0c8a8206", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.664018Z", "modified": "2026-06-02T15:57:34.664018Z", "name": "Malicious Extension: Organize-C Pro", "description": "Malicious browser extension: Organize-C Pro (kknnggmipdieldidejjflfceicjpcgdk) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kknnggmipdieldidejjflfceicjpcgdk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.66398Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kknnggmipdieldidejjflfceicjpcgdk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kknnggmipdieldidejjflfceicjpcgdk", "external_id": "kknnggmipdieldidejjflfceicjpcgdk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d3d26df8-8e76-4c87-9539-5a2187822c29", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.665016Z", "modified": "2026-06-02T15:57:34.665016Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kldgaejigkhpgmfglbamggiglngkifck) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kldgaejigkhpgmfglbamggiglngkifck']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.664979Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kldgaejigkhpgmfglbamggiglngkifck", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kldgaejigkhpgmfglbamggiglngkifck", "external_id": "kldgaejigkhpgmfglbamggiglngkifck"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--23773df4-22ec-443f-8fea-0831a8e4b494", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.665999Z", "modified": "2026-06-02T15:57:34.665999Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (klggeioacnkkpdcnapgcoicnblliidmf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/klggeioacnkkpdcnapgcoicnblliidmf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.665962Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:klggeioacnkkpdcnapgcoicnblliidmf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/klggeioacnkkpdcnapgcoicnblliidmf", "external_id": "klggeioacnkkpdcnapgcoicnblliidmf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7c521b0d-6556-4a65-a97a-34de105cc233", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.666975Z", "modified": "2026-06-02T15:57:34.666975Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (klgjbnheihgnmimajhohfcldhfpjnahe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/klgjbnheihgnmimajhohfcldhfpjnahe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.666939Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:klgjbnheihgnmimajhohfcldhfpjnahe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/klgjbnheihgnmimajhohfcldhfpjnahe", "external_id": "klgjbnheihgnmimajhohfcldhfpjnahe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9967f8bf-2967-4d20-96b0-84f1f7260d3f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.667971Z", "modified": "2026-06-02T15:57:34.667971Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kljbaedmklfnlgfmmbodnckafhllkjnd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kljbaedmklfnlgfmmbodnckafhllkjnd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.667934Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kljbaedmklfnlgfmmbodnckafhllkjnd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kljbaedmklfnlgfmmbodnckafhllkjnd", "external_id": "kljbaedmklfnlgfmmbodnckafhllkjnd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d5a84a7a-59fb-43bb-86e3-252c2a648677", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.668947Z", "modified": "2026-06-02T15:57:34.668947Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (klnndcfpflikaeipgimmbhjhhhcegpoi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/klnndcfpflikaeipgimmbhjhhhcegpoi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.668911Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:klnndcfpflikaeipgimmbhjhhhcegpoi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/klnndcfpflikaeipgimmbhjhhhcegpoi", "external_id": "klnndcfpflikaeipgimmbhjhhhcegpoi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2c3a2e10-a733-43df-9e26-973bd528c677", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.669918Z", "modified": "2026-06-02T15:57:34.669918Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (klopidoappccnidjpdnihpdecdkhafll) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/klopidoappccnidjpdnihpdecdkhafll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.669882Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:klopidoappccnidjpdnihpdecdkhafll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/klopidoappccnidjpdnihpdecdkhafll", "external_id": "klopidoappccnidjpdnihpdecdkhafll"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--955648b7-acb1-4c4c-bbb8-4a2e6dc2cbad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.671068Z", "modified": "2026-06-02T15:57:34.671068Z", "name": "Malicious Extension: BootComp", "description": "Malicious browser extension: BootComp (kmipafdabbpmampkcconideakdacmaln) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kmipafdabbpmampkcconideakdacmaln']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.67103Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kmipafdabbpmampkcconideakdacmaln", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kmipafdabbpmampkcconideakdacmaln", "external_id": "kmipafdabbpmampkcconideakdacmaln"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--973e8952-8018-4ecd-88c2-080413b1f0ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.672067Z", "modified": "2026-06-02T15:57:34.672067Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kmjdfdcmhacinpgipgoplfagelaccakl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kmjdfdcmhacinpgipgoplfagelaccakl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.672031Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kmjdfdcmhacinpgipgoplfagelaccakl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kmjdfdcmhacinpgipgoplfagelaccakl", "external_id": "kmjdfdcmhacinpgipgoplfagelaccakl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c6d5e3ff-7c5f-4cf8-a194-2a512cec1f5a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.673062Z", "modified": "2026-06-02T15:57:34.673062Z", "name": "Malicious Extension: WaContact", "description": "Malicious browser extension: WaContact (kmmibpooeblhmpbphojdncfdlfflecab) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kmmibpooeblhmpbphojdncfdlfflecab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.673019Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:kmmibpooeblhmpbphojdncfdlfflecab", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kmmibpooeblhmpbphojdncfdlfflecab", "external_id": "kmmibpooeblhmpbphojdncfdlfflecab"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--21cf6162-3220-4a96-8e5d-3d63b51a4f59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.674049Z", "modified": "2026-06-02T15:57:34.674049Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kmobjdioiclamniofdnngmafbhgcniok) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kmobjdioiclamniofdnngmafbhgcniok']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.674012Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kmobjdioiclamniofdnngmafbhgcniok", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kmobjdioiclamniofdnngmafbhgcniok", "external_id": "kmobjdioiclamniofdnngmafbhgcniok"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a6937546-54f6-4776-80b7-ddb0581c7914", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.675028Z", "modified": "2026-06-02T15:57:34.675028Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (knchmdddcbnjhgenmgdkaebbmajkblka) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/knchmdddcbnjhgenmgdkaebbmajkblka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.674991Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:knchmdddcbnjhgenmgdkaebbmajkblka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/knchmdddcbnjhgenmgdkaebbmajkblka", "external_id": "knchmdddcbnjhgenmgdkaebbmajkblka"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5632842f-7fe4-4831-af6b-8eab6e93e770", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.676017Z", "modified": "2026-06-02T15:57:34.676017Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kndglddmdlambecafkmijpmehpnbojfn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kndglddmdlambecafkmijpmehpnbojfn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.675981Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kndglddmdlambecafkmijpmehpnbojfn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kndglddmdlambecafkmijpmehpnbojfn", "external_id": "kndglddmdlambecafkmijpmehpnbojfn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5763f237-ed56-4f9c-bfc5-38c51b94cf29", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.677Z", "modified": "2026-06-02T15:57:34.677Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (knejepegjmjmjlhficbikmblnbemdpke) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/knejepegjmjmjlhficbikmblnbemdpke']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.676964Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:knejepegjmjmjlhficbikmblnbemdpke", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/knejepegjmjmjlhficbikmblnbemdpke", "external_id": "knejepegjmjmjlhficbikmblnbemdpke"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5238b69c-ea98-4e81-b88d-2733432e791f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.678125Z", "modified": "2026-06-02T15:57:34.678125Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kniopgmheioicilhbpfgofgiebicmgkp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kniopgmheioicilhbpfgofgiebicmgkp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.678087Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kniopgmheioicilhbpfgofgiebicmgkp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kniopgmheioicilhbpfgofgiebicmgkp", "external_id": "kniopgmheioicilhbpfgofgiebicmgkp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9c7cd9e0-3079-4af9-bbfe-a5ef86db0fbb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.67912Z", "modified": "2026-06-02T15:57:34.67912Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (knjgknhkgmedmajpkhooaagjgfgbcndo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/knjgknhkgmedmajpkhooaagjgfgbcndo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.679074Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:knjgknhkgmedmajpkhooaagjgfgbcndo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/knjgknhkgmedmajpkhooaagjgfgbcndo", "external_id": "knjgknhkgmedmajpkhooaagjgfgbcndo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f3744a76-c3e1-4b3b-a7a4-f66bc179b49d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.680114Z", "modified": "2026-06-02T15:57:34.680114Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (knoibjinlbaolannjalfdjiloaadnknj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/knoibjinlbaolannjalfdjiloaadnknj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.680071Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:knoibjinlbaolannjalfdjiloaadnknj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/knoibjinlbaolannjalfdjiloaadnknj", "external_id": "knoibjinlbaolannjalfdjiloaadnknj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--110f5902-7ad3-49d5-afb6-332c370c7cd6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.681103Z", "modified": "2026-06-02T15:57:34.681103Z", "name": "Malicious Extension: Poppy Playtime Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Poppy Playtime Cursor \u2605 Custom Cursor for Chrome\u2122 (knomkjoeecgejmhchcpmpbdpfdphpgpo) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/knomkjoeecgejmhchcpmpbdpfdphpgpo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.681065Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:knomkjoeecgejmhchcpmpbdpfdphpgpo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/knomkjoeecgejmhchcpmpbdpfdphpgpo", "external_id": "knomkjoeecgejmhchcpmpbdpfdphpgpo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3ed3166b-aa36-4d69-99c9-f950ed2470df", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.682082Z", "modified": "2026-06-02T15:57:34.682082Z", "name": "Malicious Extension: Token Rewards Claim", "description": "Malicious browser extension: Token Rewards Claim (koecfhecfkmjkjplbmbclgacdclnnpei) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/koecfhecfkmjkjplbmbclgacdclnnpei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.682046Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:koecfhecfkmjkjplbmbclgacdclnnpei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/koecfhecfkmjkjplbmbclgacdclnnpei", "external_id": "koecfhecfkmjkjplbmbclgacdclnnpei"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8aa33bf1-8d4c-41dc-af2e-9feda0e0bf6f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.683065Z", "modified": "2026-06-02T15:57:34.683065Z", "name": "Malicious Extension: Kondo", "description": "Malicious browser extension: Kondo (kojhnafkiednagnljfgakalcbfbklbdk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kojhnafkiednagnljfgakalcbfbklbdk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.683028Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kojhnafkiednagnljfgakalcbfbklbdk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kojhnafkiednagnljfgakalcbfbklbdk", "external_id": "kojhnafkiednagnljfgakalcbfbklbdk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--77bf63c6-c51e-425b-9edc-de6a36dea57b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.684067Z", "modified": "2026-06-02T15:57:34.684067Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kolgdodmgnnhnijmnnidfabnghgakobl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kolgdodmgnnhnijmnnidfabnghgakobl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.68403Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kolgdodmgnnhnijmnnidfabnghgakobl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kolgdodmgnnhnijmnnidfabnghgakobl", "external_id": "kolgdodmgnnhnijmnnidfabnghgakobl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--acdd89bf-2d28-4369-83d6-68af1c1790d8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.685202Z", "modified": "2026-06-02T15:57:34.685202Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (koojeohmgfdkdpbaclkmmaencdchebon) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/koojeohmgfdkdpbaclkmmaencdchebon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.685165Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:koojeohmgfdkdpbaclkmmaencdchebon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/koojeohmgfdkdpbaclkmmaencdchebon", "external_id": "koojeohmgfdkdpbaclkmmaencdchebon"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2c29aca3-ac35-4acc-aa83-7770e5dfa04b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.686194Z", "modified": "2026-06-02T15:57:34.686194Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (koolcjajfdkjjfklmidahmcjhcmmkhma) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/koolcjajfdkjjfklmidahmcjhcmmkhma']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.686153Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:koolcjajfdkjjfklmidahmcjhcmmkhma", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/koolcjajfdkjjfklmidahmcjhcmmkhma", "external_id": "koolcjajfdkjjfklmidahmcjhcmmkhma"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dee45bce-68ac-4c6a-a9aa-33baaf1e9f6a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.687204Z", "modified": "2026-06-02T15:57:34.687204Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kpbihpkcpnfnjddplngmbljcfofjgejh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kpbihpkcpnfnjddplngmbljcfofjgejh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.687161Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kpbihpkcpnfnjddplngmbljcfofjgejh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kpbihpkcpnfnjddplngmbljcfofjgejh", "external_id": "kpbihpkcpnfnjddplngmbljcfofjgejh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d0dcead5-1c5d-4f11-8429-719304902696", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.688198Z", "modified": "2026-06-02T15:57:34.688198Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kpfbijpdidioaomoecdbfaodhajbcjfl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kpfbijpdidioaomoecdbfaodhajbcjfl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.688161Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kpfbijpdidioaomoecdbfaodhajbcjfl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kpfbijpdidioaomoecdbfaodhajbcjfl", "external_id": "kpfbijpdidioaomoecdbfaodhajbcjfl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7dc2c398-fd38-4e56-9325-422cf0fd2b20", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.6892Z", "modified": "2026-06-02T15:57:34.6892Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kpkcamnbjkdiodpgcengepidppnkjikf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kpkcamnbjkdiodpgcengepidppnkjikf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.689162Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kpkcamnbjkdiodpgcengepidppnkjikf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kpkcamnbjkdiodpgcengepidppnkjikf", "external_id": "kpkcamnbjkdiodpgcengepidppnkjikf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d34dc709-1f86-4434-8e48-163e1df9d121", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.690175Z", "modified": "2026-06-02T15:57:34.690175Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kpmfbehibdfhajhelkcpfbdlibigpndb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kpmfbehibdfhajhelkcpfbdlibigpndb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.690138Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kpmfbehibdfhajhelkcpfbdlibigpndb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kpmfbehibdfhajhelkcpfbdlibigpndb", "external_id": "kpmfbehibdfhajhelkcpfbdlibigpndb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eb4e527c-7006-4991-a5b8-b912491b489d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.691158Z", "modified": "2026-06-02T15:57:34.691158Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kpnpeomoodgjlpdaopnapgdiigdkkgim) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kpnpeomoodgjlpdaopnapgdiigdkkgim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.691119Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kpnpeomoodgjlpdaopnapgdiigdkkgim", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kpnpeomoodgjlpdaopnapgdiigdkkgim", "external_id": "kpnpeomoodgjlpdaopnapgdiigdkkgim"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0b407f95-ba8b-4949-ac9d-f710295d46d8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.692312Z", "modified": "2026-06-02T15:57:34.692312Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kpocjpoifmommoiiiamepombpeoaehfh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kpocjpoifmommoiiiamepombpeoaehfh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.692276Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kpocjpoifmommoiiiamepombpeoaehfh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kpocjpoifmommoiiiamepombpeoaehfh", "external_id": "kpocjpoifmommoiiiamepombpeoaehfh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--89839be6-c9f6-4d35-9ce8-61d9122b26bf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.693304Z", "modified": "2026-06-02T15:57:34.693304Z", "name": "Malicious Extension: Amazon Price History Saver", "description": "Malicious browser extension: Amazon Price History Saver (kppfbknppimnoociaomjcdgkebdmenkh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kppfbknppimnoociaomjcdgkebdmenkh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.693267Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kppfbknppimnoociaomjcdgkebdmenkh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kppfbknppimnoociaomjcdgkebdmenkh", "external_id": "kppfbknppimnoociaomjcdgkebdmenkh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fbba8f14-3df8-4fbc-abeb-149fac83cf6b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.694286Z", "modified": "2026-06-02T15:57:34.694286Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (laholcgeblfbgdhkbiidbpiofdcbpeeo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/laholcgeblfbgdhkbiidbpiofdcbpeeo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.694249Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:laholcgeblfbgdhkbiidbpiofdcbpeeo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/laholcgeblfbgdhkbiidbpiofdcbpeeo", "external_id": "laholcgeblfbgdhkbiidbpiofdcbpeeo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1a37de3b-082b-4511-9b6e-e1de50f28d3b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.695288Z", "modified": "2026-06-02T15:57:34.695288Z", "name": "Malicious Extension: One-Punch Man Cursor - Custom Anime Cursor for Chrome", "description": "Malicious browser extension: One-Punch Man Cursor - Custom Anime Cursor for Chrome (lalcmboamkljbdlgjfockddndpfoiojc) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lalcmboamkljbdlgjfockddndpfoiojc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.695249Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lalcmboamkljbdlgjfockddndpfoiojc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lalcmboamkljbdlgjfockddndpfoiojc", "external_id": "lalcmboamkljbdlgjfockddndpfoiojc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--19aed906-c4b2-41ab-b9df-60ba08e4e3ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.696269Z", "modified": "2026-06-02T15:57:34.696269Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lalgaemhphcggiblnkhfiiifohlmeneg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lalgaemhphcggiblnkhfiiifohlmeneg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.696232Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lalgaemhphcggiblnkhfiiifohlmeneg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lalgaemhphcggiblnkhfiiifohlmeneg", "external_id": "lalgaemhphcggiblnkhfiiifohlmeneg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3aaf6bfe-e61b-41e2-b248-3dbab3f45495", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.697253Z", "modified": "2026-06-02T15:57:34.697253Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lbokgbjpgnklhppkijiojhlefopnhegb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lbokgbjpgnklhppkijiojhlefopnhegb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.697216Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lbokgbjpgnklhppkijiojhlefopnhegb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lbokgbjpgnklhppkijiojhlefopnhegb", "external_id": "lbokgbjpgnklhppkijiojhlefopnhegb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--31f4d58d-f815-4b31-9ad8-2e66e49660f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.698239Z", "modified": "2026-06-02T15:57:34.698239Z", "name": "Malicious Extension: Jujutsu Kaisen Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Jujutsu Kaisen Cursor \u2605 Custom Cursor for Chrome\u2122 (lcahlhmejfgofgednancmbfmflaoihld) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lcahlhmejfgofgednancmbfmflaoihld']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.698197Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lcahlhmejfgofgednancmbfmflaoihld", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lcahlhmejfgofgednancmbfmflaoihld", "external_id": "lcahlhmejfgofgednancmbfmflaoihld"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--099bcabd-486f-4a3d-83ea-ad499b2cf80c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.700236Z", "modified": "2026-06-02T15:57:34.700236Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ldaebepnkfockfedaloedoelkjlmpnnl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldaebepnkfockfedaloedoelkjlmpnnl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.700196Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ldaebepnkfockfedaloedoelkjlmpnnl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldaebepnkfockfedaloedoelkjlmpnnl", "external_id": "ldaebepnkfockfedaloedoelkjlmpnnl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d49eda2b-ffb9-47f7-99c6-9d1cb6bf7e7d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.701295Z", "modified": "2026-06-02T15:57:34.701295Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ldanhaibkdifncinbpjdjpambmofmpkf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldanhaibkdifncinbpjdjpambmofmpkf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.701258Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ldanhaibkdifncinbpjdjpambmofmpkf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldanhaibkdifncinbpjdjpambmofmpkf", "external_id": "ldanhaibkdifncinbpjdjpambmofmpkf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bb3e860b-cb2f-4f6d-8f0b-ddf579909508", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.702301Z", "modified": "2026-06-02T15:57:34.702301Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ldfhjpmekioecmhbmefnnjgkhnilcafi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldfhjpmekioecmhbmefnnjgkhnilcafi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.702264Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ldfhjpmekioecmhbmefnnjgkhnilcafi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldfhjpmekioecmhbmefnnjgkhnilcafi", "external_id": "ldfhjpmekioecmhbmefnnjgkhnilcafi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f04a6d68-ed12-4de2-afa0-3f470be43356", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.703297Z", "modified": "2026-06-02T15:57:34.703297Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ldghoefcghcinacfneopmnechojlhldf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldghoefcghcinacfneopmnechojlhldf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.703259Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ldghoefcghcinacfneopmnechojlhldf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldghoefcghcinacfneopmnechojlhldf", "external_id": "ldghoefcghcinacfneopmnechojlhldf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eeb8e7fa-4a07-49c5-b86f-186a799bd6f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.704328Z", "modified": "2026-06-02T15:57:34.704328Z", "name": "Malicious Extension: Salezap", "description": "Malicious browser extension: Salezap (ldhkdnjdpdknckckaoafnaipmclhnfbf) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldhkdnjdpdknckckaoafnaipmclhnfbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.704283Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ldhkdnjdpdknckckaoafnaipmclhnfbf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldhkdnjdpdknckckaoafnaipmclhnfbf", "external_id": "ldhkdnjdpdknckckaoafnaipmclhnfbf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--59e945fc-61fe-4f0b-a36e-0a8c19faaa46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.705323Z", "modified": "2026-06-02T15:57:34.705323Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ldmnodpmebcfcdkejkdakphbcjnmejlf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldmnodpmebcfcdkejkdakphbcjnmejlf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.705286Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ldmnodpmebcfcdkejkdakphbcjnmejlf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldmnodpmebcfcdkejkdakphbcjnmejlf", "external_id": "ldmnodpmebcfcdkejkdakphbcjnmejlf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6b6c042a-659f-47b9-bc11-ebf970ebe9ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.706308Z", "modified": "2026-06-02T15:57:34.706308Z", "name": "Malicious Extension: \u5854\u5854\u7f51\u7533\u795e\u5668", "description": "Malicious browser extension: \u5854\u5854\u7f51\u7533\u795e\u5668 (ldohbgcnonoffldimgdngkojkejibina) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=122). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldohbgcnonoffldimgdngkojkejibina']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.70627Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ldohbgcnonoffldimgdngkojkejibina", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldohbgcnonoffldimgdngkojkejibina", "external_id": "ldohbgcnonoffldimgdngkojkejibina"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5f81ab99-a20f-41a1-afe9-fece29eda429", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.772542Z", "modified": "2026-06-02T15:57:34.772542Z", "name": "Malicious Extension: Pochacco Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Pochacco Cursor \u2605 Custom Cursor for Chrome\u2122 (ldonikoaoafdiccjpkpcgplphedemnma) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldonikoaoafdiccjpkpcgplphedemnma']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.772495Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ldonikoaoafdiccjpkpcgplphedemnma", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldonikoaoafdiccjpkpcgplphedemnma", "external_id": "ldonikoaoafdiccjpkpcgplphedemnma"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--56a58014-046c-4911-b22f-83210335dab4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.773777Z", "modified": "2026-06-02T15:57:34.773777Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (leaglmohfmgdengbciphnodmcgfgdgnf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/leaglmohfmgdengbciphnodmcgfgdgnf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.773736Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:leaglmohfmgdengbciphnodmcgfgdgnf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/leaglmohfmgdengbciphnodmcgfgdgnf", "external_id": "leaglmohfmgdengbciphnodmcgfgdgnf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b7be4521-b626-4ae6-9cdd-d8d33e937781", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.774837Z", "modified": "2026-06-02T15:57:34.774837Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lebaaldhfkhmjcmljacicokgmcfmeofm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lebaaldhfkhmjcmljacicokgmcfmeofm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.774798Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lebaaldhfkhmjcmljacicokgmcfmeofm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lebaaldhfkhmjcmljacicokgmcfmeofm", "external_id": "lebaaldhfkhmjcmljacicokgmcfmeofm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cbb97b61-ad94-4141-a576-1d28df765f75", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.775903Z", "modified": "2026-06-02T15:57:34.775903Z", "name": "Malicious Extension: SmartZap", "description": "Malicious browser extension: SmartZap (lecapbnkojjbcmpgojanclnilcnemjpk) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lecapbnkojjbcmpgojanclnilcnemjpk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.775863Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lecapbnkojjbcmpgojanclnilcnemjpk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lecapbnkojjbcmpgojanclnilcnemjpk", "external_id": "lecapbnkojjbcmpgojanclnilcnemjpk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d2f8e704-ad4d-483f-896f-61e54bcea356", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.776935Z", "modified": "2026-06-02T15:57:34.776935Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lechagcebaneoafonkbfkljmbmaaoaec) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lechagcebaneoafonkbfkljmbmaaoaec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.776897Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lechagcebaneoafonkbfkljmbmaaoaec", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lechagcebaneoafonkbfkljmbmaaoaec", "external_id": "lechagcebaneoafonkbfkljmbmaaoaec"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--89768a42-4c44-4dfb-8df9-f4820a90a022", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.777944Z", "modified": "2026-06-02T15:57:34.777944Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lefmdgdlhcodbfdcgpobglnbgndcmcpa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lefmdgdlhcodbfdcgpobglnbgndcmcpa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.777906Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lefmdgdlhcodbfdcgpobglnbgndcmcpa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lefmdgdlhcodbfdcgpobglnbgndcmcpa", "external_id": "lefmdgdlhcodbfdcgpobglnbgndcmcpa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a403a41d-78da-490e-8448-474831d6f09f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.779086Z", "modified": "2026-06-02T15:57:34.779086Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lehcglgkjkamolcflammloedahjocbbg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lehcglgkjkamolcflammloedahjocbbg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.779048Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lehcglgkjkamolcflammloedahjocbbg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lehcglgkjkamolcflammloedahjocbbg", "external_id": "lehcglgkjkamolcflammloedahjocbbg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cc8083b1-5970-4d4a-99eb-47cd9adf33b9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.780118Z", "modified": "2026-06-02T15:57:34.780118Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lejgjoflhajdmmbmeklmijaboflohhig) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lejgjoflhajdmmbmeklmijaboflohhig']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.780079Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lejgjoflhajdmmbmeklmijaboflohhig", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lejgjoflhajdmmbmeklmijaboflohhig", "external_id": "lejgjoflhajdmmbmeklmijaboflohhig"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0b4c81af-5747-4798-9435-ede9dad38982", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.781125Z", "modified": "2026-06-02T15:57:34.781125Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lepdjbhbkpfenckechpdfohdmkhogojf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lepdjbhbkpfenckechpdfohdmkhogojf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.781087Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lepdjbhbkpfenckechpdfohdmkhogojf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lepdjbhbkpfenckechpdfohdmkhogojf", "external_id": "lepdjbhbkpfenckechpdfohdmkhogojf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--703872d6-5d44-420b-95f7-b539e6f140f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.782123Z", "modified": "2026-06-02T15:57:34.782123Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lfcadnmmmngiljpjpmfnghjdkkockdio) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lfcadnmmmngiljpjpmfnghjdkkockdio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.782084Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lfcadnmmmngiljpjpmfnghjdkkockdio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lfcadnmmmngiljpjpmfnghjdkkockdio", "external_id": "lfcadnmmmngiljpjpmfnghjdkkockdio"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a09ddee1-2730-4a60-9b8f-ffdf54f56ba1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.783133Z", "modified": "2026-06-02T15:57:34.783133Z", "name": "Malicious Extension: UpSell", "description": "Malicious browser extension: UpSell (lfenojckeamfnllggndghkmfhkheiimc) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lfenojckeamfnllggndghkmfhkheiimc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.783083Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:lfenojckeamfnllggndghkmfhkheiimc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lfenojckeamfnllggndghkmfhkheiimc", "external_id": "lfenojckeamfnllggndghkmfhkheiimc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--15269d64-e8cc-419e-bf7e-4806aada0d79", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.784128Z", "modified": "2026-06-02T15:57:34.784128Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lfgakdlafdenmaikccbojgcofkkhmolj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lfgakdlafdenmaikccbojgcofkkhmolj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.78409Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lfgakdlafdenmaikccbojgcofkkhmolj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lfgakdlafdenmaikccbojgcofkkhmolj", "external_id": "lfgakdlafdenmaikccbojgcofkkhmolj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--83231eeb-e6eb-4891-99ec-a855d9192b19", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.785112Z", "modified": "2026-06-02T15:57:34.785112Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lfhfenilfjbgcjckhmdpgjdafhoojljl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lfhfenilfjbgcjckhmdpgjdafhoojljl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.785075Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lfhfenilfjbgcjckhmdpgjdafhoojljl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lfhfenilfjbgcjckhmdpgjdafhoojljl", "external_id": "lfhfenilfjbgcjckhmdpgjdafhoojljl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0598e3a8-9d39-4259-bf4f-56feb8043e3b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.786277Z", "modified": "2026-06-02T15:57:34.786277Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lfmdddfdacgdimongmjclgijepoknmjm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lfmdddfdacgdimongmjclgijepoknmjm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.786237Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lfmdddfdacgdimongmjclgijepoknmjm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lfmdddfdacgdimongmjclgijepoknmjm", "external_id": "lfmdddfdacgdimongmjclgijepoknmjm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b4760fd5-2cf4-4d1b-b6e0-47a0363b40d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.78729Z", "modified": "2026-06-02T15:57:34.78729Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lfnlgdmddmiidbnaeiibmlbadefcnjhi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lfnlgdmddmiidbnaeiibmlbadefcnjhi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.787252Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lfnlgdmddmiidbnaeiibmlbadefcnjhi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lfnlgdmddmiidbnaeiibmlbadefcnjhi", "external_id": "lfnlgdmddmiidbnaeiibmlbadefcnjhi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8d5ae7e1-90e9-4184-9389-6a6e652da126", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.788288Z", "modified": "2026-06-02T15:57:34.788288Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lgakkahjfibfgmacigibnhcgepajgfdb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lgakkahjfibfgmacigibnhcgepajgfdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.78825Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lgakkahjfibfgmacigibnhcgepajgfdb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lgakkahjfibfgmacigibnhcgepajgfdb", "external_id": "lgakkahjfibfgmacigibnhcgepajgfdb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--03964732-c63f-4aef-acf7-c45a5607ae43", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.789291Z", "modified": "2026-06-02T15:57:34.789291Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lgjmjfjpldlhbaeinfjbgokoakpjglbn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lgjmjfjpldlhbaeinfjbgokoakpjglbn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.789254Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lgjmjfjpldlhbaeinfjbgokoakpjglbn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lgjmjfjpldlhbaeinfjbgokoakpjglbn", "external_id": "lgjmjfjpldlhbaeinfjbgokoakpjglbn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cea57427-13e9-461e-9161-d14e15b85bac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.790278Z", "modified": "2026-06-02T15:57:34.790278Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lgknneiodddmfbbpaklighafdocbfnme) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lgknneiodddmfbbpaklighafdocbfnme']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.79024Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lgknneiodddmfbbpaklighafdocbfnme", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lgknneiodddmfbbpaklighafdocbfnme", "external_id": "lgknneiodddmfbbpaklighafdocbfnme"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9ec4613b-b23a-41bc-9f72-58a84c99318d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.791267Z", "modified": "2026-06-02T15:57:34.791267Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lgmdiagiphelkdikgjehjpmfaecgmmfl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lgmdiagiphelkdikgjehjpmfaecgmmfl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.79123Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lgmdiagiphelkdikgjehjpmfaecgmmfl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lgmdiagiphelkdikgjehjpmfaecgmmfl", "external_id": "lgmdiagiphelkdikgjehjpmfaecgmmfl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d38d8962-34b2-4a26-be5e-6d2bc1ec6629", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.792265Z", "modified": "2026-06-02T15:57:34.792265Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lgnfmkckpppkfbfndcdighighholljcn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lgnfmkckpppkfbfndcdighighholljcn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.792228Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lgnfmkckpppkfbfndcdighighholljcn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lgnfmkckpppkfbfndcdighighholljcn", "external_id": "lgnfmkckpppkfbfndcdighighholljcn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de0de826-01c0-473f-9934-3fa57f2baad0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.793407Z", "modified": "2026-06-02T15:57:34.793407Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lgnjdldkappogbkljaiedgogobcgemch) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lgnjdldkappogbkljaiedgogobcgemch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.79337Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lgnjdldkappogbkljaiedgogobcgemch", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lgnjdldkappogbkljaiedgogobcgemch", "external_id": "lgnjdldkappogbkljaiedgogobcgemch"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a4d7d268-52bb-4c00-987b-030464871700", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.794408Z", "modified": "2026-06-02T15:57:34.794408Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lhahofhogpojbfgcejbohlinmhjaodkn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lhahofhogpojbfgcejbohlinmhjaodkn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.794371Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lhahofhogpojbfgcejbohlinmhjaodkn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lhahofhogpojbfgcejbohlinmhjaodkn", "external_id": "lhahofhogpojbfgcejbohlinmhjaodkn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7403d77a-bf98-4d88-ad60-01b9a07aaf9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.795414Z", "modified": "2026-06-02T15:57:34.795414Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lhfdakoonenpbggbeephofdlflloghhi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lhfdakoonenpbggbeephofdlflloghhi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.795376Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lhfdakoonenpbggbeephofdlflloghhi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lhfdakoonenpbggbeephofdlflloghhi", "external_id": "lhfdakoonenpbggbeephofdlflloghhi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d41ca3ba-b580-4c0f-b3f5-af334aa7621e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.79641Z", "modified": "2026-06-02T15:57:34.79641Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lhojojjidomkdaccdkpmejlmmbdjlhjo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lhojojjidomkdaccdkpmejlmmbdjlhjo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.796372Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lhojojjidomkdaccdkpmejlmmbdjlhjo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lhojojjidomkdaccdkpmejlmmbdjlhjo", "external_id": "lhojojjidomkdaccdkpmejlmmbdjlhjo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c8f242be-4eaf-47db-aa7d-ee3c2fab3d7e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.797409Z", "modified": "2026-06-02T15:57:34.797409Z", "name": "Malicious Extension: Bull Lead - Automa\u00e7\u00f5es e atendimento no WhatsApp para vendedores", "description": "Malicious browser extension: Bull Lead - Automa\u00e7\u00f5es e atendimento no WhatsApp para vendedores (ligmikomohkaooecoochfknopalblanl) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ligmikomohkaooecoochfknopalblanl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.797371Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ligmikomohkaooecoochfknopalblanl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ligmikomohkaooecoochfknopalblanl", "external_id": "ligmikomohkaooecoochfknopalblanl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7399fe23-3ab1-48e8-a8f9-a9f033a351cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.798399Z", "modified": "2026-06-02T15:57:34.798399Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (limaalniodpkiflneglakcpbfgjfipig) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/limaalniodpkiflneglakcpbfgjfipig']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.798362Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:limaalniodpkiflneglakcpbfgjfipig", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/limaalniodpkiflneglakcpbfgjfipig", "external_id": "limaalniodpkiflneglakcpbfgjfipig"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3d892efa-935f-4672-a5f9-f7fc71d17954", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.799395Z", "modified": "2026-06-02T15:57:34.799395Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (linflaofbnlhpakjpohmfnkkkmpngnck) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/linflaofbnlhpakjpohmfnkkkmpngnck']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.799358Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:linflaofbnlhpakjpohmfnkkkmpngnck", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/linflaofbnlhpakjpohmfnkkkmpngnck", "external_id": "linflaofbnlhpakjpohmfnkkkmpngnck"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0fa3e248-0c67-4e6d-9d2c-385c98085f00", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.800547Z", "modified": "2026-06-02T15:57:34.800547Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ljbkcdepalofimjbnckeeikmhlgmijmg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljbkcdepalofimjbnckeeikmhlgmijmg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.80051Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljbkcdepalofimjbnckeeikmhlgmijmg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljbkcdepalofimjbnckeeikmhlgmijmg", "external_id": "ljbkcdepalofimjbnckeeikmhlgmijmg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4a25c238-6552-444b-b236-36f60a26cb71", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.801545Z", "modified": "2026-06-02T15:57:34.801545Z", "name": "Malicious Extension: Amazon ASIN Lookup | 10Xprofit", "description": "Malicious browser extension: Amazon ASIN Lookup | 10Xprofit (ljcgnobemekghgobhlplpehijemdgcgo) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=52). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljcgnobemekghgobhlplpehijemdgcgo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.801507Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljcgnobemekghgobhlplpehijemdgcgo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljcgnobemekghgobhlplpehijemdgcgo", "external_id": "ljcgnobemekghgobhlplpehijemdgcgo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eafb4c1d-57b7-4711-8ea5-a7f4853751e0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.802529Z", "modified": "2026-06-02T15:57:34.802529Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ljdhejdbbogemelgkihbabifpfdfomcc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljdhejdbbogemelgkihbabifpfdfomcc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.802492Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljdhejdbbogemelgkihbabifpfdfomcc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljdhejdbbogemelgkihbabifpfdfomcc", "external_id": "ljdhejdbbogemelgkihbabifpfdfomcc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--39461792-071d-4001-81d5-2fe84660527c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.803518Z", "modified": "2026-06-02T15:57:34.803518Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ljhnndlmlendhmgedolhgegjhbkjkcbm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljhnndlmlendhmgedolhgegjhbkjkcbm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.803482Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljhnndlmlendhmgedolhgegjhbkjkcbm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljhnndlmlendhmgedolhgegjhbkjkcbm", "external_id": "ljhnndlmlendhmgedolhgegjhbkjkcbm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3ed19331-85d6-4a9b-a0d3-3fae2d38405b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.804508Z", "modified": "2026-06-02T15:57:34.804508Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ljjngehkphcdnnapgciajcdbcpgmpknc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljjngehkphcdnnapgciajcdbcpgmpknc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.80447Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljjngehkphcdnnapgciajcdbcpgmpknc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljjngehkphcdnnapgciajcdbcpgmpknc", "external_id": "ljjngehkphcdnnapgciajcdbcpgmpknc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--72ffa74c-9f8c-4483-9236-7b7522f8275a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.805494Z", "modified": "2026-06-02T15:57:34.805494Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ljkgnegaajfacghepjiajibgdpfmcfip) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljkgnegaajfacghepjiajibgdpfmcfip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.805456Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljkgnegaajfacghepjiajibgdpfmcfip", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljkgnegaajfacghepjiajibgdpfmcfip", "external_id": "ljkgnegaajfacghepjiajibgdpfmcfip"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ab882020-5173-40c9-9fc3-493b4889b1c1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.806483Z", "modified": "2026-06-02T15:57:34.806483Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ljlhpcabhpjdlcjhbmgjigfceppgabmk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljlhpcabhpjdlcjhbmgjigfceppgabmk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.806441Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljlhpcabhpjdlcjhbmgjigfceppgabmk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljlhpcabhpjdlcjhbmgjigfceppgabmk", "external_id": "ljlhpcabhpjdlcjhbmgjigfceppgabmk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dab4e78d-1f66-4fb8-83e8-7e7cd9d12f59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.807644Z", "modified": "2026-06-02T15:57:34.807644Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ljoinkecfhmbfehhdmnbpcdncbgkffgd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljoinkecfhmbfehhdmnbpcdncbgkffgd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.807606Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljoinkecfhmbfehhdmnbpcdncbgkffgd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljoinkecfhmbfehhdmnbpcdncbgkffgd", "external_id": "ljoinkecfhmbfehhdmnbpcdncbgkffgd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5d346457-e743-400a-a75f-798c1c26e04c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.80864Z", "modified": "2026-06-02T15:57:34.80864Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ljpfokmdomkbjmnplfigpjefemkcigca) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljpfokmdomkbjmnplfigpjefemkcigca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.808603Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljpfokmdomkbjmnplfigpjefemkcigca", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljpfokmdomkbjmnplfigpjefemkcigca", "external_id": "ljpfokmdomkbjmnplfigpjefemkcigca"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cc7c2e21-1c6c-4c06-a4f2-d8cd16047f4f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.809627Z", "modified": "2026-06-02T15:57:34.809627Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lkbfbidpkbeicafnnhlaockggaknjolf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lkbfbidpkbeicafnnhlaockggaknjolf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.80959Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lkbfbidpkbeicafnnhlaockggaknjolf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lkbfbidpkbeicafnnhlaockggaknjolf", "external_id": "lkbfbidpkbeicafnnhlaockggaknjolf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c541be83-e1cf-4dce-b524-b92c95da73b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.810614Z", "modified": "2026-06-02T15:57:34.810614Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lkgmpcehbonlcpoemnakmamjfpfdakfa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lkgmpcehbonlcpoemnakmamjfpfdakfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.810576Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lkgmpcehbonlcpoemnakmamjfpfdakfa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lkgmpcehbonlcpoemnakmamjfpfdakfa", "external_id": "lkgmpcehbonlcpoemnakmamjfpfdakfa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--adcd4741-65d9-434b-92fd-aac0a2d3ff5c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.811613Z", "modified": "2026-06-02T15:57:34.811613Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lkhbodnngmenbcjdmcdcbpmbkebikgjf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lkhbodnngmenbcjdmcdcbpmbkebikgjf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.811576Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lkhbodnngmenbcjdmcdcbpmbkebikgjf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lkhbodnngmenbcjdmcdcbpmbkebikgjf", "external_id": "lkhbodnngmenbcjdmcdcbpmbkebikgjf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7e82a2d8-d43e-44e6-a7f7-8f4f314e2a81", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.812592Z", "modified": "2026-06-02T15:57:34.812592Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lkjkfecdnfjopaeaibboihfkmhdjmanm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lkjkfecdnfjopaeaibboihfkmhdjmanm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.812555Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lkjkfecdnfjopaeaibboihfkmhdjmanm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lkjkfecdnfjopaeaibboihfkmhdjmanm", "external_id": "lkjkfecdnfjopaeaibboihfkmhdjmanm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1aa15a03-50a6-4319-ac26-81028156dbdf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.813579Z", "modified": "2026-06-02T15:57:34.813579Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lldibibpehfomjljogedjhaldedlmfck) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lldibibpehfomjljogedjhaldedlmfck']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.813542Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lldibibpehfomjljogedjhaldedlmfck", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lldibibpehfomjljogedjhaldedlmfck", "external_id": "lldibibpehfomjljogedjhaldedlmfck"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a168ff40-655f-47ea-9bbf-c1bddf214f2e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.814711Z", "modified": "2026-06-02T15:57:34.814711Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (llekkapjkbpajfadhjndedkiblhfeemi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/llekkapjkbpajfadhjndedkiblhfeemi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.814673Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:llekkapjkbpajfadhjndedkiblhfeemi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/llekkapjkbpajfadhjndedkiblhfeemi", "external_id": "llekkapjkbpajfadhjndedkiblhfeemi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0210dc9a-1cd1-4dd3-884c-be1d171a8a43", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.815711Z", "modified": "2026-06-02T15:57:34.815711Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (llilhpmmhicmiaoancaafdgganakopfg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/llilhpmmhicmiaoancaafdgganakopfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.815674Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:llilhpmmhicmiaoancaafdgganakopfg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/llilhpmmhicmiaoancaafdgganakopfg", "external_id": "llilhpmmhicmiaoancaafdgganakopfg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--31fcd257-c55d-4b3f-8179-60a2a0202db7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.8167Z", "modified": "2026-06-02T15:57:34.8167Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lljnhidbljbfkejjcfogkhgmgdihjmlf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lljnhidbljbfkejjcfogkhgmgdihjmlf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.816663Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lljnhidbljbfkejjcfogkhgmgdihjmlf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lljnhidbljbfkejjcfogkhgmgdihjmlf", "external_id": "lljnhidbljbfkejjcfogkhgmgdihjmlf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--30606a1a-4309-4389-996d-8c0fa1908395", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.817681Z", "modified": "2026-06-02T15:57:34.817681Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lljplndkobdgkjilfmfiefpldkhkhbbd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lljplndkobdgkjilfmfiefpldkhkhbbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.817644Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lljplndkobdgkjilfmfiefpldkhkhbbd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lljplndkobdgkjilfmfiefpldkhkhbbd", "external_id": "lljplndkobdgkjilfmfiefpldkhkhbbd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5c983946-0b7b-4b4c-a91e-860ef5904a00", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.818663Z", "modified": "2026-06-02T15:57:34.818663Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lllihdpapijpmbfdmbidbnjpblibebee) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lllihdpapijpmbfdmbidbnjpblibebee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.818625Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lllihdpapijpmbfdmbidbnjpblibebee", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lllihdpapijpmbfdmbidbnjpblibebee", "external_id": "lllihdpapijpmbfdmbidbnjpblibebee"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3b06a120-3fdc-40ec-903e-b275eb455ed7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.819651Z", "modified": "2026-06-02T15:57:34.819651Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (llmclekdibmbhlgegnenmdifgjdcfnao) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/llmclekdibmbhlgegnenmdifgjdcfnao']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.819613Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:llmclekdibmbhlgegnenmdifgjdcfnao", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/llmclekdibmbhlgegnenmdifgjdcfnao", "external_id": "llmclekdibmbhlgegnenmdifgjdcfnao"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6af0a62f-fbb8-41e1-be80-f9d1cdab6bbd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.820665Z", "modified": "2026-06-02T15:57:34.820665Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (llmjkahdkdndnikmnedndgdfbmianaao) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/llmjkahdkdndnikmnedndgdfbmianaao']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.820628Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:llmjkahdkdndnikmnedndgdfbmianaao", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/llmjkahdkdndnikmnedndgdfbmianaao", "external_id": "llmjkahdkdndnikmnedndgdfbmianaao"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1dff789a-4484-4901-b41d-221bd542b780", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.821804Z", "modified": "2026-06-02T15:57:34.821804Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (llojfncgbabajmdglnkbhmiebiinohek) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/llojfncgbabajmdglnkbhmiebiinohek']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.821767Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:llojfncgbabajmdglnkbhmiebiinohek", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/llojfncgbabajmdglnkbhmiebiinohek", "external_id": "llojfncgbabajmdglnkbhmiebiinohek"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--57a452e1-b246-447f-bce2-9cd5c8f09129", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.822804Z", "modified": "2026-06-02T15:57:34.822804Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lmcnkcbaofhmiafapndakpplkenijdek) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmcnkcbaofhmiafapndakpplkenijdek']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.822766Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmcnkcbaofhmiafapndakpplkenijdek", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmcnkcbaofhmiafapndakpplkenijdek", "external_id": "lmcnkcbaofhmiafapndakpplkenijdek"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--476e3368-adbf-429a-ac81-b66bc80c279e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.823807Z", "modified": "2026-06-02T15:57:34.823807Z", "name": "Malicious Extension: Black Script", "description": "Malicious browser extension: Black Script (lmenhcepphonnfnjkaofobpamlfolgfl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmenhcepphonnfnjkaofobpamlfolgfl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.823769Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmenhcepphonnfnjkaofobpamlfolgfl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmenhcepphonnfnjkaofobpamlfolgfl", "external_id": "lmenhcepphonnfnjkaofobpamlfolgfl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--13b0a65a-5ce6-4bfc-a1b8-acd8f20dd20e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.82479Z", "modified": "2026-06-02T15:57:34.82479Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lmhnpgogldejgkbmmenhhkfanfhbdogo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmhnpgogldejgkbmmenhhkfanfhbdogo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.824753Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmhnpgogldejgkbmmenhhkfanfhbdogo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmhnpgogldejgkbmmenhhkfanfhbdogo", "external_id": "lmhnpgogldejgkbmmenhhkfanfhbdogo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c117fc76-1e23-4cee-bba6-653468fa8e45", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.82577Z", "modified": "2026-06-02T15:57:34.82577Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lmiigijnefpkjcenfbinhdpafehaddag) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmiigijnefpkjcenfbinhdpafehaddag']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.825733Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmiigijnefpkjcenfbinhdpafehaddag", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmiigijnefpkjcenfbinhdpafehaddag", "external_id": "lmiigijnefpkjcenfbinhdpafehaddag"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--30df86a7-4db1-48f7-9d46-50b5b227ebaf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.826762Z", "modified": "2026-06-02T15:57:34.826762Z", "name": "Malicious Extension: Hello Kitty Cursor - Custom Kawaii Cursor for Chrome", "description": "Malicious browser extension: Hello Kitty Cursor - Custom Kawaii Cursor for Chrome (lmjdeimbphcbnfekpgblhlbhknpmaoij) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmjdeimbphcbnfekpgblhlbhknpmaoij']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.826723Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmjdeimbphcbnfekpgblhlbhknpmaoij", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmjdeimbphcbnfekpgblhlbhknpmaoij", "external_id": "lmjdeimbphcbnfekpgblhlbhknpmaoij"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0c8b9890-a357-4f4b-bb93-d247d68c573d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.827758Z", "modified": "2026-06-02T15:57:34.827758Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lmjjdicajpllfgekjbnnjobadadidoih) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmjjdicajpllfgekjbnnjobadadidoih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.82772Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmjjdicajpllfgekjbnnjobadadidoih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmjjdicajpllfgekjbnnjobadadidoih", "external_id": "lmjjdicajpllfgekjbnnjobadadidoih"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7983996b-ffef-46e8-812f-a2c002f866c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.8289Z", "modified": "2026-06-02T15:57:34.8289Z", "name": "Malicious Extension: Soccer Cursor - Custom Sports Cursor for Chrome", "description": "Malicious browser extension: Soccer Cursor - Custom Sports Cursor for Chrome (lmjocpjbilfamkogfpbecdhefcjffbhb) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmjocpjbilfamkogfpbecdhefcjffbhb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.828862Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmjocpjbilfamkogfpbecdhefcjffbhb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmjocpjbilfamkogfpbecdhefcjffbhb", "external_id": "lmjocpjbilfamkogfpbecdhefcjffbhb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1a114c66-7d00-485a-ad3b-db77d98095f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.829889Z", "modified": "2026-06-02T15:57:34.829889Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lmmcnaiigcajhkllkfjhocgekphpepgm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmmcnaiigcajhkllkfjhocgekphpepgm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.829852Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmmcnaiigcajhkllkfjhocgekphpepgm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmmcnaiigcajhkllkfjhocgekphpepgm", "external_id": "lmmcnaiigcajhkllkfjhocgekphpepgm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dff09ee2-6cd6-459e-8a15-77fb4e762c32", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.830877Z", "modified": "2026-06-02T15:57:34.830877Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lmnjiioclbjphkggicmldippjojgmldk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmnjiioclbjphkggicmldippjojgmldk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.830835Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmnjiioclbjphkggicmldippjojgmldk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmnjiioclbjphkggicmldippjojgmldk", "external_id": "lmnjiioclbjphkggicmldippjojgmldk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--66f6c16d-8f04-4177-bfa0-3036ebf6f6fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.831878Z", "modified": "2026-06-02T15:57:34.831878Z", "name": "Malicious Extension: Demon Slayer Cursor - Custom Anime Cursor for Chrome", "description": "Malicious browser extension: Demon Slayer Cursor - Custom Anime Cursor for Chrome (lmnmfkhppclolpdbdabpbhladegibpgi) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmnmfkhppclolpdbdabpbhladegibpgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.83184Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmnmfkhppclolpdbdabpbhladegibpgi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmnmfkhppclolpdbdabpbhladegibpgi", "external_id": "lmnmfkhppclolpdbdabpbhladegibpgi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--11c6a866-515b-4f00-ab94-99031eb84b64", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.832858Z", "modified": "2026-06-02T15:57:34.832858Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lmopfmpfoonboglmipmjafcnbphgefjb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmopfmpfoonboglmipmjafcnbphgefjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.83282Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmopfmpfoonboglmipmjafcnbphgefjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmopfmpfoonboglmipmjafcnbphgefjb", "external_id": "lmopfmpfoonboglmipmjafcnbphgefjb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2d69c71b-6f4c-4354-bdf4-17e152fe4175", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.833851Z", "modified": "2026-06-02T15:57:34.833851Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lmppkgmbapjgihlpadknmfalefnfnfnd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmppkgmbapjgihlpadknmfalefnfnfnd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.833814Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmppkgmbapjgihlpadknmfalefnfnfnd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmppkgmbapjgihlpadknmfalefnfnfnd", "external_id": "lmppkgmbapjgihlpadknmfalefnfnfnd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--af4f5331-db0c-40c8-b1f4-48435b357d4a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.834849Z", "modified": "2026-06-02T15:57:34.834849Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lnldeihhegenieijjghchpibcopifadd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lnldeihhegenieijjghchpibcopifadd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.834812Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lnldeihhegenieijjghchpibcopifadd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lnldeihhegenieijjghchpibcopifadd", "external_id": "lnldeihhegenieijjghchpibcopifadd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--23c9a10b-86bc-4987-be6f-a0c521ecb680", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.836036Z", "modified": "2026-06-02T15:57:34.836036Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lodlcpnbppgipaimgbjgniokjcnpiiad) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lodlcpnbppgipaimgbjgniokjcnpiiad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.835999Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lodlcpnbppgipaimgbjgniokjcnpiiad", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lodlcpnbppgipaimgbjgniokjcnpiiad", "external_id": "lodlcpnbppgipaimgbjgniokjcnpiiad"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--97423172-849e-4dc8-bb0b-e6b6dc6020cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.837048Z", "modified": "2026-06-02T15:57:34.837048Z", "name": "Malicious Extension: KENVIA - Transforme o seu WhatsApp Web numa plataforma de vendas", "description": "Malicious browser extension: KENVIA - Transforme o seu WhatsApp Web numa plataforma de vendas (logefefpibkofniajhdigjnpbmimjelg) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/logefefpibkofniajhdigjnpbmimjelg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.83701Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:logefefpibkofniajhdigjnpbmimjelg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/logefefpibkofniajhdigjnpbmimjelg", "external_id": "logefefpibkofniajhdigjnpbmimjelg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b199b3d4-83bd-4628-942c-f723dafcbe70", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.838036Z", "modified": "2026-06-02T15:57:34.838036Z", "name": "Malicious Extension: AliExpress Price Tracker - Price History & Alerts", "description": "Malicious browser extension: AliExpress Price Tracker - Price History & Alerts (loiofaagnefbonjdjklhacdhfkolcfgi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/loiofaagnefbonjdjklhacdhfkolcfgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.837999Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:loiofaagnefbonjdjklhacdhfkolcfgi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/loiofaagnefbonjdjklhacdhfkolcfgi", "external_id": "loiofaagnefbonjdjklhacdhfkolcfgi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5c417bef-32c5-4b80-8269-d288537ccb6a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.839016Z", "modified": "2026-06-02T15:57:34.839016Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lollnjcjgkflfjicaijghbkoakeflolo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lollnjcjgkflfjicaijghbkoakeflolo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.838979Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lollnjcjgkflfjicaijghbkoakeflolo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lollnjcjgkflfjicaijghbkoakeflolo", "external_id": "lollnjcjgkflfjicaijghbkoakeflolo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a2f47bc1-1b73-44a6-ad62-023bda7d0bfe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.840011Z", "modified": "2026-06-02T15:57:34.840011Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lonfhijnhlpehhmhgekhkmdominoiopi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lonfhijnhlpehhmhgekhkmdominoiopi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.839973Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lonfhijnhlpehhmhgekhkmdominoiopi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lonfhijnhlpehhmhgekhkmdominoiopi", "external_id": "lonfhijnhlpehhmhgekhkmdominoiopi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d31290f4-103a-42d7-8f07-c20201c254de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.841009Z", "modified": "2026-06-02T15:57:34.841009Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lpeocpopopmbhchjndkbhgjgppnlikho) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lpeocpopopmbhchjndkbhgjgppnlikho']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.840971Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lpeocpopopmbhchjndkbhgjgppnlikho", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lpeocpopopmbhchjndkbhgjgppnlikho", "external_id": "lpeocpopopmbhchjndkbhgjgppnlikho"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9fd9eb15-7a22-449a-8d54-c1b9df3601f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.841984Z", "modified": "2026-06-02T15:57:34.841984Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (lpgfobaeiolmbkaocfomdmnggfpaklhm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lpgfobaeiolmbkaocfomdmnggfpaklhm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.841947Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lpgfobaeiolmbkaocfomdmnggfpaklhm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lpgfobaeiolmbkaocfomdmnggfpaklhm", "external_id": "lpgfobaeiolmbkaocfomdmnggfpaklhm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d5d17004-6f08-4afc-91e7-b0db38984967", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.843122Z", "modified": "2026-06-02T15:57:34.843122Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mabbblhhnmlckjbfppkopnccllieeocp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mabbblhhnmlckjbfppkopnccllieeocp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.843076Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mabbblhhnmlckjbfppkopnccllieeocp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mabbblhhnmlckjbfppkopnccllieeocp", "external_id": "mabbblhhnmlckjbfppkopnccllieeocp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--962cbb15-d555-4199-a43f-fc376d00d178", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.844114Z", "modified": "2026-06-02T15:57:34.844114Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mabloidgodmbnmnhoenmhlcjkfelomgp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mabloidgodmbnmnhoenmhlcjkfelomgp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.844076Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mabloidgodmbnmnhoenmhlcjkfelomgp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mabloidgodmbnmnhoenmhlcjkfelomgp", "external_id": "mabloidgodmbnmnhoenmhlcjkfelomgp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d232fe2d-32b2-41b8-8847-7a373b909547", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.845112Z", "modified": "2026-06-02T15:57:34.845112Z", "name": "Malicious Extension: Acelere CRM", "description": "Malicious browser extension: Acelere CRM (mahgiheajijdifhnekeknnkfkjbfjkdh) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mahgiheajijdifhnekeknnkfkjbfjkdh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.845075Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mahgiheajijdifhnekeknnkfkjbfjkdh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mahgiheajijdifhnekeknnkfkjbfjkdh", "external_id": "mahgiheajijdifhnekeknnkfkjbfjkdh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3d124576-8830-4431-ac93-685e66941fe5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.846098Z", "modified": "2026-06-02T15:57:34.846098Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (maiackahflfnegibhinjhpbgeoldeklb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/maiackahflfnegibhinjhpbgeoldeklb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.846056Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:maiackahflfnegibhinjhpbgeoldeklb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/maiackahflfnegibhinjhpbgeoldeklb", "external_id": "maiackahflfnegibhinjhpbgeoldeklb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--88b52964-44c3-4462-82b5-7ac1688b9fd5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.847121Z", "modified": "2026-06-02T15:57:34.847121Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (makdmacamkifdldldlelollkkjnoiedg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/makdmacamkifdldldlelollkkjnoiedg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.847075Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:makdmacamkifdldldlelollkkjnoiedg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/makdmacamkifdldldlelollkkjnoiedg", "external_id": "makdmacamkifdldldlelollkkjnoiedg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--de65199a-b137-45b7-bf79-937a59188978", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.848113Z", "modified": "2026-06-02T15:57:34.848113Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (makeekhnfplggoaiklkphfopajegajci) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/makeekhnfplggoaiklkphfopajegajci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.848076Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:makeekhnfplggoaiklkphfopajegajci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/makeekhnfplggoaiklkphfopajegajci", "external_id": "makeekhnfplggoaiklkphfopajegajci"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7c01811c-efc4-4f80-b528-1c0e552459f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.849092Z", "modified": "2026-06-02T15:57:34.849092Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mallpejgeafdahhflmliiahjdpgbegpk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mallpejgeafdahhflmliiahjdpgbegpk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.849054Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mallpejgeafdahhflmliiahjdpgbegpk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mallpejgeafdahhflmliiahjdpgbegpk", "external_id": "mallpejgeafdahhflmliiahjdpgbegpk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7b2ef57d-5a96-424e-9b6f-cce75355157d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.850234Z", "modified": "2026-06-02T15:57:34.850234Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mankdelieejldehcehkmnngbfnmialki) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mankdelieejldehcehkmnngbfnmialki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.850196Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mankdelieejldehcehkmnngbfnmialki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mankdelieejldehcehkmnngbfnmialki", "external_id": "mankdelieejldehcehkmnngbfnmialki"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b2355aba-70f3-4232-9b03-744d590c3e59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.851233Z", "modified": "2026-06-02T15:57:34.851233Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (maolinhbkonpckjldhnocgilkabpfodc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/maolinhbkonpckjldhnocgilkabpfodc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.851196Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:maolinhbkonpckjldhnocgilkabpfodc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/maolinhbkonpckjldhnocgilkabpfodc", "external_id": "maolinhbkonpckjldhnocgilkabpfodc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3ceedc5a-2cc0-480e-b662-15775d7cb434", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.852225Z", "modified": "2026-06-02T15:57:34.852225Z", "name": "Malicious Extension: Peppa Pig Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Peppa Pig Cursor \u2605 Custom Cursor for Chrome\u2122 (maookbdaoegaepgklgimmakbcfjdmbhf) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/maookbdaoegaepgklgimmakbcfjdmbhf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.852188Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:maookbdaoegaepgklgimmakbcfjdmbhf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/maookbdaoegaepgklgimmakbcfjdmbhf", "external_id": "maookbdaoegaepgklgimmakbcfjdmbhf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7278be11-7c59-4bfc-9e32-9245b0b41dd3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.853217Z", "modified": "2026-06-02T15:57:34.853217Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mbjjannikkfihddnepoionimbedjnbib) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mbjjannikkfihddnepoionimbedjnbib']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.853175Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mbjjannikkfihddnepoionimbedjnbib", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mbjjannikkfihddnepoionimbedjnbib", "external_id": "mbjjannikkfihddnepoionimbedjnbib"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e76419f0-bdd6-4f98-a5f7-b6fec23bc29f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.854199Z", "modified": "2026-06-02T15:57:34.854199Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mbjjeombjeklkbndcjgmfcdhfbjngcam) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mbjjeombjeklkbndcjgmfcdhfbjngcam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.854162Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mbjjeombjeklkbndcjgmfcdhfbjngcam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mbjjeombjeklkbndcjgmfcdhfbjngcam", "external_id": "mbjjeombjeklkbndcjgmfcdhfbjngcam"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--18c1ce9d-bd68-418e-bf4e-79217d4ead2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.855198Z", "modified": "2026-06-02T15:57:34.855198Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mbpcddfdlcbnfoladjepencmaljimfmg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mbpcddfdlcbnfoladjepencmaljimfmg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.855159Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mbpcddfdlcbnfoladjepencmaljimfmg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mbpcddfdlcbnfoladjepencmaljimfmg", "external_id": "mbpcddfdlcbnfoladjepencmaljimfmg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bfc1d659-9f7d-4dcf-a203-50694edc6cbf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.856186Z", "modified": "2026-06-02T15:57:34.856186Z", "name": "Malicious Extension: AliExpress Quick Currency & Price Converter", "description": "Malicious browser extension: AliExpress Quick Currency & Price Converter (mcaglpclodnaiimhicpjemhcinjfnjce) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mcaglpclodnaiimhicpjemhcinjfnjce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.856149Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mcaglpclodnaiimhicpjemhcinjfnjce", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mcaglpclodnaiimhicpjemhcinjfnjce", "external_id": "mcaglpclodnaiimhicpjemhcinjfnjce"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f63e8b8c-e4f6-4632-b116-758787d9e75e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.858201Z", "modified": "2026-06-02T15:57:34.858201Z", "name": "Malicious Extension: Walmart Search By Image", "description": "Malicious browser extension: Walmart Search By Image (mcaihdkeijgfhnlfcdehniplmaapadgb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mcaihdkeijgfhnlfcdehniplmaapadgb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.858162Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mcaihdkeijgfhnlfcdehniplmaapadgb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mcaihdkeijgfhnlfcdehniplmaapadgb", "external_id": "mcaihdkeijgfhnlfcdehniplmaapadgb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--23f0b051-f904-43c8-b757-754a62884caa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.859274Z", "modified": "2026-06-02T15:57:34.859274Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mcbdngfmhnadbiehggilloephjhjndpn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mcbdngfmhnadbiehggilloephjhjndpn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.859236Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mcbdngfmhnadbiehggilloephjhjndpn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mcbdngfmhnadbiehggilloephjhjndpn", "external_id": "mcbdngfmhnadbiehggilloephjhjndpn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ec14419d-c203-4edc-9a4d-5ce61f541aab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.860296Z", "modified": "2026-06-02T15:57:34.860296Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mcbhhiafbiafmggccdcpgfldcaeipopg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mcbhhiafbiafmggccdcpgfldcaeipopg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.860258Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mcbhhiafbiafmggccdcpgfldcaeipopg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mcbhhiafbiafmggccdcpgfldcaeipopg", "external_id": "mcbhhiafbiafmggccdcpgfldcaeipopg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--13d7c6f0-aa67-491a-94b0-a4d5586eaf99", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.861294Z", "modified": "2026-06-02T15:57:34.861294Z", "name": "Malicious Extension: OurTab", "description": "Malicious browser extension: OurTab (mchacgmgddefeohkjobefhihbadocneh) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=62). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mchacgmgddefeohkjobefhihbadocneh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.861256Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mchacgmgddefeohkjobefhihbadocneh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mchacgmgddefeohkjobefhihbadocneh", "external_id": "mchacgmgddefeohkjobefhihbadocneh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--910de9fc-53f3-4b1c-adeb-3244f1fa0dbb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.862278Z", "modified": "2026-06-02T15:57:34.862278Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mddfnhdadbofiifdebeiegecchpkbgdb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mddfnhdadbofiifdebeiegecchpkbgdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.86224Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mddfnhdadbofiifdebeiegecchpkbgdb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mddfnhdadbofiifdebeiegecchpkbgdb", "external_id": "mddfnhdadbofiifdebeiegecchpkbgdb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ce77f0eb-ccc7-4cf8-80c2-5fd40634e8e5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.86328Z", "modified": "2026-06-02T15:57:34.86328Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mdenajpfccjjjnbochgkdahmnipfpelc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mdenajpfccjjjnbochgkdahmnipfpelc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.863241Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mdenajpfccjjjnbochgkdahmnipfpelc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mdenajpfccjjjnbochgkdahmnipfpelc", "external_id": "mdenajpfccjjjnbochgkdahmnipfpelc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c31da4ac-44c8-4030-b063-861e576e6828", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.864268Z", "modified": "2026-06-02T15:57:34.864268Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mdlkdelnchilkeedllnnjfigkhhadlff) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mdlkdelnchilkeedllnnjfigkhhadlff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.86423Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mdlkdelnchilkeedllnnjfigkhhadlff", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mdlkdelnchilkeedllnnjfigkhhadlff", "external_id": "mdlkdelnchilkeedllnnjfigkhhadlff"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--faf5978e-22a8-4446-ab84-6ececb9a0be9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.865404Z", "modified": "2026-06-02T15:57:34.865404Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mecbindcphcmdhhihhbagmedefbineob) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mecbindcphcmdhhihhbagmedefbineob']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.865367Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mecbindcphcmdhhihhbagmedefbineob", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mecbindcphcmdhhihhbagmedefbineob", "external_id": "mecbindcphcmdhhihhbagmedefbineob"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d58b7b58-a9e7-41ea-b84a-0121ad3f8b24", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.866411Z", "modified": "2026-06-02T15:57:34.866411Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (meccdflhmmmohgicamalaakjifgapefn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/meccdflhmmmohgicamalaakjifgapefn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.866373Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:meccdflhmmmohgicamalaakjifgapefn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/meccdflhmmmohgicamalaakjifgapefn", "external_id": "meccdflhmmmohgicamalaakjifgapefn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9d23b026-f460-4c1f-bf3e-c923623f246e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.867411Z", "modified": "2026-06-02T15:57:34.867411Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mehpokgiebgcnelgnlfkeldlfnpdhdha) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mehpokgiebgcnelgnlfkeldlfnpdhdha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.867373Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mehpokgiebgcnelgnlfkeldlfnpdhdha", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mehpokgiebgcnelgnlfkeldlfnpdhdha", "external_id": "mehpokgiebgcnelgnlfkeldlfnpdhdha"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e09aab98-bf8a-4ff7-a9f6-68ddfd5f2e95", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.868403Z", "modified": "2026-06-02T15:57:34.868403Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (membjdlghnjabalehklnkchehfhplibj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/membjdlghnjabalehklnkchehfhplibj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.868365Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:membjdlghnjabalehklnkchehfhplibj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/membjdlghnjabalehklnkchehfhplibj", "external_id": "membjdlghnjabalehklnkchehfhplibj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8e5823e1-87c4-4388-a1d7-6690309c9811", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.869379Z", "modified": "2026-06-02T15:57:34.869379Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (meobjhkdifjealkiaanikkpajiaalcad) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/meobjhkdifjealkiaanikkpajiaalcad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.869343Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:meobjhkdifjealkiaanikkpajiaalcad", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/meobjhkdifjealkiaanikkpajiaalcad", "external_id": "meobjhkdifjealkiaanikkpajiaalcad"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f6f9c52c-b086-4638-b92d-a8ef3f513c1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.870354Z", "modified": "2026-06-02T15:57:34.870354Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mfdjdcehbbppoogkamldmbihomamhmca) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mfdjdcehbbppoogkamldmbihomamhmca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.870318Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mfdjdcehbbppoogkamldmbihomamhmca", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mfdjdcehbbppoogkamldmbihomamhmca", "external_id": "mfdjdcehbbppoogkamldmbihomamhmca"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3a86b0ed-ef3a-436a-8989-6eec24fedcb5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.871336Z", "modified": "2026-06-02T15:57:34.871336Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mffnoabholpepnlhglanfdlefgfknjki) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mffnoabholpepnlhglanfdlefgfknjki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.8713Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mffnoabholpepnlhglanfdlefgfknjki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mffnoabholpepnlhglanfdlefgfknjki", "external_id": "mffnoabholpepnlhglanfdlefgfknjki"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bf317105-6993-416d-aba3-48e522f92504", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.872476Z", "modified": "2026-06-02T15:57:34.872476Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mfhjifcieknaihhaidalgcafbnalkdfa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mfhjifcieknaihhaidalgcafbnalkdfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.872438Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mfhjifcieknaihhaidalgcafbnalkdfa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mfhjifcieknaihhaidalgcafbnalkdfa", "external_id": "mfhjifcieknaihhaidalgcafbnalkdfa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--992d45ed-0d37-4224-a3b7-4b46e245244d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.873467Z", "modified": "2026-06-02T15:57:34.873467Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mfigkbnmkjidlbdhkbmkpbbmijhcmjkc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mfigkbnmkjidlbdhkbmkpbbmijhcmjkc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.873429Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mfigkbnmkjidlbdhkbmkpbbmijhcmjkc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mfigkbnmkjidlbdhkbmkpbbmijhcmjkc", "external_id": "mfigkbnmkjidlbdhkbmkpbbmijhcmjkc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--72153d33-01aa-4d8e-9c82-19f85966dbbc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.874459Z", "modified": "2026-06-02T15:57:34.874459Z", "name": "Malicious Extension: VK Music - audio saver", "description": "Malicious browser extension: VK Music - audio saver (mflibpdjoodmoppignjhciadahapkoch) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mflibpdjoodmoppignjhciadahapkoch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.874421Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mflibpdjoodmoppignjhciadahapkoch", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mflibpdjoodmoppignjhciadahapkoch", "external_id": "mflibpdjoodmoppignjhciadahapkoch"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cf22e261-1d30-411f-9bd1-8a137e055a79", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.875462Z", "modified": "2026-06-02T15:57:34.875462Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mgammpcfhbffogpfceobnpcofaphocap) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mgammpcfhbffogpfceobnpcofaphocap']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.875424Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mgammpcfhbffogpfceobnpcofaphocap", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mgammpcfhbffogpfceobnpcofaphocap", "external_id": "mgammpcfhbffogpfceobnpcofaphocap"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4daf7e7b-3bcc-4a79-a6f3-a8eae58bb552", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.876446Z", "modified": "2026-06-02T15:57:34.876446Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mgbkajajjhgmhchoajmomhcdmlndkofc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mgbkajajjhgmhchoajmomhcdmlndkofc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.876408Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mgbkajajjhgmhchoajmomhcdmlndkofc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mgbkajajjhgmhchoajmomhcdmlndkofc", "external_id": "mgbkajajjhgmhchoajmomhcdmlndkofc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0a66f230-ec6c-4869-8400-be88dac07ae9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.877454Z", "modified": "2026-06-02T15:57:34.877454Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mgjfjcimpkdjgeldkcaoboiojmlcleka) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mgjfjcimpkdjgeldkcaoboiojmlcleka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.877416Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mgjfjcimpkdjgeldkcaoboiojmlcleka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mgjfjcimpkdjgeldkcaoboiojmlcleka", "external_id": "mgjfjcimpkdjgeldkcaoboiojmlcleka"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eb95c28c-bb97-44b8-a543-d58e10b9d0ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.878456Z", "modified": "2026-06-02T15:57:34.878456Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mhjdjckeljinofckdibjiojbdpapoecj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mhjdjckeljinofckdibjiojbdpapoecj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.878419Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mhjdjckeljinofckdibjiojbdpapoecj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mhjdjckeljinofckdibjiojbdpapoecj", "external_id": "mhjdjckeljinofckdibjiojbdpapoecj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7fdff431-1a00-4d74-b348-ca116c4790a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.879606Z", "modified": "2026-06-02T15:57:34.879606Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (miadjhffliknkmljlggilcdabkiegifh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/miadjhffliknkmljlggilcdabkiegifh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.879569Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:miadjhffliknkmljlggilcdabkiegifh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/miadjhffliknkmljlggilcdabkiegifh", "external_id": "miadjhffliknkmljlggilcdabkiegifh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6dc62a16-51b1-41c6-ba68-d44931bdb8e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.880596Z", "modified": "2026-06-02T15:57:34.880596Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (micijibojadbnadckjmpgkjicelohbil) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/micijibojadbnadckjmpgkjicelohbil']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.880559Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:micijibojadbnadckjmpgkjicelohbil", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/micijibojadbnadckjmpgkjicelohbil", "external_id": "micijibojadbnadckjmpgkjicelohbil"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4d7aa986-4bee-4c4f-a079-d6972cd82725", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.881589Z", "modified": "2026-06-02T15:57:34.881589Z", "name": "Malicious Extension: Chiikawa Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Chiikawa Cursor \u2605 Custom Cursor for Chrome\u2122 (midamgpdhbehjnjchnegghbhnpkcljmd) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/midamgpdhbehjnjchnegghbhnpkcljmd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.881551Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:midamgpdhbehjnjchnegghbhnpkcljmd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/midamgpdhbehjnjchnegghbhnpkcljmd", "external_id": "midamgpdhbehjnjchnegghbhnpkcljmd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a8a4a96a-9600-4609-8e75-d2303621f705", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.882568Z", "modified": "2026-06-02T15:57:34.882568Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mielecbcceclacefhdjbbinppnppobba) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mielecbcceclacefhdjbbinppnppobba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.882531Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mielecbcceclacefhdjbbinppnppobba", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mielecbcceclacefhdjbbinppnppobba", "external_id": "mielecbcceclacefhdjbbinppnppobba"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--45b6e8f1-7c41-410c-977f-b497e172d749", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.883572Z", "modified": "2026-06-02T15:57:34.883572Z", "name": "Malicious Extension: Super Mario Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Super Mario Cursor \u2605 Custom Cursor for Chrome\u2122 (mifleipondphdoaampgmkndjjkfldmdb) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mifleipondphdoaampgmkndjjkfldmdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.883535Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mifleipondphdoaampgmkndjjkfldmdb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mifleipondphdoaampgmkndjjkfldmdb", "external_id": "mifleipondphdoaampgmkndjjkfldmdb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9b5d390d-c442-4a5e-bcc2-ea3af2228a77", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.884564Z", "modified": "2026-06-02T15:57:34.884564Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (migdegnfalpegigcibhcijackkbgpbif) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/migdegnfalpegigcibhcijackkbgpbif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.884526Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:migdegnfalpegigcibhcijackkbgpbif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/migdegnfalpegigcibhcijackkbgpbif", "external_id": "migdegnfalpegigcibhcijackkbgpbif"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5585e26d-73b2-476a-8130-0a5860e40f20", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.885542Z", "modified": "2026-06-02T15:57:34.885542Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mijjlcdelglplkibhildchndciaafbep) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mijjlcdelglplkibhildchndciaafbep']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.885505Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mijjlcdelglplkibhildchndciaafbep", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mijjlcdelglplkibhildchndciaafbep", "external_id": "mijjlcdelglplkibhildchndciaafbep"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fa179902-742e-4267-9177-04b871031439", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.886684Z", "modified": "2026-06-02T15:57:34.886684Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (milgkhjojahbbkclkppcjpnlcpakneec) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/milgkhjojahbbkclkppcjpnlcpakneec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.886647Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:milgkhjojahbbkclkppcjpnlcpakneec", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/milgkhjojahbbkclkppcjpnlcpakneec", "external_id": "milgkhjojahbbkclkppcjpnlcpakneec"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--977135fb-f0f3-42ce-90a0-3600b3b62d29", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.887704Z", "modified": "2026-06-02T15:57:34.887704Z", "name": "Malicious Extension: Session Export Tool", "description": "Malicious browser extension: Session Export Tool (mimplmibgdodhkjnclacjofjbgmhogce) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=52). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mimplmibgdodhkjnclacjofjbgmhogce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.887666Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mimplmibgdodhkjnclacjofjbgmhogce", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mimplmibgdodhkjnclacjofjbgmhogce", "external_id": "mimplmibgdodhkjnclacjofjbgmhogce"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5cd945f4-38fb-43c8-b478-8e1e5cff88b8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.888693Z", "modified": "2026-06-02T15:57:34.888693Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mipophmjfhpecleajkijfifmffcjdiac) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mipophmjfhpecleajkijfifmffcjdiac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.888656Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mipophmjfhpecleajkijfifmffcjdiac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mipophmjfhpecleajkijfifmffcjdiac", "external_id": "mipophmjfhpecleajkijfifmffcjdiac"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--363fd7b2-0d39-42c0-abc7-dab28ff1d1d0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.889673Z", "modified": "2026-06-02T15:57:34.889673Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mjbmnkmkdfhbdkmibahohgipdodaglpp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mjbmnkmkdfhbdkmibahohgipdodaglpp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.889636Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mjbmnkmkdfhbdkmibahohgipdodaglpp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mjbmnkmkdfhbdkmibahohgipdodaglpp", "external_id": "mjbmnkmkdfhbdkmibahohgipdodaglpp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--72cd87e5-d81c-4fe8-ba79-231e52da4179", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.890659Z", "modified": "2026-06-02T15:57:34.890659Z", "name": "Malicious Extension: Amazon Global Price Checker", "description": "Malicious browser extension: Amazon Global Price Checker (mjcgfimemamogfmekphcfdehfkkbmldn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mjcgfimemamogfmekphcfdehfkkbmldn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.890622Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mjcgfimemamogfmekphcfdehfkkbmldn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mjcgfimemamogfmekphcfdehfkkbmldn", "external_id": "mjcgfimemamogfmekphcfdehfkkbmldn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--156258c9-aa56-43c8-b4c9-ee6f83c51856", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.891649Z", "modified": "2026-06-02T15:57:34.891649Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mjdnhhajbhoicofpbkoakkflkpnblkjn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mjdnhhajbhoicofpbkoakkflkpnblkjn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.891611Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mjdnhhajbhoicofpbkoakkflkpnblkjn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mjdnhhajbhoicofpbkoakkflkpnblkjn", "external_id": "mjdnhhajbhoicofpbkoakkflkpnblkjn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fdd1723c-4569-4cc0-a9c5-4c5737d48781", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.892626Z", "modified": "2026-06-02T15:57:34.892626Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mjebfndkbogmggcbpacbedbcjccoamkk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mjebfndkbogmggcbpacbedbcjccoamkk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.892589Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mjebfndkbogmggcbpacbedbcjccoamkk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mjebfndkbogmggcbpacbedbcjccoamkk", "external_id": "mjebfndkbogmggcbpacbedbcjccoamkk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b546a7ef-7aeb-4192-9ae0-e7abf1b37a93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.893764Z", "modified": "2026-06-02T15:57:34.893764Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mjhocphphjjjcabfdcaemfkokegeebbg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mjhocphphjjjcabfdcaemfkokegeebbg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.893727Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mjhocphphjjjcabfdcaemfkokegeebbg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mjhocphphjjjcabfdcaemfkokegeebbg", "external_id": "mjhocphphjjjcabfdcaemfkokegeebbg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b260bc25-b41b-4657-8d38-a8ef443cd1fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.894748Z", "modified": "2026-06-02T15:57:34.894748Z", "name": "Malicious Extension: DeepSeek Assistant: AI Chat, Minibar, SidePanel & Search", "description": "Malicious browser extension: DeepSeek Assistant: AI Chat, Minibar, SidePanel & Search (mkhdiephfhifcgpmkaaboknnbdpjlneg) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=132). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mkhdiephfhifcgpmkaaboknnbdpjlneg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.894711Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mkhdiephfhifcgpmkaaboknnbdpjlneg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mkhdiephfhifcgpmkaaboknnbdpjlneg", "external_id": "mkhdiephfhifcgpmkaaboknnbdpjlneg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5e5dd9f9-53a7-4af1-b2aa-1c687dd8006c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.895759Z", "modified": "2026-06-02T15:57:34.895759Z", "name": "Malicious Extension: ZAPARETO", "description": "Malicious browser extension: ZAPARETO (mkjmckhlecedggnpbefkgehebkickghd) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mkjmckhlecedggnpbefkgehebkickghd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.895721Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mkjmckhlecedggnpbefkgehebkickghd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mkjmckhlecedggnpbefkgehebkickghd", "external_id": "mkjmckhlecedggnpbefkgehebkickghd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5ce3e036-2947-4d02-9526-f18dc0caeb4c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.896751Z", "modified": "2026-06-02T15:57:34.896751Z", "name": "Malicious Extension: Consensus - Reddit Comment Summarizer", "description": "Malicious browser extension: Consensus - Reddit Comment Summarizer (mkkfklcadlnkhgapjeejemflhamcdjld) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mkkfklcadlnkhgapjeejemflhamcdjld']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.896714Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mkkfklcadlnkhgapjeejemflhamcdjld", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mkkfklcadlnkhgapjeejemflhamcdjld", "external_id": "mkkfklcadlnkhgapjeejemflhamcdjld"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--14c13fa9-3844-4a99-b06c-57fb1674d90e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.897727Z", "modified": "2026-06-02T15:57:34.897727Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mkmilmgfhonpppngfbfglbhdnicnjacc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mkmilmgfhonpppngfbfglbhdnicnjacc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.89769Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mkmilmgfhonpppngfbfglbhdnicnjacc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mkmilmgfhonpppngfbfglbhdnicnjacc", "external_id": "mkmilmgfhonpppngfbfglbhdnicnjacc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--72026279-a6d6-439a-823e-15ef400d2f24", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.898702Z", "modified": "2026-06-02T15:57:34.898702Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mkoegjeakpnbjklhimnimkgokbifeaoh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mkoegjeakpnbjklhimnimkgokbifeaoh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.898665Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mkoegjeakpnbjklhimnimkgokbifeaoh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mkoegjeakpnbjklhimnimkgokbifeaoh", "external_id": "mkoegjeakpnbjklhimnimkgokbifeaoh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f9b9cccf-7597-46a2-9ebe-a8143c453cf5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.899698Z", "modified": "2026-06-02T15:57:34.899698Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mlaonedihngoginmmlaacpihnojcoocl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mlaonedihngoginmmlaacpihnojcoocl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.899661Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mlaonedihngoginmmlaacpihnojcoocl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mlaonedihngoginmmlaacpihnojcoocl", "external_id": "mlaonedihngoginmmlaacpihnojcoocl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cb945242-bf3f-4ac8-9868-2c9cd003259a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.900836Z", "modified": "2026-06-02T15:57:34.900836Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mldeggofnfaiinachdeidpecmflffoam) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mldeggofnfaiinachdeidpecmflffoam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.900798Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mldeggofnfaiinachdeidpecmflffoam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mldeggofnfaiinachdeidpecmflffoam", "external_id": "mldeggofnfaiinachdeidpecmflffoam"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bd22ba50-f077-4633-82a5-ae3f44926e69", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.901824Z", "modified": "2026-06-02T15:57:34.901824Z", "name": "Malicious Extension: LookGood Live", "description": "Malicious browser extension: LookGood Live (mleflnbfifngdmiknggikhfmjjmioofi) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=162). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mleflnbfifngdmiknggikhfmjjmioofi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.901787Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mleflnbfifngdmiknggikhfmjjmioofi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mleflnbfifngdmiknggikhfmjjmioofi", "external_id": "mleflnbfifngdmiknggikhfmjjmioofi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f337650f-7d3e-4130-8618-6dc30edfb17f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.90281Z", "modified": "2026-06-02T15:57:34.90281Z", "name": "Malicious Extension: VMSender", "description": "Malicious browser extension: VMSender (mleloepbohmmgjcfacngpffcappdcdni) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=112). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mleloepbohmmgjcfacngpffcappdcdni']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.902774Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mleloepbohmmgjcfacngpffcappdcdni", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mleloepbohmmgjcfacngpffcappdcdni", "external_id": "mleloepbohmmgjcfacngpffcappdcdni"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--95910da3-be93-4618-a94c-28b2ec4253a1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.9038Z", "modified": "2026-06-02T15:57:34.9038Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mllkmmdaapekjehapekhjjiednchgmag) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mllkmmdaapekjehapekhjjiednchgmag']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.903763Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mllkmmdaapekjehapekhjjiednchgmag", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mllkmmdaapekjehapekhjjiednchgmag", "external_id": "mllkmmdaapekjehapekhjjiednchgmag"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2f51c920-ee2b-4cfc-a0cc-edeb8fc5db0d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.904774Z", "modified": "2026-06-02T15:57:34.904774Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mmadogheddoddplagmdodenehpogllod) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmadogheddoddplagmdodenehpogllod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.904737Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmadogheddoddplagmdodenehpogllod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmadogheddoddplagmdodenehpogllod", "external_id": "mmadogheddoddplagmdodenehpogllod"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e6a34517-405a-4a6e-8e29-16e65efbf7a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.905744Z", "modified": "2026-06-02T15:57:34.905744Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mmfmakmndejojblgceefkpinojhiacfk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmfmakmndejojblgceefkpinojhiacfk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.905708Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmfmakmndejojblgceefkpinojhiacfk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmfmakmndejojblgceefkpinojhiacfk", "external_id": "mmfmakmndejojblgceefkpinojhiacfk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9fb80214-c871-4dbe-9909-10182c4aaa03", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.906733Z", "modified": "2026-06-02T15:57:34.906733Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mmjhombiehngfpipefodkebphfnblphe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmjhombiehngfpipefodkebphfnblphe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.906696Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmjhombiehngfpipefodkebphfnblphe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmjhombiehngfpipefodkebphfnblphe", "external_id": "mmjhombiehngfpipefodkebphfnblphe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f2f7ea7d-0664-4545-b437-91d53b65c71b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.907941Z", "modified": "2026-06-02T15:57:34.907941Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mmjmcfaejolfbenlplfoihnobnggljij) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmjmcfaejolfbenlplfoihnobnggljij']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.907898Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmjmcfaejolfbenlplfoihnobnggljij", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmjmcfaejolfbenlplfoihnobnggljij", "external_id": "mmjmcfaejolfbenlplfoihnobnggljij"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--31b8a910-8552-4add-b43a-2a7ea83ede28", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.908971Z", "modified": "2026-06-02T15:57:34.908971Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mmpfmolbdhdfoblfggigchncdgmdnjha) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmpfmolbdhdfoblfggigchncdgmdnjha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.908927Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmpfmolbdhdfoblfggigchncdgmdnjha", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmpfmolbdhdfoblfggigchncdgmdnjha", "external_id": "mmpfmolbdhdfoblfggigchncdgmdnjha"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0fef10d6-c945-4ddc-b8d8-8bb75221923f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.909972Z", "modified": "2026-06-02T15:57:34.909972Z", "name": "Malicious Extension: Amazon Product Scraper | 10X", "description": "Malicious browser extension: Amazon Product Scraper | 10X (mnacfoefejolpobogooghoclppjcgfcm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mnacfoefejolpobogooghoclppjcgfcm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.909934Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mnacfoefejolpobogooghoclppjcgfcm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mnacfoefejolpobogooghoclppjcgfcm", "external_id": "mnacfoefejolpobogooghoclppjcgfcm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d03ba1c7-ee04-4465-af90-a28055a27bbe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.910958Z", "modified": "2026-06-02T15:57:34.910958Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mnamhmcgcfflfjafflanbhbfffpmkmmm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mnamhmcgcfflfjafflanbhbfffpmkmmm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.91092Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mnamhmcgcfflfjafflanbhbfffpmkmmm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mnamhmcgcfflfjafflanbhbfffpmkmmm", "external_id": "mnamhmcgcfflfjafflanbhbfffpmkmmm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eec150b6-2db2-4000-bba9-0e759f15f0d3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.911966Z", "modified": "2026-06-02T15:57:34.911966Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mndcjildkhcbefhicemomejgafmakcfo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mndcjildkhcbefhicemomejgafmakcfo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.911928Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mndcjildkhcbefhicemomejgafmakcfo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mndcjildkhcbefhicemomejgafmakcfo", "external_id": "mndcjildkhcbefhicemomejgafmakcfo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--34cbbccf-81d8-4b9f-8a96-67a76b8a194c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.912989Z", "modified": "2026-06-02T15:57:34.912989Z", "name": "Malicious Extension: The Simpsons Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: The Simpsons Cursor \u2605 Custom Cursor for Chrome\u2122 (mndeiclfmpndlbkklepkbjihkaccfcod) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mndeiclfmpndlbkklepkbjihkaccfcod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.912943Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mndeiclfmpndlbkklepkbjihkaccfcod", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mndeiclfmpndlbkklepkbjihkaccfcod", "external_id": "mndeiclfmpndlbkklepkbjihkaccfcod"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--68956b00-198d-4a53-8b7e-8837d971538f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.91399Z", "modified": "2026-06-02T15:57:34.91399Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mnnlkapejiegjhhmohmelangkgpmkhci) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mnnlkapejiegjhhmohmelangkgpmkhci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.913954Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mnnlkapejiegjhhmohmelangkgpmkhci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mnnlkapejiegjhhmohmelangkgpmkhci", "external_id": "mnnlkapejiegjhhmohmelangkgpmkhci"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a642e8cd-4574-4c03-a5ab-d2c249943433", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.915142Z", "modified": "2026-06-02T15:57:34.915142Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mnophppbmlnlfobakddidbcgcjakipin) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mnophppbmlnlfobakddidbcgcjakipin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.915095Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mnophppbmlnlfobakddidbcgcjakipin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mnophppbmlnlfobakddidbcgcjakipin", "external_id": "mnophppbmlnlfobakddidbcgcjakipin"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--15904379-4aae-4296-8fea-4968b80c7bb0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.916144Z", "modified": "2026-06-02T15:57:34.916144Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mofnafclpcapghpjdoaanahkgcjfcece) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mofnafclpcapghpjdoaanahkgcjfcece']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.916106Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mofnafclpcapghpjdoaanahkgcjfcece", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mofnafclpcapghpjdoaanahkgcjfcece", "external_id": "mofnafclpcapghpjdoaanahkgcjfcece"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1beba500-9d6e-4b4a-af6d-f889cda89587", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.917148Z", "modified": "2026-06-02T15:57:34.917148Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (moighicahighphhhidlpanmnodgjkfjm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/moighicahighphhhidlpanmnodgjkfjm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.91711Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:moighicahighphhhidlpanmnodgjkfjm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/moighicahighphhhidlpanmnodgjkfjm", "external_id": "moighicahighphhhidlpanmnodgjkfjm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dafb65dd-58f6-4362-85c8-0c12719cd37a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.918168Z", "modified": "2026-06-02T15:57:34.918168Z", "name": "Malicious Extension: ViaShopModa", "description": "Malicious browser extension: ViaShopModa (moodoffpaogeijclgpdicfnidnmeeeoe) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/moodoffpaogeijclgpdicfnidnmeeeoe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.91813Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:moodoffpaogeijclgpdicfnidnmeeeoe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/moodoffpaogeijclgpdicfnidnmeeeoe", "external_id": "moodoffpaogeijclgpdicfnidnmeeeoe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--00869646-a915-46f2-adc0-ee10cd2a328d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.919174Z", "modified": "2026-06-02T15:57:34.919174Z", "name": "Malicious Extension: Spiderman Cursor - Custom Cursor for Chrome", "description": "Malicious browser extension: Spiderman Cursor - Custom Cursor for Chrome (mopjnoodlnbnkocfefcgnmnlbcmgekof) Pixatab new tab hijacking cluster. Content scripts on all URLs, connects to pixatab[.]xyz/constructor/ for new tab replacement. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mopjnoodlnbnkocfefcgnmnlbcmgekof']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.919135Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mopjnoodlnbnkocfefcgnmnlbcmgekof", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mopjnoodlnbnkocfefcgnmnlbcmgekof", "external_id": "mopjnoodlnbnkocfefcgnmnlbcmgekof"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--82ee4818-b2c4-4400-911c-9b861b23b0ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.920177Z", "modified": "2026-06-02T15:57:34.920177Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mpaaggkgjenllbellfknanegfliknidd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mpaaggkgjenllbellfknanegfliknidd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.920139Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mpaaggkgjenllbellfknanegfliknidd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mpaaggkgjenllbellfknanegfliknidd", "external_id": "mpaaggkgjenllbellfknanegfliknidd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f5a47755-a321-4e2f-b27d-ce7d76571bf0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.921164Z", "modified": "2026-06-02T15:57:34.921164Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mpalaahimeigibehbocnjipjfakekfia) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mpalaahimeigibehbocnjipjfakekfia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.921127Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mpalaahimeigibehbocnjipjfakekfia", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mpalaahimeigibehbocnjipjfakekfia", "external_id": "mpalaahimeigibehbocnjipjfakekfia"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cf7e2a18-ae24-48f9-8b11-d13badd38bab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.922293Z", "modified": "2026-06-02T15:57:34.922293Z", "name": "Malicious Extension: SHEIN Search By Image", "description": "Malicious browser extension: SHEIN Search By Image (mpgaodghdhmeljgogbeagpbhgdbfofgb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mpgaodghdhmeljgogbeagpbhgdbfofgb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.922256Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mpgaodghdhmeljgogbeagpbhgdbfofgb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mpgaodghdhmeljgogbeagpbhgdbfofgb", "external_id": "mpgaodghdhmeljgogbeagpbhgdbfofgb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4f8d5c60-6d90-4d3a-97ec-0dfbfc897339", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.923298Z", "modified": "2026-06-02T15:57:34.923298Z", "name": "Malicious Extension: Spy x Family Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Spy x Family Cursor \u2605 Custom Cursor for Chrome\u2122 (mpidnflfogjjkchbllplcpcdoifgnjjj) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mpidnflfogjjkchbllplcpcdoifgnjjj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.92326Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mpidnflfogjjkchbllplcpcdoifgnjjj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mpidnflfogjjkchbllplcpcdoifgnjjj", "external_id": "mpidnflfogjjkchbllplcpcdoifgnjjj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--45b27ef7-c2a2-4496-8512-5b4f6370de12", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.924288Z", "modified": "2026-06-02T15:57:34.924288Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mplfhdalobdlipfjfebkbfpoocpbajae) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mplfhdalobdlipfjfebkbfpoocpbajae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.924252Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mplfhdalobdlipfjfebkbfpoocpbajae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mplfhdalobdlipfjfebkbfpoocpbajae", "external_id": "mplfhdalobdlipfjfebkbfpoocpbajae"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6f24012d-28a4-4618-a878-38918b61794d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.925278Z", "modified": "2026-06-02T15:57:34.925278Z", "name": "Malicious Extension: DigitaZap", "description": "Malicious browser extension: DigitaZap (mpmccehgdjojicnlcmmdoogohdamlfpp) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mpmccehgdjojicnlcmmdoogohdamlfpp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.92524Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:mpmccehgdjojicnlcmmdoogohdamlfpp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mpmccehgdjojicnlcmmdoogohdamlfpp", "external_id": "mpmccehgdjojicnlcmmdoogohdamlfpp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1f31c387-c4cc-41cd-8e1f-19f921e2cf8c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.926261Z", "modified": "2026-06-02T15:57:34.926261Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (mpocopacjjpabphbcapphjljfmffempk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mpocopacjjpabphbcapphjljfmffempk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.926217Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mpocopacjjpabphbcapphjljfmffempk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mpocopacjjpabphbcapphjljfmffempk", "external_id": "mpocopacjjpabphbcapphjljfmffempk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dee75eea-0218-4813-be2e-15476969e300", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.927265Z", "modified": "2026-06-02T15:57:34.927265Z", "name": "Malicious Extension: Website monitoring", "description": "Malicious browser extension: Website monitoring (nabbdpjneieneepdfnmkdhooellilgho) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nabbdpjneieneepdfnmkdhooellilgho']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.927226Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nabbdpjneieneepdfnmkdhooellilgho", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nabbdpjneieneepdfnmkdhooellilgho", "external_id": "nabbdpjneieneepdfnmkdhooellilgho"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--11a7665a-ae24-47cc-a917-9be8b2ed31e5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.928247Z", "modified": "2026-06-02T15:57:34.928247Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nafdjcnfmdcdnebjhehhohfaaffdlkon) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nafdjcnfmdcdnebjhehhohfaaffdlkon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.92821Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nafdjcnfmdcdnebjhehhohfaaffdlkon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nafdjcnfmdcdnebjhehhohfaaffdlkon", "external_id": "nafdjcnfmdcdnebjhehhohfaaffdlkon"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5219dd9e-97b6-46e0-b557-fa48746ba559", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.929377Z", "modified": "2026-06-02T15:57:34.929377Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nbcaemgdognpbafbkepgnmbbgldombjn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nbcaemgdognpbafbkepgnmbbgldombjn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.929339Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nbcaemgdognpbafbkepgnmbbgldombjn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nbcaemgdognpbafbkepgnmbbgldombjn", "external_id": "nbcaemgdognpbafbkepgnmbbgldombjn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7e4d3ed4-51ce-4d18-8ac9-9a612a6143b6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.930363Z", "modified": "2026-06-02T15:57:34.930363Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nbcbdidccniaiigpdiocldgggfeagbog) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nbcbdidccniaiigpdiocldgggfeagbog']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.930327Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nbcbdidccniaiigpdiocldgggfeagbog", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nbcbdidccniaiigpdiocldgggfeagbog", "external_id": "nbcbdidccniaiigpdiocldgggfeagbog"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c1255fc4-9c26-4e21-8e71-47eb259653bb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.931443Z", "modified": "2026-06-02T15:57:34.931443Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nbflcljmdbibeoaipongjgfmbapanipm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nbflcljmdbibeoaipongjgfmbapanipm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.931405Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nbflcljmdbibeoaipongjgfmbapanipm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nbflcljmdbibeoaipongjgfmbapanipm", "external_id": "nbflcljmdbibeoaipongjgfmbapanipm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ef568e29-b329-45ad-b624-dbced8daede3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.932453Z", "modified": "2026-06-02T15:57:34.932453Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nbljjljaoanknannhlonmaknhckcoldi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nbljjljaoanknannhlonmaknhckcoldi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.932416Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nbljjljaoanknannhlonmaknhckcoldi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nbljjljaoanknannhlonmaknhckcoldi", "external_id": "nbljjljaoanknannhlonmaknhckcoldi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--81634cd4-fdfa-4e7a-a3c0-7119998bcf1d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.933469Z", "modified": "2026-06-02T15:57:34.933469Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nbmffmnaecncglmeofodagbafilnokcj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nbmffmnaecncglmeofodagbafilnokcj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.933432Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nbmffmnaecncglmeofodagbafilnokcj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nbmffmnaecncglmeofodagbafilnokcj", "external_id": "nbmffmnaecncglmeofodagbafilnokcj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--da8dd170-b78e-4b23-9e0e-4435d4fd7bd9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.934451Z", "modified": "2026-06-02T15:57:34.934451Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ncalomlkpjgkcmfbdikdodindkkngjhp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ncalomlkpjgkcmfbdikdodindkkngjhp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.934414Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ncalomlkpjgkcmfbdikdodindkkngjhp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ncalomlkpjgkcmfbdikdodindkkngjhp", "external_id": "ncalomlkpjgkcmfbdikdodindkkngjhp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1bb839ee-4583-48e9-abf0-109327109b25", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.935449Z", "modified": "2026-06-02T15:57:34.935449Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ncapkionddmdmfocnjfcfpnimepibggf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ncapkionddmdmfocnjfcfpnimepibggf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.935412Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ncapkionddmdmfocnjfcfpnimepibggf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ncapkionddmdmfocnjfcfpnimepibggf", "external_id": "ncapkionddmdmfocnjfcfpnimepibggf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--58048c28-423f-409a-a790-51b3e0acd494", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.93659Z", "modified": "2026-06-02T15:57:34.93659Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ncbknoohfjmcfneopnfkapmkblaenokb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ncbknoohfjmcfneopnfkapmkblaenokb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.936553Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ncbknoohfjmcfneopnfkapmkblaenokb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ncbknoohfjmcfneopnfkapmkblaenokb", "external_id": "ncbknoohfjmcfneopnfkapmkblaenokb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9932a6dc-577d-4490-8751-0c864861b24b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.937571Z", "modified": "2026-06-02T15:57:34.937571Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ncgnipmbmegebkpekikghdffjkmhjgen) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ncgnipmbmegebkpekikghdffjkmhjgen']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.937534Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ncgnipmbmegebkpekikghdffjkmhjgen", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ncgnipmbmegebkpekikghdffjkmhjgen", "external_id": "ncgnipmbmegebkpekikghdffjkmhjgen"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5c24580c-2592-4c2b-9117-f250f52441c3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.938549Z", "modified": "2026-06-02T15:57:34.938549Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nchdmembkfgkejljapneliogidkchiop) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nchdmembkfgkejljapneliogidkchiop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.938512Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nchdmembkfgkejljapneliogidkchiop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nchdmembkfgkejljapneliogidkchiop", "external_id": "nchdmembkfgkejljapneliogidkchiop"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e5540244-e90d-43a6-9325-36fd36a051cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.939555Z", "modified": "2026-06-02T15:57:34.939555Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ncjbeingokdeimlmolagjaddccfdlkbd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ncjbeingokdeimlmolagjaddccfdlkbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.939512Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ncjbeingokdeimlmolagjaddccfdlkbd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ncjbeingokdeimlmolagjaddccfdlkbd", "external_id": "ncjbeingokdeimlmolagjaddccfdlkbd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--36c24c8b-a71f-46f2-9a55-112519b98279", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.94055Z", "modified": "2026-06-02T15:57:34.94055Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ndcphhjcebhifabfmebineokbfdnbphm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ndcphhjcebhifabfmebineokbfdnbphm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.940513Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ndcphhjcebhifabfmebineokbfdnbphm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ndcphhjcebhifabfmebineokbfdnbphm", "external_id": "ndcphhjcebhifabfmebineokbfdnbphm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--735dd066-deae-4170-97ce-65717d036cbf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.941559Z", "modified": "2026-06-02T15:57:34.941559Z", "name": "Malicious Extension: Vluw", "description": "Malicious browser extension: Vluw (nddkllhdjjgopaibekmobibbmoedkdmj) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nddkllhdjjgopaibekmobibbmoedkdmj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.941521Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nddkllhdjjgopaibekmobibbmoedkdmj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nddkllhdjjgopaibekmobibbmoedkdmj", "external_id": "nddkllhdjjgopaibekmobibbmoedkdmj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8ba3854a-16a8-40c8-a2e4-b403be9e891f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.942548Z", "modified": "2026-06-02T15:57:34.942548Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ndeejgokieklaealoikgdmbmjdkmaoco) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ndeejgokieklaealoikgdmbmjdkmaoco']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.94251Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ndeejgokieklaealoikgdmbmjdkmaoco", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ndeejgokieklaealoikgdmbmjdkmaoco", "external_id": "ndeejgokieklaealoikgdmbmjdkmaoco"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--33efb430-a8ba-4975-8180-8f9f3265e902", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.944567Z", "modified": "2026-06-02T15:57:34.944567Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nejfdccopmpimplhmmdfjobodgeaoihd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nejfdccopmpimplhmmdfjobodgeaoihd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.944526Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nejfdccopmpimplhmmdfjobodgeaoihd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nejfdccopmpimplhmmdfjobodgeaoihd", "external_id": "nejfdccopmpimplhmmdfjobodgeaoihd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d48bb4a4-6849-4061-88bd-82e34f88ee26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.945619Z", "modified": "2026-06-02T15:57:34.945619Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nelegdbdfopcgkignnifhdoiapldlhpf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nelegdbdfopcgkignnifhdoiapldlhpf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.945582Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nelegdbdfopcgkignnifhdoiapldlhpf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nelegdbdfopcgkignnifhdoiapldlhpf", "external_id": "nelegdbdfopcgkignnifhdoiapldlhpf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--27ce90b7-5afa-4259-82be-65ea7b54d763", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.946627Z", "modified": "2026-06-02T15:57:34.946627Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nemkiffjklgaooligallbpmhdmmhepll) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nemkiffjklgaooligallbpmhdmmhepll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.946589Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nemkiffjklgaooligallbpmhdmmhepll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nemkiffjklgaooligallbpmhdmmhepll", "external_id": "nemkiffjklgaooligallbpmhdmmhepll"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7da5a9ff-1f21-49dc-879f-b51966e750b8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.947646Z", "modified": "2026-06-02T15:57:34.947646Z", "name": "Malicious Extension: AmizApp", "description": "Malicious browser extension: AmizApp (nenopmledlfnfcgjdkdefhegeajjpfgf) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nenopmledlfnfcgjdkdefhegeajjpfgf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.947608Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nenopmledlfnfcgjdkdefhegeajjpfgf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nenopmledlfnfcgjdkdefhegeajjpfgf", "external_id": "nenopmledlfnfcgjdkdefhegeajjpfgf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a1b7fb59-77a6-481c-a7fd-63c0db4fa18d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.948628Z", "modified": "2026-06-02T15:57:34.948628Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nfclcncdkemmmhcbfglghbnloenkjjcl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nfclcncdkemmmhcbfglghbnloenkjjcl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.948591Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nfclcncdkemmmhcbfglghbnloenkjjcl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nfclcncdkemmmhcbfglghbnloenkjjcl", "external_id": "nfclcncdkemmmhcbfglghbnloenkjjcl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8394f5d5-505d-4382-af22-68d46909ee7b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.949605Z", "modified": "2026-06-02T15:57:34.949605Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nffmdokmgpgbnjdpibbfhhnminiackjg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nffmdokmgpgbnjdpibbfhhnminiackjg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.949569Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nffmdokmgpgbnjdpibbfhhnminiackjg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nffmdokmgpgbnjdpibbfhhnminiackjg", "external_id": "nffmdokmgpgbnjdpibbfhhnminiackjg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--52aa75ef-6c64-4600-8705-72331dd59d0b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.950598Z", "modified": "2026-06-02T15:57:34.950598Z", "name": "Malicious Extension: WAPIN", "description": "Malicious browser extension: WAPIN (nfhbefcgpghdaaebjafocolpadkdedef) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nfhbefcgpghdaaebjafocolpadkdedef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.95056Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nfhbefcgpghdaaebjafocolpadkdedef", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nfhbefcgpghdaaebjafocolpadkdedef", "external_id": "nfhbefcgpghdaaebjafocolpadkdedef"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8f48ba74-8612-429f-96ba-e1e0dd34ca60", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.951751Z", "modified": "2026-06-02T15:57:34.951751Z", "name": "Malicious Extension: Search with AI on Chrome\u2122", "description": "Malicious browser extension: Search with AI on Chrome\u2122 (nfijbcmjagdmmkchgicfdidblofopkdp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nfijbcmjagdmmkchgicfdidblofopkdp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.951712Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nfijbcmjagdmmkchgicfdidblofopkdp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nfijbcmjagdmmkchgicfdidblofopkdp", "external_id": "nfijbcmjagdmmkchgicfdidblofopkdp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0beb9ca3-146a-4493-b965-4c12ed1dff37", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.952761Z", "modified": "2026-06-02T15:57:34.952761Z", "name": "Malicious Extension: Amazon Prime Freevee Skipper: skip ads, intros & more [QVI]", "description": "Malicious browser extension: Amazon Prime Freevee Skipper: skip ads, intros & more [QVI] (nfodepdbkedfahdadcglakjdmopkobon) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=42). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nfodepdbkedfahdadcglakjdmopkobon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.952722Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nfodepdbkedfahdadcglakjdmopkobon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nfodepdbkedfahdadcglakjdmopkobon", "external_id": "nfodepdbkedfahdadcglakjdmopkobon"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6b63051a-a50b-4852-b1ee-6521292e9e7a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.953764Z", "modified": "2026-06-02T15:57:34.953764Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ngapmoknefnodckipfjjapkpagaefjca) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ngapmoknefnodckipfjjapkpagaefjca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.953725Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ngapmoknefnodckipfjjapkpagaefjca", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ngapmoknefnodckipfjjapkpagaefjca", "external_id": "ngapmoknefnodckipfjjapkpagaefjca"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aec8a095-ff13-4a55-b64d-5729901d3d0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.954773Z", "modified": "2026-06-02T15:57:34.954773Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ngbfciefgjgijkkmpalnmhikoojilkob) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ngbfciefgjgijkkmpalnmhikoojilkob']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.954735Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ngbfciefgjgijkkmpalnmhikoojilkob", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ngbfciefgjgijkkmpalnmhikoojilkob", "external_id": "ngbfciefgjgijkkmpalnmhikoojilkob"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e97a5cfa-8cbf-46d0-82df-7804fc1b1e9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.955787Z", "modified": "2026-06-02T15:57:34.955787Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ngglldgjkjekfbmbfpankdmmknabbgmp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ngglldgjkjekfbmbfpankdmmknabbgmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.955749Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ngglldgjkjekfbmbfpankdmmknabbgmp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ngglldgjkjekfbmbfpankdmmknabbgmp", "external_id": "ngglldgjkjekfbmbfpankdmmknabbgmp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--01ff7a2b-105f-4e84-9e8b-2367a81932a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.956776Z", "modified": "2026-06-02T15:57:34.956776Z", "name": "Malicious Extension: Basketball Cursor - Custom Sports Game Cursor for Chrome", "description": "Malicious browser extension: Basketball Cursor - Custom Sports Game Cursor for Chrome (ngiaafjblpmiejfgcnfcolhdccmaafjg) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ngiaafjblpmiejfgcnfcolhdccmaafjg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.956738Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ngiaafjblpmiejfgcnfcolhdccmaafjg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ngiaafjblpmiejfgcnfcolhdccmaafjg", "external_id": "ngiaafjblpmiejfgcnfcolhdccmaafjg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1ecc51e9-b647-4cf3-aadf-6510b2dcbd1b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.95777Z", "modified": "2026-06-02T15:57:34.95777Z", "name": "Malicious Extension: Botzom \u2013 Vendas, CRM e Chatbot para WhatsApp", "description": "Malicious browser extension: Botzom \u2013 Vendas, CRM e Chatbot para WhatsApp (ngnffiapbonmlgijfnlcgbdomhgcmmna) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ngnffiapbonmlgijfnlcgbdomhgcmmna']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.957733Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ngnffiapbonmlgijfnlcgbdomhgcmmna", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ngnffiapbonmlgijfnlcgbdomhgcmmna", "external_id": "ngnffiapbonmlgijfnlcgbdomhgcmmna"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0a2d9443-5d89-48ff-822a-dd02c8886bca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.958923Z", "modified": "2026-06-02T15:57:34.958923Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nhdiopbebcklbkpfnhipecgfhdhdbfhb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nhdiopbebcklbkpfnhipecgfhdhdbfhb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.958884Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nhdiopbebcklbkpfnhipecgfhdhdbfhb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nhdiopbebcklbkpfnhipecgfhdhdbfhb", "external_id": "nhdiopbebcklbkpfnhipecgfhdhdbfhb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e7b13dde-3baa-4b2b-90c8-dbff283ff222", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.959942Z", "modified": "2026-06-02T15:57:34.959942Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nhgghgjhnmlecplemcmlhdgnlijjlmoe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nhgghgjhnmlecplemcmlhdgnlijjlmoe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.959904Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nhgghgjhnmlecplemcmlhdgnlijjlmoe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nhgghgjhnmlecplemcmlhdgnlijjlmoe", "external_id": "nhgghgjhnmlecplemcmlhdgnlijjlmoe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2b9106fd-2c0c-4d15-8dee-99b47cbe3396", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.960922Z", "modified": "2026-06-02T15:57:34.960922Z", "name": "Malicious Extension: Amazon BSR Fast-View", "description": "Malicious browser extension: Amazon BSR Fast-View (nhilffccdbcjcnoopblecppbhalagpaf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nhilffccdbcjcnoopblecppbhalagpaf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.960885Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nhilffccdbcjcnoopblecppbhalagpaf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nhilffccdbcjcnoopblecppbhalagpaf", "external_id": "nhilffccdbcjcnoopblecppbhalagpaf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--37a5df00-91ee-497a-9256-ef71a863cc2d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.961912Z", "modified": "2026-06-02T15:57:34.961912Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nhnfaiiobkpbenbbiblmgncgokeknnno) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nhnfaiiobkpbenbbiblmgncgokeknnno']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.961875Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nhnfaiiobkpbenbbiblmgncgokeknnno", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nhnfaiiobkpbenbbiblmgncgokeknnno", "external_id": "nhnfaiiobkpbenbbiblmgncgokeknnno"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--99c3148b-1d81-4113-9902-258f627b5bd4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.962893Z", "modified": "2026-06-02T15:57:34.962893Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (niccnmfnkokileojoalgiinemlekmfoa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/niccnmfnkokileojoalgiinemlekmfoa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.962856Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:niccnmfnkokileojoalgiinemlekmfoa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/niccnmfnkokileojoalgiinemlekmfoa", "external_id": "niccnmfnkokileojoalgiinemlekmfoa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1784f784-eee2-43a1-9420-db593b099f5c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.963924Z", "modified": "2026-06-02T15:57:34.963924Z", "name": "Malicious Extension: Pusheen Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Pusheen Cursor \u2605 Custom Cursor for Chrome\u2122 (nichemncnkkplpkgpndnnedokokhoeam) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nichemncnkkplpkgpndnnedokokhoeam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.963887Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nichemncnkkplpkgpndnnedokokhoeam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nichemncnkkplpkgpndnnedokokhoeam", "external_id": "nichemncnkkplpkgpndnnedokokhoeam"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c7240809-fa7e-463a-ba30-099dab0b756f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.964935Z", "modified": "2026-06-02T15:57:34.964935Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nieoenlddbbedidmgbapeockjjagapjl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nieoenlddbbedidmgbapeockjjagapjl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.964898Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nieoenlddbbedidmgbapeockjjagapjl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nieoenlddbbedidmgbapeockjjagapjl", "external_id": "nieoenlddbbedidmgbapeockjjagapjl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1bd7d452-a023-464a-b521-db2f3c3096b5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.966074Z", "modified": "2026-06-02T15:57:34.966074Z", "name": "Malicious Extension: Amazon Quick Brand Search", "description": "Malicious browser extension: Amazon Quick Brand Search (nigamacoibifjohkmepefofohfedblgg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nigamacoibifjohkmepefofohfedblgg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.966036Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nigamacoibifjohkmepefofohfedblgg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nigamacoibifjohkmepefofohfedblgg", "external_id": "nigamacoibifjohkmepefofohfedblgg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d5aa7848-c079-4a81-9acc-047988fddf12", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.96706Z", "modified": "2026-06-02T15:57:34.96706Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nimlmejbmnecnaghgmbahmbaddhjbecg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nimlmejbmnecnaghgmbahmbaddhjbecg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.967022Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nimlmejbmnecnaghgmbahmbaddhjbecg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nimlmejbmnecnaghgmbahmbaddhjbecg", "external_id": "nimlmejbmnecnaghgmbahmbaddhjbecg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9d1c970d-d1fe-4755-916a-b4ba0fcc741b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.968077Z", "modified": "2026-06-02T15:57:34.968077Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nimnhhcainjoacphlmhbkodofenjgobh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nimnhhcainjoacphlmhbkodofenjgobh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.968037Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nimnhhcainjoacphlmhbkodofenjgobh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nimnhhcainjoacphlmhbkodofenjgobh", "external_id": "nimnhhcainjoacphlmhbkodofenjgobh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a0ee20a4-4914-4d3e-ac65-8586c266bbde", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.969068Z", "modified": "2026-06-02T15:57:34.969068Z", "name": "Malicious Extension: Amazon Result Numbering", "description": "Malicious browser extension: Amazon Result Numbering (nipfdfkjnidadibpbflijepbllfkokac) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nipfdfkjnidadibpbflijepbllfkokac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.96903Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nipfdfkjnidadibpbflijepbllfkokac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nipfdfkjnidadibpbflijepbllfkokac", "external_id": "nipfdfkjnidadibpbflijepbllfkokac"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--817f8f33-c75c-4731-b586-c921c497e856", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.970049Z", "modified": "2026-06-02T15:57:34.970049Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nippdajkmjpnpnajkafoadeopbjdffjo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nippdajkmjpnpnajkafoadeopbjdffjo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.970012Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nippdajkmjpnpnajkafoadeopbjdffjo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nippdajkmjpnpnajkafoadeopbjdffjo", "external_id": "nippdajkmjpnpnajkafoadeopbjdffjo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e2af8b97-d34a-435b-aed0-67772a943b8a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.971032Z", "modified": "2026-06-02T15:57:34.971032Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (njbgkalfmgkchikknmaimfjmfjpnbnpm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njbgkalfmgkchikknmaimfjmfjpnbnpm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.970996Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njbgkalfmgkchikknmaimfjmfjpnbnpm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njbgkalfmgkchikknmaimfjmfjpnbnpm", "external_id": "njbgkalfmgkchikknmaimfjmfjpnbnpm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ab744487-51fb-4fd9-a187-adce57664910", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.972024Z", "modified": "2026-06-02T15:57:34.972024Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (njcphhbmfdglhkfegcpflminbhoojefc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njcphhbmfdglhkfegcpflminbhoojefc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.971987Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njcphhbmfdglhkfegcpflminbhoojefc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njcphhbmfdglhkfegcpflminbhoojefc", "external_id": "njcphhbmfdglhkfegcpflminbhoojefc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--62dea49b-4e0c-4ee5-ae87-4c660c32845b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.973185Z", "modified": "2026-06-02T15:57:34.973185Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (njfkgeajknkffkngdmjmjninkbgjedlo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njfkgeajknkffkngdmjmjninkbgjedlo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.973146Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njfkgeajknkffkngdmjmjninkbgjedlo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njfkgeajknkffkngdmjmjninkbgjedlo", "external_id": "njfkgeajknkffkngdmjmjninkbgjedlo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6888a1ef-cd04-4f59-9198-a43a4fc79a30", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.974181Z", "modified": "2026-06-02T15:57:34.974181Z", "name": "Malicious Extension: Noise Cancelling App", "description": "Malicious browser extension: Noise Cancelling App (njmhcidcdbaannpafjdljminaigdgolj) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=72). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njmhcidcdbaannpafjdljminaigdgolj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.974144Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njmhcidcdbaannpafjdljminaigdgolj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njmhcidcdbaannpafjdljminaigdgolj", "external_id": "njmhcidcdbaannpafjdljminaigdgolj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0a4882d8-24b8-43ba-8512-bc087757b109", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.975184Z", "modified": "2026-06-02T15:57:34.975184Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (njoedigapanaggiabjafnaklppphempm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njoedigapanaggiabjafnaklppphempm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.975145Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njoedigapanaggiabjafnaklppphempm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njoedigapanaggiabjafnaklppphempm", "external_id": "njoedigapanaggiabjafnaklppphempm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--aa09a752-2a2e-45ba-a940-1a4034020905", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.976174Z", "modified": "2026-06-02T15:57:34.976174Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (njoogbpfljihdmoaihdkcbiminaehoed) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njoogbpfljihdmoaihdkcbiminaehoed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.976137Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njoogbpfljihdmoaihdkcbiminaehoed", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njoogbpfljihdmoaihdkcbiminaehoed", "external_id": "njoogbpfljihdmoaihdkcbiminaehoed"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--df313b5c-9f83-4a54-b721-d7acafd255a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.97716Z", "modified": "2026-06-02T15:57:34.97716Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (njpcocbkdofoailanmgbaijichcbnkdj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njpcocbkdofoailanmgbaijichcbnkdj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.977123Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njpcocbkdofoailanmgbaijichcbnkdj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njpcocbkdofoailanmgbaijichcbnkdj", "external_id": "njpcocbkdofoailanmgbaijichcbnkdj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bb04accb-d0d7-4529-b395-e4830a0aa4c6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.97815Z", "modified": "2026-06-02T15:57:34.97815Z", "name": "Malicious Extension: DragonChat", "description": "Malicious browser extension: DragonChat (njpegidkheieeecaiaaihggmnhklccjn) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njpegidkheieeecaiaaihggmnhklccjn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.978113Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:njpegidkheieeecaiaaihggmnhklccjn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njpegidkheieeecaiaaihggmnhklccjn", "external_id": "njpegidkheieeecaiaaihggmnhklccjn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--573efbf3-60f7-4132-bfc7-1e1ff341dcc0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.979145Z", "modified": "2026-06-02T15:57:34.979145Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nkgbfengofophpmonladgaldioelckbe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nkgbfengofophpmonladgaldioelckbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.979098Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nkgbfengofophpmonladgaldioelckbe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nkgbfengofophpmonladgaldioelckbe", "external_id": "nkgbfengofophpmonladgaldioelckbe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--16fca6ff-57ea-4dcd-b0b4-8ac7fc18434f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.980314Z", "modified": "2026-06-02T15:57:34.980314Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nkjomoafjgemogbdkhledkoeaflnmgfi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nkjomoafjgemogbdkhledkoeaflnmgfi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.980277Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nkjomoafjgemogbdkhledkoeaflnmgfi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nkjomoafjgemogbdkhledkoeaflnmgfi", "external_id": "nkjomoafjgemogbdkhledkoeaflnmgfi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--69ac9a35-2e4a-4fcc-9cf7-e24b3e546120", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.981328Z", "modified": "2026-06-02T15:57:34.981328Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nkolcmifaljdigfhefpekacbmfgoamgi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nkolcmifaljdigfhefpekacbmfgoamgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.981291Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nkolcmifaljdigfhefpekacbmfgoamgi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nkolcmifaljdigfhefpekacbmfgoamgi", "external_id": "nkolcmifaljdigfhefpekacbmfgoamgi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7121045d-2b90-4dfa-b0cb-ac3356d376c6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.982334Z", "modified": "2026-06-02T15:57:34.982334Z", "name": "Malicious Extension: CRM DE ELITE : CRM no whatsapp, Automa\u00e7\u00f5es e Ferramentas para venda", "description": "Malicious browser extension: CRM DE ELITE : CRM no whatsapp, Automa\u00e7\u00f5es e Ferramentas para venda (nlbdmcikemaghcoeoblmlkdlhiggnhin) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nlbdmcikemaghcoeoblmlkdlhiggnhin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.982295Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:nlbdmcikemaghcoeoblmlkdlhiggnhin", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nlbdmcikemaghcoeoblmlkdlhiggnhin", "external_id": "nlbdmcikemaghcoeoblmlkdlhiggnhin"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--690aafd1-831c-4ea7-91fd-b614a302d33f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.983374Z", "modified": "2026-06-02T15:57:34.983374Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nlhpidbjmmffhoogcennoiopekbiglbp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nlhpidbjmmffhoogcennoiopekbiglbp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.983335Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nlhpidbjmmffhoogcennoiopekbiglbp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nlhpidbjmmffhoogcennoiopekbiglbp", "external_id": "nlhpidbjmmffhoogcennoiopekbiglbp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f02851b4-de45-4cf4-b585-aacf87455221", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.984396Z", "modified": "2026-06-02T15:57:34.984396Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nlicmidohjbpkndnlcioehnbefjdpfof) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nlicmidohjbpkndnlcioehnbefjdpfof']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.984358Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nlicmidohjbpkndnlcioehnbefjdpfof", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nlicmidohjbpkndnlcioehnbefjdpfof", "external_id": "nlicmidohjbpkndnlcioehnbefjdpfof"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dc130d74-f359-4eed-be6b-92359bf645bb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.985409Z", "modified": "2026-06-02T15:57:34.985409Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nlidfclccabaghacejpnbofmpghieacn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nlidfclccabaghacejpnbofmpghieacn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.985372Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nlidfclccabaghacejpnbofmpghieacn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nlidfclccabaghacejpnbofmpghieacn", "external_id": "nlidfclccabaghacejpnbofmpghieacn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--57fcb244-38a4-4805-b56f-fcd81efa5865", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.986418Z", "modified": "2026-06-02T15:57:34.986418Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nlkblacjcdilfdjmmlfemoalcbjjopgf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nlkblacjcdilfdjmmlfemoalcbjjopgf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.986376Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nlkblacjcdilfdjmmlfemoalcbjjopgf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nlkblacjcdilfdjmmlfemoalcbjjopgf", "external_id": "nlkblacjcdilfdjmmlfemoalcbjjopgf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--30157229-4726-414f-b5da-2998bde30768", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.987595Z", "modified": "2026-06-02T15:57:34.987595Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nlllhibclkoddmfaljpifkfhabmkjjpk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nlllhibclkoddmfaljpifkfhabmkjjpk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.987557Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nlllhibclkoddmfaljpifkfhabmkjjpk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nlllhibclkoddmfaljpifkfhabmkjjpk", "external_id": "nlllhibclkoddmfaljpifkfhabmkjjpk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6163e9ba-bbe0-43ca-b0e2-d4c0834fc215", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.988594Z", "modified": "2026-06-02T15:57:34.988594Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nllppfnifjiccjacjiaonomhggcgildm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nllppfnifjiccjacjiaonomhggcgildm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.988556Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nllppfnifjiccjacjiaonomhggcgildm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nllppfnifjiccjacjiaonomhggcgildm", "external_id": "nllppfnifjiccjacjiaonomhggcgildm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8b43a78d-f1b1-4474-9f14-343e502d7a93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.9896Z", "modified": "2026-06-02T15:57:34.9896Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nlogodaofdghipmbdclajkkpheneldjd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nlogodaofdghipmbdclajkkpheneldjd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.989562Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nlogodaofdghipmbdclajkkpheneldjd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nlogodaofdghipmbdclajkkpheneldjd", "external_id": "nlogodaofdghipmbdclajkkpheneldjd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--910b73c8-ce8f-4d4a-9b91-dee31730e094", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.990584Z", "modified": "2026-06-02T15:57:34.990584Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nlompoojekdpdjnjledbbahkdhdhjlae) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nlompoojekdpdjnjledbbahkdhdhjlae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.990547Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nlompoojekdpdjnjledbbahkdhdhjlae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nlompoojekdpdjnjledbbahkdhdhjlae", "external_id": "nlompoojekdpdjnjledbbahkdhdhjlae"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--63bb7657-00ca-4880-8e48-87f012ed6657", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.991581Z", "modified": "2026-06-02T15:57:34.991581Z", "name": "Malicious Extension: Blue Lock Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Blue Lock Cursor \u2605 Custom Cursor for Chrome\u2122 (nlppklcmgfgaploglaakimdlfgeinajj) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nlppklcmgfgaploglaakimdlfgeinajj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.991543Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nlppklcmgfgaploglaakimdlfgeinajj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nlppklcmgfgaploglaakimdlfgeinajj", "external_id": "nlppklcmgfgaploglaakimdlfgeinajj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b54939cd-749f-470c-996c-250ef856a11b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.992569Z", "modified": "2026-06-02T15:57:34.992569Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nmaegedpdmepbkahckadmaolllgmogma) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nmaegedpdmepbkahckadmaolllgmogma']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.99253Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nmaegedpdmepbkahckadmaolllgmogma", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nmaegedpdmepbkahckadmaolllgmogma", "external_id": "nmaegedpdmepbkahckadmaolllgmogma"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--364d0347-3f08-4c4b-9374-345abd897b24", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.993566Z", "modified": "2026-06-02T15:57:34.993566Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nmcdpmhknbboplhmihbekllplnhfplph) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nmcdpmhknbboplhmihbekllplnhfplph']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.993524Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nmcdpmhknbboplhmihbekllplnhfplph", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nmcdpmhknbboplhmihbekllplnhfplph", "external_id": "nmcdpmhknbboplhmihbekllplnhfplph"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9ed8e8c9-f1bd-478a-9ebc-359081c3e38c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.994714Z", "modified": "2026-06-02T15:57:34.994714Z", "name": "Malicious Extension: Animal Crossing Cursor - Custom Nintendo Game Cursor for Chrome", "description": "Malicious browser extension: Animal Crossing Cursor - Custom Nintendo Game Cursor for Chrome (nmkpckdpiikfoenhfaognmajhpgpoobg) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nmkpckdpiikfoenhfaognmajhpgpoobg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.994676Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nmkpckdpiikfoenhfaognmajhpgpoobg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nmkpckdpiikfoenhfaognmajhpgpoobg", "external_id": "nmkpckdpiikfoenhfaognmajhpgpoobg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--66669671-76e5-428f-8307-d6ff59c1532c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.995727Z", "modified": "2026-06-02T15:57:34.995727Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nmpiemnkagcciheaghfdohdpelhphnoh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nmpiemnkagcciheaghfdohdpelhphnoh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.995689Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nmpiemnkagcciheaghfdohdpelhphnoh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nmpiemnkagcciheaghfdohdpelhphnoh", "external_id": "nmpiemnkagcciheaghfdohdpelhphnoh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8b83f965-d140-4001-b175-5f063ec72e80", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.996713Z", "modified": "2026-06-02T15:57:34.996713Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nmpnccanldgdjchnaanhdagmomgjnbke) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nmpnccanldgdjchnaanhdagmomgjnbke']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.996677Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nmpnccanldgdjchnaanhdagmomgjnbke", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nmpnccanldgdjchnaanhdagmomgjnbke", "external_id": "nmpnccanldgdjchnaanhdagmomgjnbke"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--78bbc384-2d06-426c-8a78-88e97a143287", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.997693Z", "modified": "2026-06-02T15:57:34.997693Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nnceocbiolncfljcmajijmeakcdlffnh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nnceocbiolncfljcmajijmeakcdlffnh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.997656Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nnceocbiolncfljcmajijmeakcdlffnh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nnceocbiolncfljcmajijmeakcdlffnh", "external_id": "nnceocbiolncfljcmajijmeakcdlffnh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--43a07f2f-5834-4a31-b8a3-9327a568a835", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.998674Z", "modified": "2026-06-02T15:57:34.998674Z", "name": "Malicious Extension: Newsit: Hacker News and Reddit Links", "description": "Malicious browser extension: Newsit: Hacker News and Reddit Links (nngjdplpkehilhcinpccdbkjaknkkifl) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=52). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nngjdplpkehilhcinpccdbkjaknkkifl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.998637Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nngjdplpkehilhcinpccdbkjaknkkifl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nngjdplpkehilhcinpccdbkjaknkkifl", "external_id": "nngjdplpkehilhcinpccdbkjaknkkifl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e3d3262f-8e1e-4476-bbf9-a74cf6e7fbb3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.99967Z", "modified": "2026-06-02T15:57:34.99967Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nnjlbhbajbeagngabejdpenghpkglghd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nnjlbhbajbeagngabejdpenghpkglghd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:34.999633Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nnjlbhbajbeagngabejdpenghpkglghd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nnjlbhbajbeagngabejdpenghpkglghd", "external_id": "nnjlbhbajbeagngabejdpenghpkglghd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1e6b5ea3-21bd-48ba-b548-9843d23ca914", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.000709Z", "modified": "2026-06-02T15:57:35.000709Z", "name": "Malicious Extension: Infinity New Tab (Pro)", "description": "Malicious browser extension: Infinity New Tab (Pro) (nnnkddnnlpamobajfibfdgfnbcnkgngh) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=112). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nnnkddnnlpamobajfibfdgfnbcnkgngh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.000669Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nnnkddnnlpamobajfibfdgfnbcnkgngh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nnnkddnnlpamobajfibfdgfnbcnkgngh", "external_id": "nnnkddnnlpamobajfibfdgfnbcnkgngh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--96ac7f38-c7c1-467d-9ada-07ff02cfe78b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.00249Z", "modified": "2026-06-02T15:57:35.00249Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nnpdeoblieaeppbbemdbdbpajcpoogcp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nnpdeoblieaeppbbemdbdbpajcpoogcp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.002412Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nnpdeoblieaeppbbemdbdbpajcpoogcp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nnpdeoblieaeppbbemdbdbpajcpoogcp", "external_id": "nnpdeoblieaeppbbemdbdbpajcpoogcp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d82cb709-68b5-4c54-af9c-8f366796476b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.005053Z", "modified": "2026-06-02T15:57:35.005053Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (npbpfkbnfpblnahogmnjiffoimllllek) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/npbpfkbnfpblnahogmnjiffoimllllek']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.004943Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:npbpfkbnfpblnahogmnjiffoimllllek", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/npbpfkbnfpblnahogmnjiffoimllllek", "external_id": "npbpfkbnfpblnahogmnjiffoimllllek"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9c688098-cdea-4863-be53-b5e0827d0a04", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.006988Z", "modified": "2026-06-02T15:57:35.006988Z", "name": "Malicious Extension: LEEVO CRM", "description": "Malicious browser extension: LEEVO CRM (npcbkljcefmdegcjjghdfgfmnkmfjlba) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/npcbkljcefmdegcjjghdfgfmnkmfjlba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.006931Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:npcbkljcefmdegcjjghdfgfmnkmfjlba", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/npcbkljcefmdegcjjghdfgfmnkmfjlba", "external_id": "npcbkljcefmdegcjjghdfgfmnkmfjlba"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--576c6db2-1a81-415c-9c5c-50c5b601e490", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.008526Z", "modified": "2026-06-02T15:57:35.008526Z", "name": "Malicious Extension: Mais Leads CRM", "description": "Malicious browser extension: Mais Leads CRM (npeoblgjndfpphhdjlanbjalbccifpom) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/npeoblgjndfpphhdjlanbjalbccifpom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.008479Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:npeoblgjndfpphhdjlanbjalbccifpom", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/npeoblgjndfpphhdjlanbjalbccifpom", "external_id": "npeoblgjndfpphhdjlanbjalbccifpom"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f5499380-c669-49e8-b09d-91e4ed985555", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.009726Z", "modified": "2026-06-02T15:57:35.009726Z", "name": "Malicious Extension: Chatweb CRM : Transforme seu whatsapp em um sistema de vendas", "description": "Malicious browser extension: Chatweb CRM : Transforme seu whatsapp em um sistema de vendas (npfamfonpecnjjbhalhdahlokadlblbm) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/npfamfonpecnjjbhalhdahlokadlblbm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.00968Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:npfamfonpecnjjbhalhdahlokadlblbm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/npfamfonpecnjjbhalhdahlokadlblbm", "external_id": "npfamfonpecnjjbhalhdahlokadlblbm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--605ecf77-07ed-4114-ae60-9d8fcecfdfba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.010822Z", "modified": "2026-06-02T15:57:35.010822Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (npifianbfjhobabjjpfdjjihgbdnbojh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/npifianbfjhobabjjpfdjjihgbdnbojh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.010779Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:npifianbfjhobabjjpfdjjihgbdnbojh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/npifianbfjhobabjjpfdjjihgbdnbojh", "external_id": "npifianbfjhobabjjpfdjjihgbdnbojh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ceb1f847-01c3-412e-b0f3-1a22086a646d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.012001Z", "modified": "2026-06-02T15:57:35.012001Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (nplljogcholopgphioakbdjfkbkdhomg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nplljogcholopgphioakbdjfkbkdhomg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.011959Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nplljogcholopgphioakbdjfkbkdhomg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nplljogcholopgphioakbdjfkbkdhomg", "external_id": "nplljogcholopgphioakbdjfkbkdhomg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6e2f6859-648c-462f-868f-8c6f1e7c47e5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.013314Z", "modified": "2026-06-02T15:57:35.013314Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (npphdmcakmfhllhblkealgkeefamebih) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/npphdmcakmfhllhblkealgkeefamebih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.013274Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:npphdmcakmfhllhblkealgkeefamebih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/npphdmcakmfhllhblkealgkeefamebih", "external_id": "npphdmcakmfhllhblkealgkeefamebih"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8d7923a3-102b-42db-82dd-4634feb716a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.014521Z", "modified": "2026-06-02T15:57:35.014521Z", "name": "Malicious Extension: BestBuy Search By Image", "description": "Malicious browser extension: BestBuy Search By Image (nppjmiadmakeigiagilkfffplihgjlec) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nppjmiadmakeigiagilkfffplihgjlec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.014479Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nppjmiadmakeigiagilkfffplihgjlec", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nppjmiadmakeigiagilkfffplihgjlec", "external_id": "nppjmiadmakeigiagilkfffplihgjlec"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1e335de2-849a-4ba1-b612-cda2c17cfb76", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.015726Z", "modified": "2026-06-02T15:57:35.015726Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oaacndacaoelmkhfilennooagoelpjop) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oaacndacaoelmkhfilennooagoelpjop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.015686Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oaacndacaoelmkhfilennooagoelpjop", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oaacndacaoelmkhfilennooagoelpjop", "external_id": "oaacndacaoelmkhfilennooagoelpjop"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a395a8cd-5d14-4c3d-b9e8-08af4ae0bac1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.016783Z", "modified": "2026-06-02T15:57:35.016783Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oaceepljpkcbcgccnmlepeofkhplkbih) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oaceepljpkcbcgccnmlepeofkhplkbih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.016744Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oaceepljpkcbcgccnmlepeofkhplkbih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oaceepljpkcbcgccnmlepeofkhplkbih", "external_id": "oaceepljpkcbcgccnmlepeofkhplkbih"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2d0ca266-2127-47c3-bb3e-7949f8116c7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.017801Z", "modified": "2026-06-02T15:57:35.017801Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oahegmgcjlpcachkhdngcjopmflnobci) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oahegmgcjlpcachkhdngcjopmflnobci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.017763Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oahegmgcjlpcachkhdngcjopmflnobci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oahegmgcjlpcachkhdngcjopmflnobci", "external_id": "oahegmgcjlpcachkhdngcjopmflnobci"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8039e6a3-fc5a-4894-b25a-3dffb63d8024", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.018821Z", "modified": "2026-06-02T15:57:35.018821Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oaldjcdohhhibelagdhoahbedekfjjjf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oaldjcdohhhibelagdhoahbedekfjjjf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.018783Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oaldjcdohhhibelagdhoahbedekfjjjf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oaldjcdohhhibelagdhoahbedekfjjjf", "external_id": "oaldjcdohhhibelagdhoahbedekfjjjf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c5eab9f5-36f2-423a-ba3c-90812a6c4e67", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.019852Z", "modified": "2026-06-02T15:57:35.019852Z", "name": "Malicious Extension: My Hero Academia Cursor - Custom Anime Cursor for Chrome", "description": "Malicious browser extension: My Hero Academia Cursor - Custom Anime Cursor for Chrome (oalffknmmdipjphppkcnffnfefljelcm) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oalffknmmdipjphppkcnffnfefljelcm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.019814Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oalffknmmdipjphppkcnffnfefljelcm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oalffknmmdipjphppkcnffnfefljelcm", "external_id": "oalffknmmdipjphppkcnffnfefljelcm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--773e2f3b-0bae-4b4d-bf73-f225a265856f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.021034Z", "modified": "2026-06-02T15:57:35.021034Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oaljkhbgbedmfoiieocoenglpaeogjmf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oaljkhbgbedmfoiieocoenglpaeogjmf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.020996Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oaljkhbgbedmfoiieocoenglpaeogjmf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oaljkhbgbedmfoiieocoenglpaeogjmf", "external_id": "oaljkhbgbedmfoiieocoenglpaeogjmf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7de9df6c-cf60-4afc-9717-22d425ebb8fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.022026Z", "modified": "2026-06-02T15:57:35.022026Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oaomdgkkllmhepgpkfmbcfpbdocokfel) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oaomdgkkllmhepgpkfmbcfpbdocokfel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.021989Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oaomdgkkllmhepgpkfmbcfpbdocokfel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oaomdgkkllmhepgpkfmbcfpbdocokfel", "external_id": "oaomdgkkllmhepgpkfmbcfpbdocokfel"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ced2eb99-2db0-4246-95df-2ba9c0050870", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.023005Z", "modified": "2026-06-02T15:57:35.023005Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (obdobankihdfckkbfnoglefmdgmblcld) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obdobankihdfckkbfnoglefmdgmblcld']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.022968Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obdobankihdfckkbfnoglefmdgmblcld", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obdobankihdfckkbfnoglefmdgmblcld", "external_id": "obdobankihdfckkbfnoglefmdgmblcld"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--463baab1-2621-4c7a-895f-1c737fccc4f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.024009Z", "modified": "2026-06-02T15:57:35.024009Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (obedkjaaifedcfidfdjoinfaphghmbfl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obedkjaaifedcfidfdjoinfaphghmbfl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.023965Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obedkjaaifedcfidfdjoinfaphghmbfl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obedkjaaifedcfidfdjoinfaphghmbfl", "external_id": "obedkjaaifedcfidfdjoinfaphghmbfl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--09645be8-7bf5-4ff4-8998-47b59f2d5f96", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.025005Z", "modified": "2026-06-02T15:57:35.025005Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (obipeailpaepgenggdakhhickjejjbpe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obipeailpaepgenggdakhhickjejjbpe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.024964Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obipeailpaepgenggdakhhickjejjbpe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obipeailpaepgenggdakhhickjejjbpe", "external_id": "obipeailpaepgenggdakhhickjejjbpe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6a211097-07ee-4d1e-866e-81039cfc12aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.025982Z", "modified": "2026-06-02T15:57:35.025982Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (objigmfpcefimjacdbhjcokamcdiakhc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/objigmfpcefimjacdbhjcokamcdiakhc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.025945Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:objigmfpcefimjacdbhjcokamcdiakhc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/objigmfpcefimjacdbhjcokamcdiakhc", "external_id": "objigmfpcefimjacdbhjcokamcdiakhc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f6b8caba-f917-4d55-82df-51ad42cc20e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.026957Z", "modified": "2026-06-02T15:57:35.026957Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (obocpangfamkffjllmcfnieeoacoheda) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obocpangfamkffjllmcfnieeoacoheda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.02692Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obocpangfamkffjllmcfnieeoacoheda", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obocpangfamkffjllmcfnieeoacoheda", "external_id": "obocpangfamkffjllmcfnieeoacoheda"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--af4e20c3-30f8-49d7-9fb2-efdf4db2ba00", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.028108Z", "modified": "2026-06-02T15:57:35.028108Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ocopipabchoopeppmgiigphgbicocoea) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ocopipabchoopeppmgiigphgbicocoea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.028071Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ocopipabchoopeppmgiigphgbicocoea", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ocopipabchoopeppmgiigphgbicocoea", "external_id": "ocopipabchoopeppmgiigphgbicocoea"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1f9f7b36-d5be-401c-b63e-9470d5d0af78", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.029157Z", "modified": "2026-06-02T15:57:35.029157Z", "name": "Malicious Extension: Phantom Shuttle (\u5e7b\u5f71\u7a7f\u68ad) v2", "description": "Malicious browser extension: Phantom Shuttle (\u5e7b\u5f71\u7a7f\u68ad) v2 (ocpcmfmiidofonkbodpdhgddhlcmcofd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ocpcmfmiidofonkbodpdhgddhlcmcofd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-12-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ocpcmfmiidofonkbodpdhgddhlcmcofd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ocpcmfmiidofonkbodpdhgddhlcmcofd", "external_id": "ocpcmfmiidofonkbodpdhgddhlcmcofd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--37f2125e-1110-4f19-afc9-b35eec44b057", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.030143Z", "modified": "2026-06-02T15:57:35.030143Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (odccobbfnngplckpongkahajfjpnbcck) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/odccobbfnngplckpongkahajfjpnbcck']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.030106Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:odccobbfnngplckpongkahajfjpnbcck", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/odccobbfnngplckpongkahajfjpnbcck", "external_id": "odccobbfnngplckpongkahajfjpnbcck"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6a854c92-3a2a-4436-ab0e-3b9c86cb8ac6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.031142Z", "modified": "2026-06-02T15:57:35.031142Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (odhmhkkhpibfjijmpgcdjondompgocog) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/odhmhkkhpibfjijmpgcdjondompgocog']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.031096Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:odhmhkkhpibfjijmpgcdjondompgocog", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/odhmhkkhpibfjijmpgcdjondompgocog", "external_id": "odhmhkkhpibfjijmpgcdjondompgocog"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6ba4e57d-ee14-49f5-b2c7-256d7fd73d0c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.032141Z", "modified": "2026-06-02T15:57:35.032141Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (odljclganfccoonaccngnmpfepnjbanm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/odljclganfccoonaccngnmpfepnjbanm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.032103Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:odljclganfccoonaccngnmpfepnjbanm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/odljclganfccoonaccngnmpfepnjbanm", "external_id": "odljclganfccoonaccngnmpfepnjbanm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2224a201-2c07-40f4-98c2-39241b0fc1f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.033117Z", "modified": "2026-06-02T15:57:35.033117Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (odmmidbmgkkbabilcljmljbeopneabkn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/odmmidbmgkkbabilcljmljbeopneabkn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.033081Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:odmmidbmgkkbabilcljmljbeopneabkn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/odmmidbmgkkbabilcljmljbeopneabkn", "external_id": "odmmidbmgkkbabilcljmljbeopneabkn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0e9d9df2-1f16-43dd-9913-50a397af8d2d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.0341Z", "modified": "2026-06-02T15:57:35.0341Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oedechpcnjolalnpghbibmadgfjgaopm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oedechpcnjolalnpghbibmadgfjgaopm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.034058Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oedechpcnjolalnpghbibmadgfjgaopm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oedechpcnjolalnpghbibmadgfjgaopm", "external_id": "oedechpcnjolalnpghbibmadgfjgaopm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--537c9bf9-3b38-4493-953d-268a26b9f7a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.036094Z", "modified": "2026-06-02T15:57:35.036094Z", "name": "Malicious Extension: Convert PDF to JPG", "description": "Malicious browser extension: Convert PDF to JPG (oeefjlikahigmlnplgijgeeecbpemhip) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oeefjlikahigmlnplgijgeeecbpemhip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.036054Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oeefjlikahigmlnplgijgeeecbpemhip", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oeefjlikahigmlnplgijgeeecbpemhip", "external_id": "oeefjlikahigmlnplgijgeeecbpemhip"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6447a0c2-0837-480f-91e2-868b53f023c3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.037146Z", "modified": "2026-06-02T15:57:35.037146Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oefgcfheipblokelgbnnldoolmikeljd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oefgcfheipblokelgbnnldoolmikeljd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.037108Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oefgcfheipblokelgbnnldoolmikeljd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oefgcfheipblokelgbnnldoolmikeljd", "external_id": "oefgcfheipblokelgbnnldoolmikeljd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--016d6650-94dd-4993-99f0-3e07b6c7747b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.03816Z", "modified": "2026-06-02T15:57:35.03816Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oelcnhfgpdjeocflhhfecinnpjojeokp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oelcnhfgpdjeocflhhfecinnpjojeokp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.038123Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oelcnhfgpdjeocflhhfecinnpjojeokp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oelcnhfgpdjeocflhhfecinnpjojeokp", "external_id": "oelcnhfgpdjeocflhhfecinnpjojeokp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5f0bbaaf-c796-402e-a90c-3a2b571f82b7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.039158Z", "modified": "2026-06-02T15:57:35.039158Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ofdokdgfcbebbeloigjpiafhodlfphjj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofdokdgfcbebbeloigjpiafhodlfphjj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.039119Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ofdokdgfcbebbeloigjpiafhodlfphjj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofdokdgfcbebbeloigjpiafhodlfphjj", "external_id": "ofdokdgfcbebbeloigjpiafhodlfphjj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--110f46ae-b792-4895-8007-e28adb8bd52d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.040152Z", "modified": "2026-06-02T15:57:35.040152Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ofegeeihedplimffkkolffmpcafjngog) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofegeeihedplimffkkolffmpcafjngog']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.040115Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ofegeeihedplimffkkolffmpcafjngog", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofegeeihedplimffkkolffmpcafjngog", "external_id": "ofegeeihedplimffkkolffmpcafjngog"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d36e14dc-afdf-4f55-9833-8d8505c1a8fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.041134Z", "modified": "2026-06-02T15:57:35.041134Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ofgghdophhoggnlkgiigooldjblbmkid) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofgghdophhoggnlkgiigooldjblbmkid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.041097Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ofgghdophhoggnlkgiigooldjblbmkid", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofgghdophhoggnlkgiigooldjblbmkid", "external_id": "ofgghdophhoggnlkgiigooldjblbmkid"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--526ab91a-b256-4caa-946a-3df36098a22f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.042122Z", "modified": "2026-06-02T15:57:35.042122Z", "name": "Malicious Extension: Hollow Knight Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Hollow Knight Cursor \u2605 Custom Cursor for Chrome\u2122 (ofjldebeoclakifeeoidicojpinkllmc) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofjldebeoclakifeeoidicojpinkllmc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.042085Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ofjldebeoclakifeeoidicojpinkllmc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofjldebeoclakifeeoidicojpinkllmc", "external_id": "ofjldebeoclakifeeoidicojpinkllmc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5c799829-12af-47bf-8d98-053501250f22", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.043269Z", "modified": "2026-06-02T15:57:35.043269Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ofjmbjjbkgdkidhfgjpimepabldligbi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ofjmbjjbkgdkidhfgjpimepabldligbi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.043231Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ofjmbjjbkgdkidhfgjpimepabldligbi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ofjmbjjbkgdkidhfgjpimepabldligbi", "external_id": "ofjmbjjbkgdkidhfgjpimepabldligbi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--65bbce73-0afa-4dab-993b-49d8a5842801", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.044281Z", "modified": "2026-06-02T15:57:35.044281Z", "name": "Malicious Extension: Tiktok Order Sync by HubFulFill", "description": "Malicious browser extension: Tiktok Order Sync by HubFulFill (ogghnognjclkbpaeoophcgapbgmgdiok) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ogghnognjclkbpaeoophcgapbgmgdiok']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.044244Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ogghnognjclkbpaeoophcgapbgmgdiok", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ogghnognjclkbpaeoophcgapbgmgdiok", "external_id": "ogghnognjclkbpaeoophcgapbgmgdiok"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--13d44d90-e4bf-4678-b3f4-549439be778a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.045268Z", "modified": "2026-06-02T15:57:35.045268Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oghbffaoaooigagpockijkpfpgmnibkh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oghbffaoaooigagpockijkpfpgmnibkh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.045231Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oghbffaoaooigagpockijkpfpgmnibkh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oghbffaoaooigagpockijkpfpgmnibkh", "external_id": "oghbffaoaooigagpockijkpfpgmnibkh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4fc13c81-1dbd-42f6-b981-53754913508e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.046248Z", "modified": "2026-06-02T15:57:35.046248Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oghgaghnofhhoolfneepjneedejcpiic) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oghgaghnofhhoolfneepjneedejcpiic']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.04621Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oghgaghnofhhoolfneepjneedejcpiic", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oghgaghnofhhoolfneepjneedejcpiic", "external_id": "oghgaghnofhhoolfneepjneedejcpiic"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--38a95f35-83ce-40b1-9275-8e7201ea2b21", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.047282Z", "modified": "2026-06-02T15:57:35.047282Z", "name": "Malicious Extension: MARKETING DE FITNESS", "description": "Malicious browser extension: MARKETING DE FITNESS (oghollmlfgpfdlailojlcpbbmjoeabhe) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oghollmlfgpfdlailojlcpbbmjoeabhe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.047243Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:oghollmlfgpfdlailojlcpbbmjoeabhe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oghollmlfgpfdlailojlcpbbmjoeabhe", "external_id": "oghollmlfgpfdlailojlcpbbmjoeabhe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d98bf4d2-44ed-4b09-a2f2-825d92619f1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.048267Z", "modified": "2026-06-02T15:57:35.048267Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ohalkmdcakplbfpelgmnegcbdkfigolo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ohalkmdcakplbfpelgmnegcbdkfigolo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.04823Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ohalkmdcakplbfpelgmnegcbdkfigolo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ohalkmdcakplbfpelgmnegcbdkfigolo", "external_id": "ohalkmdcakplbfpelgmnegcbdkfigolo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6191d30d-6427-4bbb-a33a-3841455a5b18", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.049243Z", "modified": "2026-06-02T15:57:35.049243Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ohhhngpnknpdhmdmpmoccgjmmkkleipn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ohhhngpnknpdhmdmpmoccgjmmkkleipn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.049206Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ohhhngpnknpdhmdmpmoccgjmmkkleipn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ohhhngpnknpdhmdmpmoccgjmmkkleipn", "external_id": "ohhhngpnknpdhmdmpmoccgjmmkkleipn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--66db73ec-be2b-4c6c-8f8d-4f9f0ce19555", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.050383Z", "modified": "2026-06-02T15:57:35.050383Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oickdmhdjcdgdfcejbnhonlihonkhfkl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oickdmhdjcdgdfcejbnhonlihonkhfkl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.050345Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oickdmhdjcdgdfcejbnhonlihonkhfkl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oickdmhdjcdgdfcejbnhonlihonkhfkl", "external_id": "oickdmhdjcdgdfcejbnhonlihonkhfkl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f09370ff-9633-441c-a61a-c87c4bad2cfe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.051395Z", "modified": "2026-06-02T15:57:35.051395Z", "name": "Malicious Extension: Spy x Family Cursor - Custom Anime Cursor for Chrome", "description": "Malicious browser extension: Spy x Family Cursor - Custom Anime Cursor for Chrome (oiogpbnonmepejhhmhgnmmpofkknomcf) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oiogpbnonmepejhhmhgnmmpofkknomcf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.051358Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oiogpbnonmepejhhmhgnmmpofkknomcf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oiogpbnonmepejhhmhgnmmpofkknomcf", "external_id": "oiogpbnonmepejhhmhgnmmpofkknomcf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a2072dca-181c-4452-996b-6ddfb2f13901", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.05239Z", "modified": "2026-06-02T15:57:35.05239Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ojdagjoeaaooofmeofppefbnebclnmkh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojdagjoeaaooofmeofppefbnebclnmkh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.052353Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ojdagjoeaaooofmeofppefbnebclnmkh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojdagjoeaaooofmeofppefbnebclnmkh", "external_id": "ojdagjoeaaooofmeofppefbnebclnmkh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--50e98b2a-99ea-4a19-8d20-aa0f0b6652df", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.05339Z", "modified": "2026-06-02T15:57:35.05339Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ojlhcbolfcndnojcjhhjgmdblnojgefm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojlhcbolfcndnojcjhhjgmdblnojgefm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.053353Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ojlhcbolfcndnojcjhhjgmdblnojgefm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojlhcbolfcndnojcjhhjgmdblnojgefm", "external_id": "ojlhcbolfcndnojcjhhjgmdblnojgefm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0f229c35-5be1-4f71-ab1b-27ff4de69d0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.054368Z", "modified": "2026-06-02T15:57:35.054368Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ojmaccnnagaiokckbcpdldhnifkibcah) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojmaccnnagaiokckbcpdldhnifkibcah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.054331Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ojmaccnnagaiokckbcpdldhnifkibcah", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojmaccnnagaiokckbcpdldhnifkibcah", "external_id": "ojmaccnnagaiokckbcpdldhnifkibcah"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a577acdd-8a6b-4757-ac29-4b52fc371163", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.055376Z", "modified": "2026-06-02T15:57:35.055376Z", "name": "Malicious Extension: Super Mario Bros Classic", "description": "Malicious browser extension: Super Mario Bros Classic (ojnagfkemdilpdkjehfajjmcnaefhjhn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojnagfkemdilpdkjehfajjmcnaefhjhn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.055338Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ojnagfkemdilpdkjehfajjmcnaefhjhn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojnagfkemdilpdkjehfajjmcnaefhjhn", "external_id": "ojnagfkemdilpdkjehfajjmcnaefhjhn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--34e0b8f7-3d62-426e-a53f-d29ee5b88d1d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.056394Z", "modified": "2026-06-02T15:57:35.056394Z", "name": "Malicious Extension: ZAPGYN", "description": "Malicious browser extension: ZAPGYN (ojpoinccmndjnfhhkgcbjmkfahfmppee) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojpoinccmndjnfhhkgcbjmkfahfmppee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.056356Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:ojpoinccmndjnfhhkgcbjmkfahfmppee", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojpoinccmndjnfhhkgcbjmkfahfmppee", "external_id": "ojpoinccmndjnfhhkgcbjmkfahfmppee"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cc7d1c8c-591b-4908-a593-6d8c08b33c76", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.057554Z", "modified": "2026-06-02T15:57:35.057554Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (okanoajihjohgmbifnkiebaobfkgenfa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okanoajihjohgmbifnkiebaobfkgenfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.057517Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:okanoajihjohgmbifnkiebaobfkgenfa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okanoajihjohgmbifnkiebaobfkgenfa", "external_id": "okanoajihjohgmbifnkiebaobfkgenfa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--76c188f8-02dd-459b-8db9-84d0cf1de809", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.058548Z", "modified": "2026-06-02T15:57:35.058548Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (okckcmcehmodfocipicdmllmideoobjf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okckcmcehmodfocipicdmllmideoobjf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.058511Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:okckcmcehmodfocipicdmllmideoobjf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okckcmcehmodfocipicdmllmideoobjf", "external_id": "okckcmcehmodfocipicdmllmideoobjf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e71238ca-bacb-4320-90d0-0a22c32379b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.059585Z", "modified": "2026-06-02T15:57:35.059585Z", "name": "Malicious Extension: nbnhhsh - \u80fd\u4e0d\u80fd\u597d\u597d\u8bf4\u8bdd", "description": "Malicious browser extension: nbnhhsh - \u80fd\u4e0d\u80fd\u597d\u597d\u8bf4\u8bdd (okepehobneenpbhiendcjcanjodhmcbj) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=52). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okepehobneenpbhiendcjcanjodhmcbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.059546Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:okepehobneenpbhiendcjcanjodhmcbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okepehobneenpbhiendcjcanjodhmcbj", "external_id": "okepehobneenpbhiendcjcanjodhmcbj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a1fcbdec-7512-4020-bbac-db7d86c1cf20", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.060593Z", "modified": "2026-06-02T15:57:35.060593Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (okggiiagcegdfiajlkodohfkeemnjlnd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okggiiagcegdfiajlkodohfkeemnjlnd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.060555Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:okggiiagcegdfiajlkodohfkeemnjlnd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okggiiagcegdfiajlkodohfkeemnjlnd", "external_id": "okggiiagcegdfiajlkodohfkeemnjlnd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0e530950-8442-4bda-bdd2-2d86684177c9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.061595Z", "modified": "2026-06-02T15:57:35.061595Z", "name": "Malicious Extension: Feel Up", "description": "Malicious browser extension: Feel Up (okhjgjpafhnjbndkojddaicngefobnjn) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okhjgjpafhnjbndkojddaicngefobnjn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.061558Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:okhjgjpafhnjbndkojddaicngefobnjn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okhjgjpafhnjbndkojddaicngefobnjn", "external_id": "okhjgjpafhnjbndkojddaicngefobnjn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--97d8bed2-735f-4eed-a8e9-ab26b122a12d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.0626Z", "modified": "2026-06-02T15:57:35.0626Z", "name": "Malicious Extension: Ninja Ads", "description": "Malicious browser extension: Ninja Ads (okiccdcmkdhldgbclikganfldepocmmd) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okiccdcmkdhldgbclikganfldepocmmd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.062561Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:okiccdcmkdhldgbclikganfldepocmmd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okiccdcmkdhldgbclikganfldepocmmd", "external_id": "okiccdcmkdhldgbclikganfldepocmmd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--953f0ad5-8e0a-4877-b026-44cf242c8af4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.063602Z", "modified": "2026-06-02T15:57:35.063602Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (okjdbeegldeilceaflghgfdemobmfhbd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okjdbeegldeilceaflghgfdemobmfhbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.063565Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:okjdbeegldeilceaflghgfdemobmfhbd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okjdbeegldeilceaflghgfdemobmfhbd", "external_id": "okjdbeegldeilceaflghgfdemobmfhbd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f6dbe19e-9197-41eb-9db7-520bf3f0c3f8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.064759Z", "modified": "2026-06-02T15:57:35.064759Z", "name": "Malicious Extension: IronZap", "description": "Malicious browser extension: IronZap (okmklmkaficfbcebbggmjmphhipflhme) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okmklmkaficfbcebbggmjmphhipflhme']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.064721Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:okmklmkaficfbcebbggmjmphhipflhme", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okmklmkaficfbcebbggmjmphhipflhme", "external_id": "okmklmkaficfbcebbggmjmphhipflhme"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0f204461-9606-40ea-a903-6caa62e6ce1b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.065754Z", "modified": "2026-06-02T15:57:35.065754Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oldhjammhkghhahhhdcifmmlefibciph) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oldhjammhkghhahhhdcifmmlefibciph']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.065716Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oldhjammhkghhahhhdcifmmlefibciph", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oldhjammhkghhahhhdcifmmlefibciph", "external_id": "oldhjammhkghhahhhdcifmmlefibciph"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d5820fea-50e9-40f6-a0eb-538f131534da", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.066753Z", "modified": "2026-06-02T15:57:35.066753Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oldmglociedkafaafcaoojlmojbfmdpi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oldmglociedkafaafcaoojlmojbfmdpi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.066715Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oldmglociedkafaafcaoojlmojbfmdpi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oldmglociedkafaafcaoojlmojbfmdpi", "external_id": "oldmglociedkafaafcaoojlmojbfmdpi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--95b43434-2586-429d-808b-b7c5af98d9f8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.067759Z", "modified": "2026-06-02T15:57:35.067759Z", "name": "Malicious Extension: Link shortener", "description": "Malicious browser extension: Link shortener (oliiideaalkijolilhhaibhbjfhbdcnm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oliiideaalkijolilhhaibhbjfhbdcnm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.067721Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oliiideaalkijolilhhaibhbjfhbdcnm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oliiideaalkijolilhhaibhbjfhbdcnm", "external_id": "oliiideaalkijolilhhaibhbjfhbdcnm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--600070c2-6d5e-48bd-a664-8e2aaaa4d5b9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.068752Z", "modified": "2026-06-02T15:57:35.068752Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (olikhkphnfenjcgliidepgflkfdmondi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/olikhkphnfenjcgliidepgflkfdmondi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.068715Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:olikhkphnfenjcgliidepgflkfdmondi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/olikhkphnfenjcgliidepgflkfdmondi", "external_id": "olikhkphnfenjcgliidepgflkfdmondi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3cc889a0-9d2a-42c3-a894-366f4b01a03a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.069738Z", "modified": "2026-06-02T15:57:35.069738Z", "name": "Malicious Extension: WA BOOSTER", "description": "Malicious browser extension: WA BOOSTER (olmbfmmlpodikepicechoekmiiejpmel) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/olmbfmmlpodikepicechoekmiiejpmel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.069701Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:olmbfmmlpodikepicechoekmiiejpmel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/olmbfmmlpodikepicechoekmiiejpmel", "external_id": "olmbfmmlpodikepicechoekmiiejpmel"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b1618aaa-fee6-480d-9c99-d88bd23c0654", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.070729Z", "modified": "2026-06-02T15:57:35.070729Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (olnppmocapoaecjhkiilemmnkjbmabfj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/olnppmocapoaecjhkiilemmnkjbmabfj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.070687Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:olnppmocapoaecjhkiilemmnkjbmabfj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/olnppmocapoaecjhkiilemmnkjbmabfj", "external_id": "olnppmocapoaecjhkiilemmnkjbmabfj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1c95c695-c8b6-492d-bc56-67f815946455", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.071895Z", "modified": "2026-06-02T15:57:35.071895Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (omcehnglicpgnjnbiokejdacacnghojj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/omcehnglicpgnjnbiokejdacacnghojj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.071854Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:omcehnglicpgnjnbiokejdacacnghojj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/omcehnglicpgnjnbiokejdacacnghojj", "external_id": "omcehnglicpgnjnbiokejdacacnghojj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7e84f21f-7bd8-4b3a-8261-65f536bf5167", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.072891Z", "modified": "2026-06-02T15:57:35.072891Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (omieocempinhilcpbmnfdaamgomapded) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/omieocempinhilcpbmnfdaamgomapded']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.072854Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:omieocempinhilcpbmnfdaamgomapded", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/omieocempinhilcpbmnfdaamgomapded", "external_id": "omieocempinhilcpbmnfdaamgomapded"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fae84f4e-272a-4af7-968a-26c04b262af1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.073876Z", "modified": "2026-06-02T15:57:35.073876Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (omkjakddaeljdfgekdjebbbiboljnalk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/omkjakddaeljdfgekdjebbbiboljnalk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.073838Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:omkjakddaeljdfgekdjebbbiboljnalk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/omkjakddaeljdfgekdjebbbiboljnalk", "external_id": "omkjakddaeljdfgekdjebbbiboljnalk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a1f73ca6-f4d7-4dc8-b356-d4222c53fc39", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.074871Z", "modified": "2026-06-02T15:57:35.074871Z", "name": "Malicious Extension: Five Nights at Freddy's Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Five Nights at Freddy's Cursor \u2605 Custom Cursor for Chrome\u2122 (ondkeebbobdggpgmdnimdcnopmckcabp) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ondkeebbobdggpgmdnimdcnopmckcabp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.074833Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ondkeebbobdggpgmdnimdcnopmckcabp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ondkeebbobdggpgmdnimdcnopmckcabp", "external_id": "ondkeebbobdggpgmdnimdcnopmckcabp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b5b26951-6aa1-4865-b575-3c2e2183a743", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.075869Z", "modified": "2026-06-02T15:57:35.075869Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ongnnmpfdodpfjapmfecfibjighhhnek) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ongnnmpfdodpfjapmfecfibjighhhnek']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.075832Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ongnnmpfdodpfjapmfecfibjighhhnek", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ongnnmpfdodpfjapmfecfibjighhhnek", "external_id": "ongnnmpfdodpfjapmfecfibjighhhnek"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dd22ed87-3857-46a4-aa10-a4bb6a646389", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.076854Z", "modified": "2026-06-02T15:57:35.076854Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (onkldlhmegehhokchomfegpebhekaeia) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/onkldlhmegehhokchomfegpebhekaeia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.076816Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:onkldlhmegehhokchomfegpebhekaeia", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/onkldlhmegehhokchomfegpebhekaeia", "external_id": "onkldlhmegehhokchomfegpebhekaeia"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--716f1398-db78-44a1-9e59-99ce177a8f4c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.077833Z", "modified": "2026-06-02T15:57:35.077833Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (onkmeilaaocjinfdpkdlpmfhjekaahed) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/onkmeilaaocjinfdpkdlpmfhjekaahed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.07779Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:onkmeilaaocjinfdpkdlpmfhjekaahed", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/onkmeilaaocjinfdpkdlpmfhjekaahed", "external_id": "onkmeilaaocjinfdpkdlpmfhjekaahed"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--02525f38-7721-4717-860d-3dd3f64b2c33", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.078964Z", "modified": "2026-06-02T15:57:35.078964Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (onlofoccaenllpjmalbnilfacjmcfhfk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/onlofoccaenllpjmalbnilfacjmcfhfk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.078927Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:onlofoccaenllpjmalbnilfacjmcfhfk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/onlofoccaenllpjmalbnilfacjmcfhfk", "external_id": "onlofoccaenllpjmalbnilfacjmcfhfk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--559ffe85-0815-43c4-b37d-01525b808d60", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.079977Z", "modified": "2026-06-02T15:57:35.079977Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (onobgadjpjdkmghdbigpafcndbndjemj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/onobgadjpjdkmghdbigpafcndbndjemj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.079939Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:onobgadjpjdkmghdbigpafcndbndjemj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/onobgadjpjdkmghdbigpafcndbndjemj", "external_id": "onobgadjpjdkmghdbigpafcndbndjemj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--11307692-aebd-4440-a780-06b300bf9ad2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.080975Z", "modified": "2026-06-02T15:57:35.080975Z", "name": "Malicious Extension: Hunter x Hunter Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Hunter x Hunter Cursor \u2605 Custom Cursor for Chrome\u2122 (oodhphlpepgoccemjgpedagbpfelcpdl) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oodhphlpepgoccemjgpedagbpfelcpdl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.080937Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oodhphlpepgoccemjgpedagbpfelcpdl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oodhphlpepgoccemjgpedagbpfelcpdl", "external_id": "oodhphlpepgoccemjgpedagbpfelcpdl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ff3b3a0e-e475-4802-92a6-5d8a703e4125", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.081957Z", "modified": "2026-06-02T15:57:35.081957Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oogagmfhffbokmlpehpiokadejplchmi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oogagmfhffbokmlpehpiokadejplchmi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.08192Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oogagmfhffbokmlpehpiokadejplchmi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oogagmfhffbokmlpehpiokadejplchmi", "external_id": "oogagmfhffbokmlpehpiokadejplchmi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ca019813-dfdf-4207-9ad6-2d09ca1ec309", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.082935Z", "modified": "2026-06-02T15:57:35.082935Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oolflnoogpfppiginbmhkghcelpkbllf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oolflnoogpfppiginbmhkghcelpkbllf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.082898Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oolflnoogpfppiginbmhkghcelpkbllf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oolflnoogpfppiginbmhkghcelpkbllf", "external_id": "oolflnoogpfppiginbmhkghcelpkbllf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1afb0029-0073-45f2-b7ec-2fb9a03fd8ea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.083931Z", "modified": "2026-06-02T15:57:35.083931Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ooobfpifjkgeopllkalfgkbiefhooggl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ooobfpifjkgeopllkalfgkbiefhooggl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.083894Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ooobfpifjkgeopllkalfgkbiefhooggl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ooobfpifjkgeopllkalfgkbiefhooggl", "external_id": "ooobfpifjkgeopllkalfgkbiefhooggl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1382ddea-7c8b-433d-9864-596b60b33833", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.084917Z", "modified": "2026-06-02T15:57:35.084917Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (opakkgodhhongnhbdkgjgdlcbknacpaa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opakkgodhhongnhbdkgjgdlcbknacpaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.084879Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opakkgodhhongnhbdkgjgdlcbknacpaa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opakkgodhhongnhbdkgjgdlcbknacpaa", "external_id": "opakkgodhhongnhbdkgjgdlcbknacpaa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--15fa3ce9-f146-4506-9dc2-180a4f064b56", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.086056Z", "modified": "2026-06-02T15:57:35.086056Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (opcjjggkhndcdpedheeilommknkephik) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opcjjggkhndcdpedheeilommknkephik']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.086019Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opcjjggkhndcdpedheeilommknkephik", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opcjjggkhndcdpedheeilommknkephik", "external_id": "opcjjggkhndcdpedheeilommknkephik"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a980180d-ad2d-4ea7-8e3f-96b803c66739", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.087061Z", "modified": "2026-06-02T15:57:35.087061Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (opfppjjpcgojicomghpdjanjpeobaajo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opfppjjpcgojicomghpdjanjpeobaajo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.087023Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opfppjjpcgojicomghpdjanjpeobaajo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opfppjjpcgojicomghpdjanjpeobaajo", "external_id": "opfppjjpcgojicomghpdjanjpeobaajo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--be4c9851-81ad-4649-8a1d-c3b12ea2ca9e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.088096Z", "modified": "2026-06-02T15:57:35.088096Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (opkbjlbkejhjmnchhlllccoglphmimdc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opkbjlbkejhjmnchhlllccoglphmimdc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.088059Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opkbjlbkejhjmnchhlllccoglphmimdc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opkbjlbkejhjmnchhlllccoglphmimdc", "external_id": "opkbjlbkejhjmnchhlllccoglphmimdc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ea32111f-58ae-473e-a936-dba6b37bf9c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.089089Z", "modified": "2026-06-02T15:57:35.089089Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (opmnheodgmjdcpiciifndlaikfecdmja) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opmnheodgmjdcpiciifndlaikfecdmja']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.089051Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opmnheodgmjdcpiciifndlaikfecdmja", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opmnheodgmjdcpiciifndlaikfecdmja", "external_id": "opmnheodgmjdcpiciifndlaikfecdmja"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d5d8b873-1518-4281-9232-feee5233a799", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.090071Z", "modified": "2026-06-02T15:57:35.090071Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (opncjjhgbllenobgbfjbblhghmdpmpbj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opncjjhgbllenobgbfjbblhghmdpmpbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.090034Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opncjjhgbllenobgbfjbblhghmdpmpbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opncjjhgbllenobgbfjbblhghmdpmpbj", "external_id": "opncjjhgbllenobgbfjbblhghmdpmpbj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--81e6deaf-22db-4eb6-936d-26e1a99d496e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.091054Z", "modified": "2026-06-02T15:57:35.091054Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (oppeaknhldjjnfnflbcedipjbnbimhhf) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oppeaknhldjjnfnflbcedipjbnbimhhf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.091016Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oppeaknhldjjnfnflbcedipjbnbimhhf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oppeaknhldjjnfnflbcedipjbnbimhhf", "external_id": "oppeaknhldjjnfnflbcedipjbnbimhhf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5563d4b1-3a3c-4788-a8ee-9e93cd151d45", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.092066Z", "modified": "2026-06-02T15:57:35.092066Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pabcjffaondlohboccfkekfjogcgceon) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pabcjffaondlohboccfkekfjogcgceon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.092028Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pabcjffaondlohboccfkekfjogcgceon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pabcjffaondlohboccfkekfjogcgceon", "external_id": "pabcjffaondlohboccfkekfjogcgceon"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7316f8a8-9d3c-408d-8dfb-ba438ceddb07", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.093212Z", "modified": "2026-06-02T15:57:35.093212Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pabkjoplheapcclldpknfpcepheldbga) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pabkjoplheapcclldpknfpcepheldbga']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.093174Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pabkjoplheapcclldpknfpcepheldbga", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pabkjoplheapcclldpknfpcepheldbga", "external_id": "pabkjoplheapcclldpknfpcepheldbga"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--50a6542a-5a11-4f10-a01b-3cdc71c3a8db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.094202Z", "modified": "2026-06-02T15:57:35.094202Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (paccmmciglpogbjdjkcnndndamcannih) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/paccmmciglpogbjdjkcnndndamcannih']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.094165Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:paccmmciglpogbjdjkcnndndamcannih", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/paccmmciglpogbjdjkcnndndamcannih", "external_id": "paccmmciglpogbjdjkcnndndamcannih"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f26fc0ec-a64e-4f83-acad-2119cde9cd5b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.095198Z", "modified": "2026-06-02T15:57:35.095198Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (paghkadkhiladedijgodgghaajppmpcg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/paghkadkhiladedijgodgghaajppmpcg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.095159Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:paghkadkhiladedijgodgghaajppmpcg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/paghkadkhiladedijgodgghaajppmpcg", "external_id": "paghkadkhiladedijgodgghaajppmpcg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--81871b01-4e01-4236-a3bd-c6caad2f8706", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.096188Z", "modified": "2026-06-02T15:57:35.096188Z", "name": "Malicious Extension: Capybara Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Capybara Cursor \u2605 Custom Cursor for Chrome\u2122 (pahlnbfkogncdbkaeaamcmpmhjecicmh) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pahlnbfkogncdbkaeaamcmpmhjecicmh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.09615Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pahlnbfkogncdbkaeaamcmpmhjecicmh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pahlnbfkogncdbkaeaamcmpmhjecicmh", "external_id": "pahlnbfkogncdbkaeaamcmpmhjecicmh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cc631bed-95ed-4f36-9303-807f8af9a1dc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.09718Z", "modified": "2026-06-02T15:57:35.09718Z", "name": "Malicious Extension: Cyberhaven security extension", "description": "Malicious browser extension: Cyberhaven security extension (pajkjnmeojmbapicmbpliphjmcekeaac) Stage 5A static analysis confirmed malicious behavior (risk_level=malicious, score=152). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pajkjnmeojmbapicmbpliphjmcekeaac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.097142Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pajkjnmeojmbapicmbpliphjmcekeaac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pajkjnmeojmbapicmbpliphjmcekeaac", "external_id": "pajkjnmeojmbapicmbpliphjmcekeaac"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bc465e0f-96c5-42ac-a504-a8c7b8ef181b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.098167Z", "modified": "2026-06-02T15:57:35.098167Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (paoipkmmfnnifebffghdaefpehhiaamn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/paoipkmmfnnifebffghdaefpehhiaamn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.098128Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:paoipkmmfnnifebffghdaefpehhiaamn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/paoipkmmfnnifebffghdaefpehhiaamn", "external_id": "paoipkmmfnnifebffghdaefpehhiaamn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d03368f5-0cc0-47e5-b85e-6915d88f903b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.099186Z", "modified": "2026-06-02T15:57:35.099186Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (papedehkgfhnagdiempdbhlgcnioofnd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/papedehkgfhnagdiempdbhlgcnioofnd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.099147Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:papedehkgfhnagdiempdbhlgcnioofnd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/papedehkgfhnagdiempdbhlgcnioofnd", "external_id": "papedehkgfhnagdiempdbhlgcnioofnd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--90975f84-aa80-4bf6-ae5a-90419426e9e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.100332Z", "modified": "2026-06-02T15:57:35.100332Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pbaejapbddilgckealiiohfgoncbdhbb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pbaejapbddilgckealiiohfgoncbdhbb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.100294Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pbaejapbddilgckealiiohfgoncbdhbb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pbaejapbddilgckealiiohfgoncbdhbb", "external_id": "pbaejapbddilgckealiiohfgoncbdhbb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7d689cb4-2f38-4acd-a128-372f09cf97c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.101326Z", "modified": "2026-06-02T15:57:35.101326Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pbdgglfabhmhpbfgakckfhdbhjiedmnm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pbdgglfabhmhpbfgakckfhdbhjiedmnm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.101289Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pbdgglfabhmhpbfgakckfhdbhjiedmnm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pbdgglfabhmhpbfgakckfhdbhjiedmnm", "external_id": "pbdgglfabhmhpbfgakckfhdbhjiedmnm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f5296590-02a2-42aa-b440-4e9912c7175e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.102307Z", "modified": "2026-06-02T15:57:35.102307Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pbgdglpocmnkoaljjehdlgnbgkilnfmh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pbgdglpocmnkoaljjehdlgnbgkilnfmh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.10227Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pbgdglpocmnkoaljjehdlgnbgkilnfmh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pbgdglpocmnkoaljjehdlgnbgkilnfmh", "external_id": "pbgdglpocmnkoaljjehdlgnbgkilnfmh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8c53b85d-c74e-4195-ab70-23150aba3b71", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.103296Z", "modified": "2026-06-02T15:57:35.103296Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pbkadhbnkinljhoilhicdhnehacpfebc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pbkadhbnkinljhoilhicdhnehacpfebc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.103259Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pbkadhbnkinljhoilhicdhnehacpfebc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pbkadhbnkinljhoilhicdhnehacpfebc", "external_id": "pbkadhbnkinljhoilhicdhnehacpfebc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--471df396-48f6-4684-9c8e-007598eaa038", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.104277Z", "modified": "2026-06-02T15:57:35.104277Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pbplelndplalkhebhegbmpgkdodknnae) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pbplelndplalkhebhegbmpgkdodknnae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.104239Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pbplelndplalkhebhegbmpgkdodknnae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pbplelndplalkhebhegbmpgkdodknnae", "external_id": "pbplelndplalkhebhegbmpgkdodknnae"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--240d49c0-bb01-472f-9e7c-abef628778f9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.105285Z", "modified": "2026-06-02T15:57:35.105285Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pbpobpjppnecgcinajfpaninmjkdbidm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pbpobpjppnecgcinajfpaninmjkdbidm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.105247Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pbpobpjppnecgcinajfpaninmjkdbidm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pbpobpjppnecgcinajfpaninmjkdbidm", "external_id": "pbpobpjppnecgcinajfpaninmjkdbidm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--16abc5cc-8772-403d-8b69-c89eba63abaf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.10627Z", "modified": "2026-06-02T15:57:35.10627Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pcdgkgbadeggbnodegejccjffnoakcoh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pcdgkgbadeggbnodegejccjffnoakcoh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.106233Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pcdgkgbadeggbnodegejccjffnoakcoh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pcdgkgbadeggbnodegejccjffnoakcoh", "external_id": "pcdgkgbadeggbnodegejccjffnoakcoh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3f967f22-ff86-4653-a68c-024f1850da34", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.107424Z", "modified": "2026-06-02T15:57:35.107424Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pcipiedhfiojjdbooghpmjanbpigcojb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pcipiedhfiojjdbooghpmjanbpigcojb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.107385Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pcipiedhfiojjdbooghpmjanbpigcojb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pcipiedhfiojjdbooghpmjanbpigcojb", "external_id": "pcipiedhfiojjdbooghpmjanbpigcojb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0c55038d-db72-4c6d-b16b-6ccfe1552a9d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.108436Z", "modified": "2026-06-02T15:57:35.108436Z", "name": "Malicious Extension: WATHOR", "description": "Malicious browser extension: WATHOR (pcjidgpofjkoaelajgfdecebigjiojcn) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pcjidgpofjkoaelajgfdecebigjiojcn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.108398Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pcjidgpofjkoaelajgfdecebigjiojcn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pcjidgpofjkoaelajgfdecebigjiojcn", "external_id": "pcjidgpofjkoaelajgfdecebigjiojcn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--42a86b2e-90b9-4362-a5f7-fbe58a0bb713", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.109423Z", "modified": "2026-06-02T15:57:35.109423Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pcjlckhhhmlefmobnnoolakplfppdchi) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pcjlckhhhmlefmobnnoolakplfppdchi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.109386Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pcjlckhhhmlefmobnnoolakplfppdchi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pcjlckhhhmlefmobnnoolakplfppdchi", "external_id": "pcjlckhhhmlefmobnnoolakplfppdchi"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--88d33cb7-ffe6-4e86-9b1c-3a285e1923ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.110425Z", "modified": "2026-06-02T15:57:35.110425Z", "name": "Malicious Extension: SellUP", "description": "Malicious browser extension: SellUP (pckoggnahgjephjpcmfnhfolbmenkdjp) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pckoggnahgjephjpcmfnhfolbmenkdjp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.110388Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pckoggnahgjephjpcmfnhfolbmenkdjp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pckoggnahgjephjpcmfnhfolbmenkdjp", "external_id": "pckoggnahgjephjpcmfnhfolbmenkdjp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f2e742ff-7912-4827-9a0b-83aed42a6ce4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.111424Z", "modified": "2026-06-02T15:57:35.111424Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pclighhhemgemdkhnhejgmdnjnoggfif) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pclighhhemgemdkhnhejgmdnjnoggfif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.111387Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pclighhhemgemdkhnhejgmdnjnoggfif", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pclighhhemgemdkhnhejgmdnjnoggfif", "external_id": "pclighhhemgemdkhnhejgmdnjnoggfif"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--94c096c7-73c4-44b8-990c-47364bce85d2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.112423Z", "modified": "2026-06-02T15:57:35.112423Z", "name": "Malicious Extension: ELITE", "description": "Malicious browser extension: ELITE (pcpdnigabekdogbajcacpbkebdfmaapc) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pcpdnigabekdogbajcacpbkebdfmaapc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.112385Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pcpdnigabekdogbajcacpbkebdfmaapc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pcpdnigabekdogbajcacpbkebdfmaapc", "external_id": "pcpdnigabekdogbajcacpbkebdfmaapc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--84469982-c0a3-4823-8c4a-c80fff024c7f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.1134Z", "modified": "2026-06-02T15:57:35.1134Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pdadlkbckhinonakkfkdaadceojbekep) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdadlkbckhinonakkfkdaadceojbekep']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.113363Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdadlkbckhinonakkfkdaadceojbekep", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdadlkbckhinonakkfkdaadceojbekep", "external_id": "pdadlkbckhinonakkfkdaadceojbekep"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--13a960ff-63ae-4ac7-9893-b2b88c90e0f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.114531Z", "modified": "2026-06-02T15:57:35.114531Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pdahnbohfcekobflehebdkoemnmmempk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdahnbohfcekobflehebdkoemnmmempk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.114493Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdahnbohfcekobflehebdkoemnmmempk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdahnbohfcekobflehebdkoemnmmempk", "external_id": "pdahnbohfcekobflehebdkoemnmmempk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2eab1244-ad1d-407c-9116-0308c348db77", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.115529Z", "modified": "2026-06-02T15:57:35.115529Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pdbphgolphciahiepiggnihanajkpnhg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdbphgolphciahiepiggnihanajkpnhg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.115491Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdbphgolphciahiepiggnihanajkpnhg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdbphgolphciahiepiggnihanajkpnhg", "external_id": "pdbphgolphciahiepiggnihanajkpnhg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--42ab5d82-0a1d-4609-bfd5-bb0064e123d4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.116531Z", "modified": "2026-06-02T15:57:35.116531Z", "name": "Malicious Extension: wa To you", "description": "Malicious browser extension: wa To you (pdckbaohagnmbkfjgobeaiiplolfckhm) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdckbaohagnmbkfjgobeaiiplolfckhm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.116494Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pdckbaohagnmbkfjgobeaiiplolfckhm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdckbaohagnmbkfjgobeaiiplolfckhm", "external_id": "pdckbaohagnmbkfjgobeaiiplolfckhm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--073a3e90-6393-4103-827e-77e0ae92607c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.117522Z", "modified": "2026-06-02T15:57:35.117522Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pddpiopnmcfhgdegdbjbiidcldcclepd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pddpiopnmcfhgdegdbjbiidcldcclepd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.117485Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pddpiopnmcfhgdegdbjbiidcldcclepd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pddpiopnmcfhgdegdbjbiidcldcclepd", "external_id": "pddpiopnmcfhgdegdbjbiidcldcclepd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d451922c-089a-487c-9a81-8802cae1d245", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.118511Z", "modified": "2026-06-02T15:57:35.118511Z", "name": "Malicious Extension: MR Vulnerability Widget for GitLab", "description": "Malicious browser extension: MR Vulnerability Widget for GitLab (pdepablkdfgdadoleeghhajaapcbilio) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdepablkdfgdadoleeghhajaapcbilio']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.118474Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdepablkdfgdadoleeghhajaapcbilio", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdepablkdfgdadoleeghhajaapcbilio", "external_id": "pdepablkdfgdadoleeghhajaapcbilio"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e6a79e07-12b3-4912-8d3f-1e2210b232ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.119517Z", "modified": "2026-06-02T15:57:35.119517Z", "name": "Malicious Extension: WaPower", "description": "Malicious browser extension: WaPower (pdfegaocpmmmomhgodfipbfmbikdajfj) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdfegaocpmmmomhgodfipbfmbikdajfj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.119479Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pdfegaocpmmmomhgodfipbfmbikdajfj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdfegaocpmmmomhgodfipbfmbikdajfj", "external_id": "pdfegaocpmmmomhgodfipbfmbikdajfj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--31d98fef-f866-453f-9bf1-000d64488ecd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.120513Z", "modified": "2026-06-02T15:57:35.120513Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pdfladlchakneeclhmpoboohikpbchkj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdfladlchakneeclhmpoboohikpbchkj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.120476Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdfladlchakneeclhmpoboohikpbchkj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdfladlchakneeclhmpoboohikpbchkj", "external_id": "pdfladlchakneeclhmpoboohikpbchkj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--089cc78f-2561-421f-aad2-f0d42047e0a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.122504Z", "modified": "2026-06-02T15:57:35.122504Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pdgghfndbkndiojjojcmbkfianekifna) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdgghfndbkndiojjojcmbkfianekifna']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.122463Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdgghfndbkndiojjojcmbkfianekifna", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdgghfndbkndiojjojcmbkfianekifna", "external_id": "pdgghfndbkndiojjojcmbkfianekifna"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6892c903-5550-42ad-8fd2-e602a2ad0630", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.123582Z", "modified": "2026-06-02T15:57:35.123582Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pdjpkfbpeniinkdlmibcdebccnkimnna) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdjpkfbpeniinkdlmibcdebccnkimnna']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.123544Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdjpkfbpeniinkdlmibcdebccnkimnna", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdjpkfbpeniinkdlmibcdebccnkimnna", "external_id": "pdjpkfbpeniinkdlmibcdebccnkimnna"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--88d39398-f971-43a3-b297-1243437ddf7a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.124614Z", "modified": "2026-06-02T15:57:35.124614Z", "name": "Malicious Extension: Nextgo Zap: Seu Whatsapp Turbinado!", "description": "Malicious browser extension: Nextgo Zap: Seu Whatsapp Turbinado! (pdlpnkplaofpdajmgegfnlifmdlejmfp) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdlpnkplaofpdajmgegfnlifmdlejmfp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.124576Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pdlpnkplaofpdajmgegfnlifmdlejmfp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdlpnkplaofpdajmgegfnlifmdlejmfp", "external_id": "pdlpnkplaofpdajmgegfnlifmdlejmfp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b8fe3290-cd2b-4f99-8a40-071c0b925345", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.125609Z", "modified": "2026-06-02T15:57:35.125609Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pdneeecaedebfjpkhdobgcnapfdffbbk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdneeecaedebfjpkhdobgcnapfdffbbk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.125571Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdneeecaedebfjpkhdobgcnapfdffbbk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdneeecaedebfjpkhdobgcnapfdffbbk", "external_id": "pdneeecaedebfjpkhdobgcnapfdffbbk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2374b51f-9a6c-46c8-9974-1548212ba053", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.126594Z", "modified": "2026-06-02T15:57:35.126594Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pdnhbaibaebmoklmjjpffoohcfohgbbg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdnhbaibaebmoklmjjpffoohcfohgbbg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.126555Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdnhbaibaebmoklmjjpffoohcfohgbbg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdnhbaibaebmoklmjjpffoohcfohgbbg", "external_id": "pdnhbaibaebmoklmjjpffoohcfohgbbg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c5fa8693-dd25-4db5-bf4a-64e6686b9215", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.127594Z", "modified": "2026-06-02T15:57:35.127594Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pdnhdddkoccchmbockecbohnakddkjip) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdnhdddkoccchmbockecbohnakddkjip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.127556Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdnhdddkoccchmbockecbohnakddkjip", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdnhdddkoccchmbockecbohnakddkjip", "external_id": "pdnhdddkoccchmbockecbohnakddkjip"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--36727634-9a00-4788-af83-e4269a777916", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.128577Z", "modified": "2026-06-02T15:57:35.128577Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pefighpbbfkgkmfmpfgaopoahdmkakll) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pefighpbbfkgkmfmpfgaopoahdmkakll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.12854Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pefighpbbfkgkmfmpfgaopoahdmkakll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pefighpbbfkgkmfmpfgaopoahdmkakll", "external_id": "pefighpbbfkgkmfmpfgaopoahdmkakll"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eb415253-127f-40c7-a823-420c08d1cee9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.129724Z", "modified": "2026-06-02T15:57:35.129724Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (peiibhfbdkgnbepgobjcgabkcfembndm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/peiibhfbdkgnbepgobjcgabkcfembndm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.129686Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:peiibhfbdkgnbepgobjcgabkcfembndm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/peiibhfbdkgnbepgobjcgabkcfembndm", "external_id": "peiibhfbdkgnbepgobjcgabkcfembndm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9d75dbe6-5ccc-4626-8b57-011c82b65eed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.130731Z", "modified": "2026-06-02T15:57:35.130731Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pepimjpimedlkcalcikemegmfgbbolla) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pepimjpimedlkcalcikemegmfgbbolla']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.130693Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pepimjpimedlkcalcikemegmfgbbolla", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pepimjpimedlkcalcikemegmfgbbolla", "external_id": "pepimjpimedlkcalcikemegmfgbbolla"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c17571f7-ce52-451c-89f0-0911cd290d31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.131824Z", "modified": "2026-06-02T15:57:35.131824Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pfaidgdipkpofconnnehlpedhhmfdcoa) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfaidgdipkpofconnnehlpedhhmfdcoa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.131786Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfaidgdipkpofconnnehlpedhhmfdcoa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfaidgdipkpofconnnehlpedhhmfdcoa", "external_id": "pfaidgdipkpofconnnehlpedhhmfdcoa"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4f5f6765-bbbc-4b2e-be67-610a52a81196", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.132833Z", "modified": "2026-06-02T15:57:35.132833Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pfdmleklaejjccgfhoeafapbhkjipcnj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfdmleklaejjccgfhoeafapbhkjipcnj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.132795Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfdmleklaejjccgfhoeafapbhkjipcnj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfdmleklaejjccgfhoeafapbhkjipcnj", "external_id": "pfdmleklaejjccgfhoeafapbhkjipcnj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--89a1e7b1-444e-4158-8131-1057ffbff595", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.133833Z", "modified": "2026-06-02T15:57:35.133833Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pfgbcfaiglkcoclichlojeaklcfboieh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfgbcfaiglkcoclichlojeaklcfboieh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.133796Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfgbcfaiglkcoclichlojeaklcfboieh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfgbcfaiglkcoclichlojeaklcfboieh", "external_id": "pfgbcfaiglkcoclichlojeaklcfboieh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--34b50e1f-9176-4521-a8b0-7a0dd99f82fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.134813Z", "modified": "2026-06-02T15:57:35.134813Z", "name": "Malicious Extension: OmniFlow Sidebar", "description": "Malicious browser extension: OmniFlow Sidebar (pfgpfmdiepmhhhkpnciogjhccppbcfhk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfgpfmdiepmhhhkpnciogjhccppbcfhk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.134775Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfgpfmdiepmhhhkpnciogjhccppbcfhk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfgpfmdiepmhhhkpnciogjhccppbcfhk", "external_id": "pfgpfmdiepmhhhkpnciogjhccppbcfhk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0cea6dc5-9a3d-448f-bef4-20a1000d1b5e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.135802Z", "modified": "2026-06-02T15:57:35.135802Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pfhjfcifolioiddfgicgkapbkfndaodc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfhjfcifolioiddfgicgkapbkfndaodc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.135764Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfhjfcifolioiddfgicgkapbkfndaodc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfhjfcifolioiddfgicgkapbkfndaodc", "external_id": "pfhjfcifolioiddfgicgkapbkfndaodc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f5c467c0-8f2d-4168-ba6e-5db32e7200ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.136943Z", "modified": "2026-06-02T15:57:35.136943Z", "name": "Malicious Extension: Tiktok Downloader", "description": "Malicious browser extension: Tiktok Downloader (pfpijacnpangmkfdpgodlbokpkhpkeka) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=72). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfpijacnpangmkfdpgodlbokpkhpkeka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.136905Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfpijacnpangmkfdpgodlbokpkhpkeka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfpijacnpangmkfdpgodlbokpkhpkeka", "external_id": "pfpijacnpangmkfdpgodlbokpkhpkeka"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a45e9903-e119-4d83-ae6c-e9ead49789db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.137933Z", "modified": "2026-06-02T15:57:35.137933Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pgabmkcldlelbhcookaealohoeknnapn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgabmkcldlelbhcookaealohoeknnapn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.137896Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgabmkcldlelbhcookaealohoeknnapn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgabmkcldlelbhcookaealohoeknnapn", "external_id": "pgabmkcldlelbhcookaealohoeknnapn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1f6122e3-ee1e-44d1-a72a-cd32bd1b1b73", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.138918Z", "modified": "2026-06-02T15:57:35.138918Z", "name": "Malicious Extension: Naruto Cursor - Custom Anime Cursor for Chrome", "description": "Malicious browser extension: Naruto Cursor - Custom Anime Cursor for Chrome (pgbhmanighehdihhgcfodcecphdakkgn) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgbhmanighehdihhgcfodcecphdakkgn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.13888Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgbhmanighehdihhgcfodcecphdakkgn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgbhmanighehdihhgcfodcecphdakkgn", "external_id": "pgbhmanighehdihhgcfodcecphdakkgn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--145d4d52-91f3-4252-aaf7-8e11f2793910", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.139918Z", "modified": "2026-06-02T15:57:35.139918Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pgbmnheamnejadnjhnkejnpnmaifnhpn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgbmnheamnejadnjhnkejnpnmaifnhpn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.13988Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgbmnheamnejadnjhnkejnpnmaifnhpn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgbmnheamnejadnjhnkejnpnmaifnhpn", "external_id": "pgbmnheamnejadnjhnkejnpnmaifnhpn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0b907127-b235-4fa8-b25d-69f607d6e253", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.140898Z", "modified": "2026-06-02T15:57:35.140898Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pgcmecpfgehfbogcaajjdnkpmmjgjjdp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgcmecpfgehfbogcaajjdnkpmmjgjjdp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.14086Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgcmecpfgehfbogcaajjdnkpmmjgjjdp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgcmecpfgehfbogcaajjdnkpmmjgjjdp", "external_id": "pgcmecpfgehfbogcaajjdnkpmmjgjjdp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d1255ac8-6341-4d6b-baf8-f21112e1fd01", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.141878Z", "modified": "2026-06-02T15:57:35.141878Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pgcpclmgjicldlndflchojhhbeknmdcc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgcpclmgjicldlndflchojhhbeknmdcc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.14184Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgcpclmgjicldlndflchojhhbeknmdcc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgcpclmgjicldlndflchojhhbeknmdcc", "external_id": "pgcpclmgjicldlndflchojhhbeknmdcc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5c5d643a-44a5-4aae-aa63-edb826e1aca9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.14287Z", "modified": "2026-06-02T15:57:35.14287Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pgefggfhmhmndhcdjaleikagdjmmoame) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgefggfhmhmndhcdjaleikagdjmmoame']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.142832Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgefggfhmhmndhcdjaleikagdjmmoame", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgefggfhmhmndhcdjaleikagdjmmoame", "external_id": "pgefggfhmhmndhcdjaleikagdjmmoame"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--84cdd6c1-4a77-41f1-859b-5dc257923f06", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.144017Z", "modified": "2026-06-02T15:57:35.144017Z", "name": "Malicious Extension: Camera Picture In Picture (PIP Overlay)", "description": "Malicious browser extension: Camera Picture In Picture (PIP Overlay) (pgejmpeimhjncennkkddmdknpgfblbcl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgejmpeimhjncennkkddmdknpgfblbcl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.14398Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgejmpeimhjncennkkddmdknpgfblbcl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgejmpeimhjncennkkddmdknpgfblbcl", "external_id": "pgejmpeimhjncennkkddmdknpgfblbcl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--74ae382e-2f61-41e7-8661-e464aea425cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.145006Z", "modified": "2026-06-02T15:57:35.145006Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pgfibniplgcnccdnkhblpmmlfodijppg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgfibniplgcnccdnkhblpmmlfodijppg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.144968Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgfibniplgcnccdnkhblpmmlfodijppg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgfibniplgcnccdnkhblpmmlfodijppg", "external_id": "pgfibniplgcnccdnkhblpmmlfodijppg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1035b86c-723b-4767-8310-3941fa4ec64e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.145987Z", "modified": "2026-06-02T15:57:35.145987Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pgfjnclkpdmocilijgalomiaokgjejdm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgfjnclkpdmocilijgalomiaokgjejdm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.145949Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgfjnclkpdmocilijgalomiaokgjejdm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgfjnclkpdmocilijgalomiaokgjejdm", "external_id": "pgfjnclkpdmocilijgalomiaokgjejdm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4211d9f6-cfa9-4c4f-856a-c0f9d199b825", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.146991Z", "modified": "2026-06-02T15:57:35.146991Z", "name": "Malicious Extension: Attack on Titan Cursor - Custom Anime Cursor for Chrome", "description": "Malicious browser extension: Attack on Titan Cursor - Custom Anime Cursor for Chrome (pgmiigclfodaendfgenfbmcfoefaljda) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgmiigclfodaendfgenfbmcfoefaljda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.146954Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgmiigclfodaendfgenfbmcfoefaljda", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgmiigclfodaendfgenfbmcfoefaljda", "external_id": "pgmiigclfodaendfgenfbmcfoefaljda"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c485f60d-d78c-4d77-b849-036f02bb9e61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.148006Z", "modified": "2026-06-02T15:57:35.148006Z", "name": "Malicious Extension: EnZap", "description": "Malicious browser extension: EnZap (pgnmegacljodjeioihhjlcajngphbagf) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgnmegacljodjeioihhjlcajngphbagf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.147968Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pgnmegacljodjeioihhjlcajngphbagf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgnmegacljodjeioihhjlcajngphbagf", "external_id": "pgnmegacljodjeioihhjlcajngphbagf"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--12b67d9d-c11f-429a-b6dd-129c70f77821", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.148991Z", "modified": "2026-06-02T15:57:35.148991Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pgpidfocdapogajplhjofamgeboonmmj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgpidfocdapogajplhjofamgeboonmmj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.148954Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgpidfocdapogajplhjofamgeboonmmj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgpidfocdapogajplhjofamgeboonmmj", "external_id": "pgpidfocdapogajplhjofamgeboonmmj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2475fd04-332b-465d-8225-599f90c9f50b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.149974Z", "modified": "2026-06-02T15:57:35.149974Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (phgjgflllnbdebkfocmmhnkaejofegfc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/phgjgflllnbdebkfocmmhnkaejofegfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.149933Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:phgjgflllnbdebkfocmmhnkaejofegfc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/phgjgflllnbdebkfocmmhnkaejofegfc", "external_id": "phgjgflllnbdebkfocmmhnkaejofegfc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e107a1f3-33d2-407c-b60d-d6c18ca9264b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.151114Z", "modified": "2026-06-02T15:57:35.151114Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (phiphcloddhmndjbdedgfbglhpkjcffh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/phiphcloddhmndjbdedgfbglhpkjcffh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.151069Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:phiphcloddhmndjbdedgfbglhpkjcffh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/phiphcloddhmndjbdedgfbglhpkjcffh", "external_id": "phiphcloddhmndjbdedgfbglhpkjcffh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--90aade87-401b-4e3a-821c-22b168c16b05", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.152109Z", "modified": "2026-06-02T15:57:35.152109Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (phngohjapibeemmkofldldedlbbndbag) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/phngohjapibeemmkofldldedlbbndbag']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.152072Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:phngohjapibeemmkofldldedlbbndbag", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/phngohjapibeemmkofldldedlbbndbag", "external_id": "phngohjapibeemmkofldldedlbbndbag"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--114c6939-f631-403e-a33f-5875998d6e1d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.153108Z", "modified": "2026-06-02T15:57:35.153108Z", "name": "Malicious Extension: talkspeed", "description": "Malicious browser extension: talkspeed (pihbjpjjgpejkbjmpijpmmolaehlbafc) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pihbjpjjgpejkbjmpijpmmolaehlbafc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.15307Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pihbjpjjgpejkbjmpijpmmolaehlbafc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pihbjpjjgpejkbjmpijpmmolaehlbafc", "external_id": "pihbjpjjgpejkbjmpijpmmolaehlbafc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3d181837-e63d-4225-bc5a-9e60f326904a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.154088Z", "modified": "2026-06-02T15:57:35.154088Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pijphekphpccokjmkdmlihpmddhoocnb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pijphekphpccokjmkdmlihpmddhoocnb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.15405Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pijphekphpccokjmkdmlihpmddhoocnb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pijphekphpccokjmkdmlihpmddhoocnb", "external_id": "pijphekphpccokjmkdmlihpmddhoocnb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--93a7c321-fb09-40f8-a8e7-28cf050a82c2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.155081Z", "modified": "2026-06-02T15:57:35.155081Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pjbcokeiajlkicejjfioeoggjblmhoko) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pjbcokeiajlkicejjfioeoggjblmhoko']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.155041Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pjbcokeiajlkicejjfioeoggjblmhoko", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pjbcokeiajlkicejjfioeoggjblmhoko", "external_id": "pjbcokeiajlkicejjfioeoggjblmhoko"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8258ad17-b70e-4cad-9afa-d7ef6744e2ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.156193Z", "modified": "2026-06-02T15:57:35.156193Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pjdnfljplcgepkonnklphjlkclhmlfdn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pjdnfljplcgepkonnklphjlkclhmlfdn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.156154Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pjdnfljplcgepkonnklphjlkclhmlfdn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pjdnfljplcgepkonnklphjlkclhmlfdn", "external_id": "pjdnfljplcgepkonnklphjlkclhmlfdn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--47495d44-1d6c-4901-a64a-549ffd8c6228", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.157211Z", "modified": "2026-06-02T15:57:35.157211Z", "name": "Malicious Extension: Pusheen Cursor - Custom Kawaii Cursor for Chrome", "description": "Malicious browser extension: Pusheen Cursor - Custom Kawaii Cursor for Chrome (pjfjconkopcckeanlhklghfogkdhnegk) TabPlugins cursor farm. Install/uninstall tracking via tabplugins[.]com. New tab hijacking infrastructure at tabplugins[.]com/constructor/. Content scripts on all URLs. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pjfjconkopcckeanlhklghfogkdhnegk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.157173Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pjfjconkopcckeanlhklghfogkdhnegk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pjfjconkopcckeanlhklghfogkdhnegk", "external_id": "pjfjconkopcckeanlhklghfogkdhnegk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--716d986b-846d-4a20-aef5-ad19d9e7c2d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.158401Z", "modified": "2026-06-02T15:57:35.158401Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pjkgiojffhoepookbhloenffjmelohol) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pjkgiojffhoepookbhloenffjmelohol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.158364Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pjkgiojffhoepookbhloenffjmelohol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pjkgiojffhoepookbhloenffjmelohol", "external_id": "pjkgiojffhoepookbhloenffjmelohol"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--46d424d3-200c-4f8c-825d-a3b69381a179", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.159413Z", "modified": "2026-06-02T15:57:35.159413Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pjmlmmlmdpcbipdmeedomkeomokaljjd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pjmlmmlmdpcbipdmeedomkeomokaljjd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.159375Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pjmlmmlmdpcbipdmeedomkeomokaljjd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pjmlmmlmdpcbipdmeedomkeomokaljjd", "external_id": "pjmlmmlmdpcbipdmeedomkeomokaljjd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e71cfd40-7ea4-45b2-a02e-0b47c9f9e5bc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.160413Z", "modified": "2026-06-02T15:57:35.160413Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pjpmebofipgpjaincgoboibbmicccbne) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pjpmebofipgpjaincgoboibbmicccbne']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.160376Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pjpmebofipgpjaincgoboibbmicccbne", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pjpmebofipgpjaincgoboibbmicccbne", "external_id": "pjpmebofipgpjaincgoboibbmicccbne"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--05b8ad9b-8e67-403c-8d87-f2da7b4deb17", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.1614Z", "modified": "2026-06-02T15:57:35.1614Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pkajffddidnadoaceilnhdfcoamcbnnm) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pkajffddidnadoaceilnhdfcoamcbnnm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.161362Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pkajffddidnadoaceilnhdfcoamcbnnm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pkajffddidnadoaceilnhdfcoamcbnnm", "external_id": "pkajffddidnadoaceilnhdfcoamcbnnm"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0e7d6e4c-2118-448f-8c86-fb94f75c828a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.162378Z", "modified": "2026-06-02T15:57:35.162378Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pkcoogcpeheamgkhfhelaifnpmehdgmp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pkcoogcpeheamgkhfhelaifnpmehdgmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.162341Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pkcoogcpeheamgkhfhelaifnpmehdgmp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pkcoogcpeheamgkhfhelaifnpmehdgmp", "external_id": "pkcoogcpeheamgkhfhelaifnpmehdgmp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3bdf9adf-b859-4d96-9534-ba20f4caccd7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.163366Z", "modified": "2026-06-02T15:57:35.163366Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pkdpclgpnnfhpapcnffgjbplfbmoejbj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pkdpclgpnnfhpapcnffgjbplfbmoejbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.163328Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pkdpclgpnnfhpapcnffgjbplfbmoejbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pkdpclgpnnfhpapcnffgjbplfbmoejbj", "external_id": "pkdpclgpnnfhpapcnffgjbplfbmoejbj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--136caa46-2d6c-49ce-8cd5-c77942ca7491", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.164362Z", "modified": "2026-06-02T15:57:35.164362Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pkhlncgfgeoalinmmhpbfopbkefckaao) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pkhlncgfgeoalinmmhpbfopbkefckaao']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.164324Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pkhlncgfgeoalinmmhpbfopbkefckaao", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pkhlncgfgeoalinmmhpbfopbkefckaao", "external_id": "pkhlncgfgeoalinmmhpbfopbkefckaao"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cc0874dd-547d-4caa-86cb-41993a2ace9a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.16556Z", "modified": "2026-06-02T15:57:35.16556Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pkjfghocapckmendmgdmppjccbplccbg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pkjfghocapckmendmgdmppjccbplccbg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.165522Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pkjfghocapckmendmgdmppjccbplccbg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pkjfghocapckmendmgdmppjccbplccbg", "external_id": "pkjfghocapckmendmgdmppjccbplccbg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--10dc76f6-9a78-4832-8cf9-8c31e9cd2a22", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.166551Z", "modified": "2026-06-02T15:57:35.166551Z", "name": "Malicious Extension: Tetrys - Falling blocks", "description": "Malicious browser extension: Tetrys - Falling blocks (pkkmmmmckhencoamaonbiidanpnhikbc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pkkmmmmckhencoamaonbiidanpnhikbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.166514Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pkkmmmmckhencoamaonbiidanpnhikbc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pkkmmmmckhencoamaonbiidanpnhikbc", "external_id": "pkkmmmmckhencoamaonbiidanpnhikbc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--66536ef8-ed9a-4944-9957-36090a80757d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.167562Z", "modified": "2026-06-02T15:57:35.167562Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pkndpfblglglngnngecdoglbifminnei) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pkndpfblglglngnngecdoglbifminnei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.167525Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pkndpfblglglngnngecdoglbifminnei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pkndpfblglglngnngecdoglbifminnei", "external_id": "pkndpfblglglngnngecdoglbifminnei"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c15e3fcf-653f-4268-b835-2a2307635a23", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.168565Z", "modified": "2026-06-02T15:57:35.168565Z", "name": "Malicious Extension: JJCA", "description": "Malicious browser extension: JJCA (plahbdekkijmgefopapakkhcogooghlk) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/plahbdekkijmgefopapakkhcogooghlk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.168528Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:plahbdekkijmgefopapakkhcogooghlk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/plahbdekkijmgefopapakkhcogooghlk", "external_id": "plahbdekkijmgefopapakkhcogooghlk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9103abef-0b3c-4a8b-a3d5-a38329eae1df", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.169556Z", "modified": "2026-06-02T15:57:35.169556Z", "name": "Malicious Extension: Zapbase", "description": "Malicious browser extension: Zapbase (pldfelebkfalpldhfbeagfgmmmelajlc) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pldfelebkfalpldhfbeagfgmmmelajlc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.169519Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pldfelebkfalpldhfbeagfgmmmelajlc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pldfelebkfalpldhfbeagfgmmmelajlc", "external_id": "pldfelebkfalpldhfbeagfgmmmelajlc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d03642ef-24d4-47ce-9ca1-64f044603d16", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.170542Z", "modified": "2026-06-02T15:57:35.170542Z", "name": "Malicious Extension: Bless", "description": "Malicious browser extension: Bless (pljbjcehnhcnofmkdbjolghdcjnmekia) Stage 5A static analysis confirmed malicious behavior (risk_level=suspicious, score=92). Awaiting campaign attribution. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pljbjcehnhcnofmkdbjolghdcjnmekia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.170505Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pljbjcehnhcnofmkdbjolghdcjnmekia", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pljbjcehnhcnofmkdbjolghdcjnmekia", "external_id": "pljbjcehnhcnofmkdbjolghdcjnmekia"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c560d897-444f-4c52-b01d-0f23e7f6fb93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.171549Z", "modified": "2026-06-02T15:57:35.171549Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (plljhaecaeecbhjccjhgnhdlnbpfmdbo) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/plljhaecaeecbhjccjhgnhdlnbpfmdbo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.171512Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:plljhaecaeecbhjccjhgnhdlnbpfmdbo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/plljhaecaeecbhjccjhgnhdlnbpfmdbo", "external_id": "plljhaecaeecbhjccjhgnhdlnbpfmdbo"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2ee83a2c-a472-4661-b095-6144b8498c57", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.172686Z", "modified": "2026-06-02T15:57:35.172686Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pmannhofeaiadkcdbcebhnkcnkjjnfpn) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmannhofeaiadkcdbcebhnkcnkjjnfpn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.172649Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmannhofeaiadkcdbcebhnkcnkjjnfpn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmannhofeaiadkcdbcebhnkcnkjjnfpn", "external_id": "pmannhofeaiadkcdbcebhnkcnkjjnfpn"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0de146ef-f70c-4010-935f-d9dea9da4845", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.173696Z", "modified": "2026-06-02T15:57:35.173696Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pmbfdejmiglahedobjddkhaebpaamkab) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmbfdejmiglahedobjddkhaebpaamkab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.173659Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmbfdejmiglahedobjddkhaebpaamkab", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmbfdejmiglahedobjddkhaebpaamkab", "external_id": "pmbfdejmiglahedobjddkhaebpaamkab"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ba4dd57e-53c3-43c9-ba10-43d61c579d28", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.174685Z", "modified": "2026-06-02T15:57:35.174685Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pmgmbeeafpdjjhmeaalneginpmdhamhe) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmgmbeeafpdjjhmeaalneginpmdhamhe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.174648Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmgmbeeafpdjjhmeaalneginpmdhamhe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmgmbeeafpdjjhmeaalneginpmdhamhe", "external_id": "pmgmbeeafpdjjhmeaalneginpmdhamhe"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ebe45629-7081-439b-b18b-55bb2118fcf1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.175681Z", "modified": "2026-06-02T15:57:35.175681Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pmicalpapmomhbopnbpckepnbdoomboc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmicalpapmomhbopnbpckepnbdoomboc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.175643Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmicalpapmomhbopnbpckepnbdoomboc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmicalpapmomhbopnbpckepnbdoomboc", "external_id": "pmicalpapmomhbopnbpckepnbdoomboc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f352acef-1eb9-46ad-9936-fd1ddb310e34", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.176659Z", "modified": "2026-06-02T15:57:35.176659Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pmjfbdnpbhfgeioabfahbheefebeiehp) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmjfbdnpbhfgeioabfahbheefebeiehp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.176622Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmjfbdnpbhfgeioabfahbheefebeiehp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmjfbdnpbhfgeioabfahbheefebeiehp", "external_id": "pmjfbdnpbhfgeioabfahbheefebeiehp"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--29fa4761-aa50-4e9d-8252-63058dfa468f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.177637Z", "modified": "2026-06-02T15:57:35.177637Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pmjnfndhdjmocibhfoddhinhpgjpipjb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmjnfndhdjmocibhfoddhinhpgjpipjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.1776Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmjnfndhdjmocibhfoddhinhpgjpipjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmjnfndhdjmocibhfoddhinhpgjpipjb", "external_id": "pmjnfndhdjmocibhfoddhinhpgjpipjb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a88f3f8b-c299-452d-be45-7473071643cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.178644Z", "modified": "2026-06-02T15:57:35.178644Z", "name": "Malicious Extension: WhatsTime CRM for WhatsApp\u2122 Web", "description": "Malicious browser extension: WhatsTime CRM for WhatsApp\u2122 Web (pmkbdfddjmnceffcgdgfnenkngkkeheg) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmkbdfddjmnceffcgdgfnenkngkkeheg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.178606Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pmkbdfddjmnceffcgdgfnenkngkkeheg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmkbdfddjmnceffcgdgfnenkngkkeheg", "external_id": "pmkbdfddjmnceffcgdgfnenkngkkeheg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--04f06712-3f70-49a0-8a48-23d733844046", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.179805Z", "modified": "2026-06-02T15:57:35.179805Z", "name": "Malicious Extension: Sonic the Hedgehog Cursor \u2605 Custom Cursor for Chrome\u2122", "description": "Malicious browser extension: Sonic the Hedgehog Cursor \u2605 Custom Cursor for Chrome\u2122 (pmlcfgndjofkkpimdenhpkmdbmnbfend) YowGames cursor farm. Install/uninstall tracking via yowgames[.]com. Content scripts on all URLs enable browsing activity monitoring and ad injection. Stage 5A confirmed. | Original note: Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmlcfgndjofkkpimdenhpkmdbmnbfend']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.179767Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmlcfgndjofkkpimdenhpkmdbmnbfend", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmlcfgndjofkkpimdenhpkmdbmnbfend", "external_id": "pmlcfgndjofkkpimdenhpkmdbmnbfend"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f5f9a7f8-3eb2-47e5-b470-13471446a1a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.180797Z", "modified": "2026-06-02T15:57:35.180797Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pmpbkcpplelpcphbapailejddbcebnmb) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pmpbkcpplelpcphbapailejddbcebnmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.18076Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pmpbkcpplelpcphbapailejddbcebnmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pmpbkcpplelpcphbapailejddbcebnmb", "external_id": "pmpbkcpplelpcphbapailejddbcebnmb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ed69a5ae-0d1c-4e61-8bd9-a6b36dc0956a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.181777Z", "modified": "2026-06-02T15:57:35.181777Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pnagifhcchoejfbghjhgcfmmmiiampbc) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pnagifhcchoejfbghjhgcfmmmiiampbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.18174Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pnagifhcchoejfbghjhgcfmmmiiampbc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pnagifhcchoejfbghjhgcfmmmiiampbc", "external_id": "pnagifhcchoejfbghjhgcfmmmiiampbc"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3bd5df7e-3007-44a2-a830-90af983195cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.18275Z", "modified": "2026-06-02T15:57:35.18275Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pnangioakbpgppagachdpfcnjncfncch) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pnangioakbpgppagachdpfcnjncfncch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.182713Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pnangioakbpgppagachdpfcnjncfncch", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pnangioakbpgppagachdpfcnjncfncch", "external_id": "pnangioakbpgppagachdpfcnjncfncch"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--44fc4c48-9c1d-4a90-ac84-37857d54067e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.183755Z", "modified": "2026-06-02T15:57:35.183755Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pncclakgimbcblpfdclhkdaepmnepkel) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pncclakgimbcblpfdclhkdaepmnepkel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.183718Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pncclakgimbcblpfdclhkdaepmnepkel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pncclakgimbcblpfdclhkdaepmnepkel", "external_id": "pncclakgimbcblpfdclhkdaepmnepkel"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8ce56343-e1d3-486e-a936-d28afea28ad1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.184739Z", "modified": "2026-06-02T15:57:35.184739Z", "name": "Malicious Extension: AI Ad Generator", "description": "Malicious browser extension: AI Ad Generator (pndmbpnfolikhfnfnkmjkkpcgkmaibec) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pndmbpnfolikhfnfnkmjkkpcgkmaibec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.184698Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pndmbpnfolikhfnfnkmjkkpcgkmaibec", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pndmbpnfolikhfnfnkmjkkpcgkmaibec", "external_id": "pndmbpnfolikhfnfnkmjkkpcgkmaibec"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c70bbe11-b1f0-43c2-b0fe-5b52d8d77cb9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.18573Z", "modified": "2026-06-02T15:57:35.18573Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pnhemnjbggihoedmgoagnjmmmfpnlkil) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pnhemnjbggihoedmgoagnjmmmfpnlkil']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.185692Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pnhemnjbggihoedmgoagnjmmmfpnlkil", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pnhemnjbggihoedmgoagnjmmmfpnlkil", "external_id": "pnhemnjbggihoedmgoagnjmmmfpnlkil"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--82618f15-7b07-4db4-aaf7-0c7bab8a7fd8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.186861Z", "modified": "2026-06-02T15:57:35.186861Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pnhkolkelkfnfphohbdnboedhejlfbho) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pnhkolkelkfnfphohbdnboedhejlfbho']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.186823Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pnhkolkelkfnfphohbdnboedhejlfbho", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pnhkolkelkfnfphohbdnboedhejlfbho", "external_id": "pnhkolkelkfnfphohbdnboedhejlfbho"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d38cd569-6abf-4076-9757-aff8feee15a1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.187875Z", "modified": "2026-06-02T15:57:35.187875Z", "name": "Malicious Extension: Safe ChatGPT Search", "description": "Malicious browser extension: Safe ChatGPT Search (pnmmfplemkekboaalbeeajfidkkepppl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pnmmfplemkekboaalbeeajfidkkepppl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.187837Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pnmmfplemkekboaalbeeajfidkkepppl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pnmmfplemkekboaalbeeajfidkkepppl", "external_id": "pnmmfplemkekboaalbeeajfidkkepppl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f878aa43-5775-40e9-a7ab-6d95956e750b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.188861Z", "modified": "2026-06-02T15:57:35.188861Z", "name": "Malicious Extension: Amazon Ads Blocker", "description": "Malicious browser extension: Amazon Ads Blocker (pnpchphmplpdimbllknjoiopmfphellj) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pnpchphmplpdimbllknjoiopmfphellj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.188824Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pnpchphmplpdimbllknjoiopmfphellj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pnpchphmplpdimbllknjoiopmfphellj", "external_id": "pnpchphmplpdimbllknjoiopmfphellj"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--07479c6d-4824-48fc-9af7-9dd0dd346935", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.189841Z", "modified": "2026-06-02T15:57:35.189841Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pobknfocgoijjmokmhimkfhemcnigdji) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pobknfocgoijjmokmhimkfhemcnigdji']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.189804Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pobknfocgoijjmokmhimkfhemcnigdji", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pobknfocgoijjmokmhimkfhemcnigdji", "external_id": "pobknfocgoijjmokmhimkfhemcnigdji"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a8d97666-1a18-4a60-a1da-e9b2dfb3af79", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.19084Z", "modified": "2026-06-02T15:57:35.19084Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (podfjomopoejmlkfnhanlmlagcnlappd) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/podfjomopoejmlkfnhanlmlagcnlappd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.190803Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:podfjomopoejmlkfnhanlmlagcnlappd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/podfjomopoejmlkfnhanlmlagcnlappd", "external_id": "podfjomopoejmlkfnhanlmlagcnlappd"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--651b939e-fafa-44f8-b8d5-82099f759876", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.191848Z", "modified": "2026-06-02T15:57:35.191848Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ppfdcmempdfjnanjegmjhanplgjicefg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ppfdcmempdfjnanjegmjhanplgjicefg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.191811Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ppfdcmempdfjnanjegmjhanplgjicefg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ppfdcmempdfjnanjegmjhanplgjicefg", "external_id": "ppfdcmempdfjnanjegmjhanplgjicefg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--02060e42-1c1e-4709-bfcc-7c07ff8fb03e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.192824Z", "modified": "2026-06-02T15:57:35.192824Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pphgdbgldlmicfdkhondlafkiomnelnk) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pphgdbgldlmicfdkhondlafkiomnelnk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.192787Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pphgdbgldlmicfdkhondlafkiomnelnk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pphgdbgldlmicfdkhondlafkiomnelnk", "external_id": "pphgdbgldlmicfdkhondlafkiomnelnk"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e8be14c3-1d3b-4c33-b861-f09a275ed853", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.193962Z", "modified": "2026-06-02T15:57:35.193962Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ppifedcnnhokhllkjbokkekbggnlbfak) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ppifedcnnhokhllkjbokkekbggnlbfak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.193924Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ppifedcnnhokhllkjbokkekbggnlbfak", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ppifedcnnhokhllkjbokkekbggnlbfak", "external_id": "ppifedcnnhokhllkjbokkekbggnlbfak"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7a1143a7-bc47-4ffa-b257-9464ee804071", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.194952Z", "modified": "2026-06-02T15:57:35.194952Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ppmanlakcacopgdpnaaabcjknbeokojl) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ppmanlakcacopgdpnaaabcjknbeokojl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.194915Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ppmanlakcacopgdpnaaabcjknbeokojl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ppmanlakcacopgdpnaaabcjknbeokojl", "external_id": "ppmanlakcacopgdpnaaabcjknbeokojl"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0e164fc3-2067-4903-97c2-e725ec658b8b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.195957Z", "modified": "2026-06-02T15:57:35.195957Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ppmljhamhchjamlmifaboeenhipkoncg) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ppmljhamhchjamlmifaboeenhipkoncg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.19592Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ppmljhamhchjamlmifaboeenhipkoncg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ppmljhamhchjamlmifaboeenhipkoncg", "external_id": "ppmljhamhchjamlmifaboeenhipkoncg"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d0db37db-f6d5-47f5-9ba0-17fc8f72d0b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.196938Z", "modified": "2026-06-02T15:57:35.196938Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ppndpickiehhbcneeinkfbjapmbiklde) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ppndpickiehhbcneeinkfbjapmbiklde']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.196901Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ppndpickiehhbcneeinkfbjapmbiklde", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ppndpickiehhbcneeinkfbjapmbiklde", "external_id": "ppndpickiehhbcneeinkfbjapmbiklde"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8f0bd091-a849-4635-8221-d9e8c341da85", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.197924Z", "modified": "2026-06-02T15:57:35.197924Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pppdfgkfdemgfknfnhpkibbkabhghhfh) Stub entry imported from malicious_extension_sentry (MIT license). Source: https://github.com/toborrm9/malicious_extension_sentry \u2014 Name, campaign, threat type and date pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pppdfgkfdemgfknfnhpkibbkabhghhfh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.197887Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pppdfgkfdemgfknfnhpkibbkabhghhfh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pppdfgkfdemgfknfnhpkibbkabhghhfh", "external_id": "pppdfgkfdemgfknfnhpkibbkabhghhfh"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--fd4b7d5e-c702-43d0-8628-dabf8e49f57d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.19895Z", "modified": "2026-06-02T15:57:35.19895Z", "name": "Malicious Extension: YouZapCRM - WhatsApp Web com poder de CRM, automa\u00e7\u00f5es e muito mais!", "description": "Malicious browser extension: YouZapCRM - WhatsApp Web com poder de CRM, automa\u00e7\u00f5es e muito mais! (pppeaodmafhlepccbpnjhobmokplfkjb) DBX Tecnologia / Grupo OPT WhatsApp automation campaign (Socket, October 2025). 131-extension franchise-model spamware operation targeting WhatsApp Web users. Brazilian company DBX Tecnologia licensed white-label builds to resellers under suporte@grupoopt.com.br and kaio.feitosa@grupoopt.com.br. Stage 5A static analysis by TPCI (May 2026) additionally identified midia.wascript.com.br data harvesting C2 infrastructure and confirmed form harvesting, cookie access, and credential theft behavior bey \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pppeaodmafhlepccbpnjhobmokplfkjb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.198911Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "collection"}], "labels": ["ext-id:pppeaodmafhlepccbpnjhobmokplfkjb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pppeaodmafhlepccbpnjhobmokplfkjb", "external_id": "pppeaodmafhlepccbpnjhobmokplfkjb"}, {"source_name": "Article", "url": "https://github.com/toborrm9/malicious_extension_sentry"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--407551ef-831d-4882-af92-616a59dab00e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.200251Z", "modified": "2026-06-02T15:57:35.200251Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (abgpfcaflplbnjkpeoimjchehdhakped) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/abgpfcaflplbnjkpeoimjchehdhakped']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.200213Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:abgpfcaflplbnjkpeoimjchehdhakped", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/abgpfcaflplbnjkpeoimjchehdhakped", "external_id": "abgpfcaflplbnjkpeoimjchehdhakped"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9ed6d345-fc65-4b16-a281-f141795453bd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.201395Z", "modified": "2026-06-02T15:57:35.201395Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (bnkfndcaablkaikpghncjfpfpohlebhl) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bnkfndcaablkaikpghncjfpfpohlebhl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.201357Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bnkfndcaablkaikpghncjfpfpohlebhl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bnkfndcaablkaikpghncjfpfpohlebhl", "external_id": "bnkfndcaablkaikpghncjfpfpohlebhl"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e980c1a2-2225-4a7e-a3c1-f19ff29eb1d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.202388Z", "modified": "2026-06-02T15:57:35.202388Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cadamhedkeaockcdjhgnhganjplekkae) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cadamhedkeaockcdjhgnhganjplekkae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.202349Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cadamhedkeaockcdjhgnhganjplekkae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cadamhedkeaockcdjhgnhganjplekkae", "external_id": "cadamhedkeaockcdjhgnhganjplekkae"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--00e3ec6f-a8e1-4aa7-a412-22c53828e2bb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.203418Z", "modified": "2026-06-02T15:57:35.203418Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (cbeheemkdnigelpcgdjabhhfleabpnci) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbeheemkdnigelpcgdjabhhfleabpnci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.20338Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cbeheemkdnigelpcgdjabhhfleabpnci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbeheemkdnigelpcgdjabhhfleabpnci", "external_id": "cbeheemkdnigelpcgdjabhhfleabpnci"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--91fe30fa-bc91-440e-9318-51f3b67d6867", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.204442Z", "modified": "2026-06-02T15:57:35.204442Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (demiaanijbajdmkfpenjgamcgfklgjge) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/demiaanijbajdmkfpenjgamcgfklgjge']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.204405Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:demiaanijbajdmkfpenjgamcgfklgjge", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/demiaanijbajdmkfpenjgamcgfklgjge", "external_id": "demiaanijbajdmkfpenjgamcgfklgjge"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--42cc398f-4ba3-4602-af1c-4a3a5504c765", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.205461Z", "modified": "2026-06-02T15:57:35.205461Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (djeijcgibnkebbldabhecmkmdaojdbpk) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/djeijcgibnkebbldabhecmkmdaojdbpk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.205423Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:djeijcgibnkebbldabhecmkmdaojdbpk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/djeijcgibnkebbldabhecmkmdaojdbpk", "external_id": "djeijcgibnkebbldabhecmkmdaojdbpk"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3b3d4fdc-06e1-455b-9183-641ff3283ab0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.206454Z", "modified": "2026-06-02T15:57:35.206454Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ekmkkpnadnbahjkmmmhkehalpeolknmn) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekmkkpnadnbahjkmmmhkehalpeolknmn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.206417Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekmkkpnadnbahjkmmmhkehalpeolknmn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekmkkpnadnbahjkmmmhkehalpeolknmn", "external_id": "ekmkkpnadnbahjkmmmhkehalpeolknmn"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--09fc0763-50f4-492e-9a51-8abbfb06ffdd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.207455Z", "modified": "2026-06-02T15:57:35.207455Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (hpaeihbjeijdabhoobkledihgofjlbkp) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hpaeihbjeijdabhoobkledihgofjlbkp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.207418Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hpaeihbjeijdabhoobkledihgofjlbkp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hpaeihbjeijdabhoobkledihgofjlbkp", "external_id": "hpaeihbjeijdabhoobkledihgofjlbkp"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3bce6def-8acf-4631-8f7f-a04f2749badd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.20944Z", "modified": "2026-06-02T15:57:35.20944Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (iamobjmjhdlfkmikacnhbjmiblndiani) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/iamobjmjhdlfkmikacnhbjmiblndiani']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.209401Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:iamobjmjhdlfkmikacnhbjmiblndiani", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/iamobjmjhdlfkmikacnhbjmiblndiani", "external_id": "iamobjmjhdlfkmikacnhbjmiblndiani"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--23b74ab0-e219-47d3-bcce-ddc39e7fed2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.210489Z", "modified": "2026-06-02T15:57:35.210489Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ihbjeplpkbnmeenljajhckggleinidcd) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ihbjeplpkbnmeenljajhckggleinidcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.210451Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ihbjeplpkbnmeenljajhckggleinidcd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ihbjeplpkbnmeenljajhckggleinidcd", "external_id": "ihbjeplpkbnmeenljajhckggleinidcd"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--84adb9b5-6df8-4750-9d2f-41d033f65de5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.211537Z", "modified": "2026-06-02T15:57:35.211537Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (ijgahedgacnhnbdakolhnhkbjbhjgfao) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ijgahedgacnhnbdakolhnhkbjbhjgfao']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.2115Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ijgahedgacnhnbdakolhnhkbjbhjgfao", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ijgahedgacnhnbdakolhnhkbjbhjgfao", "external_id": "ijgahedgacnhnbdakolhnhkbjbhjgfao"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--040070c6-7cac-4b65-a83c-e36d1c4199c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.212529Z", "modified": "2026-06-02T15:57:35.212529Z", "name": "Malicious Extension: Web.archive.org Auto-Archiver", "description": "Malicious browser extension: Web.archive.org Auto-Archiver (incoejagnokjhlkjkgpbdbooagggckdg) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/incoejagnokjhlkjkgpbdbooagggckdg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.212491Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:incoejagnokjhlkjkgpbdbooagggckdg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/incoejagnokjhlkjkgpbdbooagggckdg", "external_id": "incoejagnokjhlkjkgpbdbooagggckdg"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e4434b6b-6c0e-4860-be68-be5f8016b0fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.213515Z", "modified": "2026-06-02T15:57:35.213515Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (jafjlcbocjfijiholjkppjeaolblpbam) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jafjlcbocjfijiholjkppjeaolblpbam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.213469Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jafjlcbocjfijiholjkppjeaolblpbam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jafjlcbocjfijiholjkppjeaolblpbam", "external_id": "jafjlcbocjfijiholjkppjeaolblpbam"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7e22377d-3a46-477a-adf9-5d2f2d1047e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.214498Z", "modified": "2026-06-02T15:57:35.214498Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (kiohalpdgogknjljjemlbpidjpaedlji) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kiohalpdgogknjljjemlbpidjpaedlji']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.21446Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kiohalpdgogknjljjemlbpidjpaedlji", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kiohalpdgogknjljjemlbpidjpaedlji", "external_id": "kiohalpdgogknjljjemlbpidjpaedlji"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1c1fa945-460d-4ad5-848a-7aae4cbb2669", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.215488Z", "modified": "2026-06-02T15:57:35.215488Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (opmdomafhdphidaghneljdkdiimpcopj) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opmdomafhdphidaghneljdkdiimpcopj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.21545Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opmdomafhdphidaghneljdkdiimpcopj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opmdomafhdphidaghneljdkdiimpcopj", "external_id": "opmdomafhdphidaghneljdkdiimpcopj"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c3f26963-5881-46d9-9459-2d3c880653e8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.216636Z", "modified": "2026-06-02T15:57:35.216636Z", "name": "Malicious Extension: UNKNOWN", "description": "Malicious browser extension: UNKNOWN (pgeleiggmfnpbanhagnpajcfilnkaghj) Stub entry imported from gnyman/chromium-mal-ids. Name and campaign pending enrichment.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pgeleiggmfnpbanhagnpajcfilnkaghj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-06-02T15:57:35.216592Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pgeleiggmfnpbanhagnpajcfilnkaghj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pgeleiggmfnpbanhagnpajcfilnkaghj", "external_id": "pgeleiggmfnpbanhagnpajcfilnkaghj"}, {"source_name": "Article", "url": "https://github.com/gnyman/chromium-mal-ids"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d44a7858-c8f2-48ba-911a-4e877ad2258a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.218049Z", "modified": "2026-06-02T15:57:35.218049Z", "name": "Malicious Extension: AI Compare - Multi-AI one-click compare & copy results", "description": "Malicious browser extension: AI Compare - Multi-AI one-click compare & copy results (dkhpgbbhlnmjbkihoeniojpkggkabbbl) Unit 42 Feb 2026 AI-accelerated malicious extension campaign. Name and specific behavior pending enrichment. \u26a0 Still active in browser store at time of reporting.", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkhpgbbhlnmjbkihoeniojpkggkabbbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-02-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkhpgbbhlnmjbkihoeniojpkggkabbbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkhpgbbhlnmjbkihoeniojpkggkabbbl", "external_id": "dkhpgbbhlnmjbkihoeniojpkggkabbbl"}, {"source_name": "Original Research", "url": "https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-02-20-%20AI-Accelerated%20Malicious%20Chrome%20Extension%20Campaigns.txt"}, {"source_name": "Article", "url": "https://thehackernews.com/2026/03/chrome-extension-turns-malicious-after.html"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3fe3eddf-e03b-46b2-948f-da77e403d503", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.219387Z", "modified": "2026-06-02T15:57:35.219387Z", "name": "Malicious Extension: Dex For Chrome Personal C", "description": "Malicious browser extension: Dex For Chrome Personal C (amlpnkfionniifnajgcalfndolieichk) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/amlpnkfionniifnajgcalfndolieichk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:amlpnkfionniifnajgcalfndolieichk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/amlpnkfionniifnajgcalfndolieichk", "external_id": "amlpnkfionniifnajgcalfndolieichk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--24d66a27-e070-4290-b3d2-d01712b60860", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.220416Z", "modified": "2026-06-02T15:57:35.220416Z", "name": "Malicious Extension: Lix B2B Email Finder", "description": "Malicious browser extension: Lix B2B Email Finder (ceplokfhfeekddamgoaojabdhkggafnk) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ceplokfhfeekddamgoaojabdhkggafnk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ceplokfhfeekddamgoaojabdhkggafnk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ceplokfhfeekddamgoaojabdhkggafnk", "external_id": "ceplokfhfeekddamgoaojabdhkggafnk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b3ce8b52-1d77-4596-ab71-4419fa5c7636", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.221425Z", "modified": "2026-06-02T15:57:35.221425Z", "name": "Malicious Extension: Trust Wallet Secure Notes", "description": "Malicious browser extension: Trust Wallet Secure Notes (ibhbpdmaejlapiadekfdmlklaojbkemb) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ibhbpdmaejlapiadekfdmlklaojbkemb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ibhbpdmaejlapiadekfdmlklaojbkemb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ibhbpdmaejlapiadekfdmlklaojbkemb", "external_id": "ibhbpdmaejlapiadekfdmlklaojbkemb"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8c7d675f-9fef-4e6d-bf2d-4a87d9e03cd0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.222428Z", "modified": "2026-06-02T15:57:35.222428Z", "name": "Malicious Extension: Mangalens", "description": "Malicious browser extension: Mangalens (hoagaedakmopbokhnbjhoakgpdijahpg) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hoagaedakmopbokhnbjhoakgpdijahpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hoagaedakmopbokhnbjhoakgpdijahpg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hoagaedakmopbokhnbjhoakgpdijahpg", "external_id": "hoagaedakmopbokhnbjhoakgpdijahpg"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--16628916-4497-4c46-a600-c6e267d6f526", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.22345Z", "modified": "2026-06-02T15:57:35.22345Z", "name": "Malicious Extension: Tiktaklab Tiktok Video Do", "description": "Malicious browser extension: Tiktaklab Tiktok Video Do (ngapflacofkdghjldnkhhgfnkdlgcmel) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ngapflacofkdghjldnkhhgfnkdlgcmel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ngapflacofkdghjldnkhhgfnkdlgcmel", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ngapflacofkdghjldnkhhgfnkdlgcmel", "external_id": "ngapflacofkdghjldnkhhgfnkdlgcmel"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--44ed8751-bed6-4f7b-bce2-d964797a052a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.224619Z", "modified": "2026-06-02T15:57:35.224619Z", "name": "Malicious Extension: Humanlinker", "description": "Malicious browser extension: Humanlinker (hpfndbeelpjpdgeaoknoeggagglgelhp) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hpfndbeelpjpdgeaoknoeggagglgelhp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hpfndbeelpjpdgeaoknoeggagglgelhp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hpfndbeelpjpdgeaoknoeggagglgelhp", "external_id": "hpfndbeelpjpdgeaoknoeggagglgelhp"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6126f193-9e8b-40b6-a78a-0f1c69a81556", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.225626Z", "modified": "2026-06-02T15:57:35.225626Z", "name": "Malicious Extension: Close All Tabs", "description": "Malicious browser extension: Close All Tabs (cgclhkbaopocbigfahclandepkfhnnnf) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cgclhkbaopocbigfahclandepkfhnnnf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cgclhkbaopocbigfahclandepkfhnnnf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cgclhkbaopocbigfahclandepkfhnnnf", "external_id": "cgclhkbaopocbigfahclandepkfhnnnf"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dd729e1d-4d4e-4f01-bee4-8cc7136be09d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.226662Z", "modified": "2026-06-02T15:57:35.226662Z", "name": "Malicious Extension: Prolead Scout", "description": "Malicious browser extension: Prolead Scout (nnlfomimmbmbkanlkadkelfphhfidhak) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nnlfomimmbmbkanlkadkelfphhfidhak']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nnlfomimmbmbkanlkadkelfphhfidhak", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nnlfomimmbmbkanlkadkelfphhfidhak", "external_id": "nnlfomimmbmbkanlkadkelfphhfidhak"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e9f83e7c-7bbc-4554-b955-0c08c35f9dd9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.227703Z", "modified": "2026-06-02T15:57:35.227703Z", "name": "Malicious Extension: Trust Wallet Secure Notes", "description": "Malicious browser extension: Trust Wallet Secure Notes (bhfnifoebenbpbnlmaddnkniocoaagfg) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhfnifoebenbpbnlmaddnkniocoaagfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bhfnifoebenbpbnlmaddnkniocoaagfg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhfnifoebenbpbnlmaddnkniocoaagfg", "external_id": "bhfnifoebenbpbnlmaddnkniocoaagfg"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ea782101-2211-4758-8ab9-f1da963246a0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.228708Z", "modified": "2026-06-02T15:57:35.228708Z", "name": "Malicious Extension: Extensi\u00f3N Patmos", "description": "Malicious browser extension: Extensi\u00f3N Patmos (ccdhnjoomjlnbkiponkhookaamafikll) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ccdhnjoomjlnbkiponkhookaamafikll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ccdhnjoomjlnbkiponkhookaamafikll", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ccdhnjoomjlnbkiponkhookaamafikll", "external_id": "ccdhnjoomjlnbkiponkhookaamafikll"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--000eb2ef-6acc-4c39-9491-4dc36cdbfd4c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.229718Z", "modified": "2026-06-02T15:57:35.229718Z", "name": "Malicious Extension: Zileo Linkedin Cookie Con", "description": "Malicious browser extension: Zileo Linkedin Cookie Con (acjkfmnbignocfakclealmabijofkaba) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/acjkfmnbignocfakclealmabijofkaba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:acjkfmnbignocfakclealmabijofkaba", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/acjkfmnbignocfakclealmabijofkaba", "external_id": "acjkfmnbignocfakclealmabijofkaba"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--39bb5862-b491-4ad1-99e0-df752a7df0ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.230727Z", "modified": "2026-06-02T15:57:35.230727Z", "name": "Malicious Extension: Aegisvectro Client Side S", "description": "Malicious browser extension: Aegisvectro Client Side S (hcnegdhonfnijjmiidinppcigdpchdlk) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hcnegdhonfnijjmiidinppcigdpchdlk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hcnegdhonfnijjmiidinppcigdpchdlk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hcnegdhonfnijjmiidinppcigdpchdlk", "external_id": "hcnegdhonfnijjmiidinppcigdpchdlk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--81561b75-38b1-4ce3-8ba4-255b5caec78c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.232165Z", "modified": "2026-06-02T15:57:35.232165Z", "name": "Malicious Extension: Trust Wallet Secure Notes", "description": "Malicious browser extension: Trust Wallet Secure Notes (gijdlcgcmadappinmgdgiihiepcgboaf) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gijdlcgcmadappinmgdgiihiepcgboaf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-31T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gijdlcgcmadappinmgdgiihiepcgboaf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gijdlcgcmadappinmgdgiihiepcgboaf", "external_id": "gijdlcgcmadappinmgdgiihiepcgboaf"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--68eacc1e-bec6-4f3c-b162-44dffeea74f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.233192Z", "modified": "2026-06-02T15:57:35.233192Z", "name": "Malicious Extension: Glanceai", "description": "Malicious browser extension: Glanceai (lbgfcdjklmgkaogjkkbkleeepndmbnja) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lbgfcdjklmgkaogjkkbkleeepndmbnja']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-28T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lbgfcdjklmgkaogjkkbkleeepndmbnja", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lbgfcdjklmgkaogjkkbkleeepndmbnja", "external_id": "lbgfcdjklmgkaogjkkbkleeepndmbnja"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d14dad19-ebdf-40e3-a592-1986b2a7d329", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.234512Z", "modified": "2026-06-02T15:57:35.234512Z", "name": "Malicious Extension: Tiktok Unban Ban Pass", "description": "Malicious browser extension: Tiktok Unban Ban Pass (onmpecpdikhopjbmjajcjcnfdjdmbbfd) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/onmpecpdikhopjbmjajcjcnfdjdmbbfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-28T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:onmpecpdikhopjbmjajcjcnfdjdmbbfd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/onmpecpdikhopjbmjajcjcnfdjdmbbfd", "external_id": "onmpecpdikhopjbmjajcjcnfdjdmbbfd"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0f7a2eca-3b32-4548-b2df-fb1b229779df", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.23553Z", "modified": "2026-06-02T15:57:35.23553Z", "name": "Malicious Extension: Ai For Amazon Listings Co", "description": "Malicious browser extension: Ai For Amazon Listings Co (bfobpdekijjlmjndakaogdbfoajedioi) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bfobpdekijjlmjndakaogdbfoajedioi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-28T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bfobpdekijjlmjndakaogdbfoajedioi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bfobpdekijjlmjndakaogdbfoajedioi", "external_id": "bfobpdekijjlmjndakaogdbfoajedioi"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--adf48176-c5a0-48d6-965e-f28d71978dfe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.236533Z", "modified": "2026-06-02T15:57:35.236533Z", "name": "Malicious Extension: Clipkeeper Download Gamec", "description": "Malicious browser extension: Clipkeeper Download Gamec (beelllgidjaklbnacknjkghfibfpjhac) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/beelllgidjaklbnacknjkghfibfpjhac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-28T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:beelllgidjaklbnacknjkghfibfpjhac", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/beelllgidjaklbnacknjkghfibfpjhac", "external_id": "beelllgidjaklbnacknjkghfibfpjhac"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b2b419f1-0150-4809-8625-0c22be40209b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.237827Z", "modified": "2026-06-02T15:57:35.237827Z", "name": "Malicious Extension: Vipsa Nature Theme", "description": "Malicious browser extension: Vipsa Nature Theme (dheopmpgpkokbdjjlhpphcichjdgjgoh) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dheopmpgpkokbdjjlhpphcichjdgjgoh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-28T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dheopmpgpkokbdjjlhpphcichjdgjgoh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dheopmpgpkokbdjjlhpphcichjdgjgoh", "external_id": "dheopmpgpkokbdjjlhpphcichjdgjgoh"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c8c99364-33ce-4c6f-9ccc-dcdbf676db47", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.238855Z", "modified": "2026-06-02T15:57:35.238855Z", "name": "Malicious Extension: Target Ghost Ad Spy Tool", "description": "Malicious browser extension: Target Ghost Ad Spy Tool (foffcafkphimgepdldlhedjmhciagfkm) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/foffcafkphimgepdldlhedjmhciagfkm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-28T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:foffcafkphimgepdldlhedjmhciagfkm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/foffcafkphimgepdldlhedjmhciagfkm", "external_id": "foffcafkphimgepdldlhedjmhciagfkm"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--32cae595-c497-410f-92fd-525dfebd7f4e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.240043Z", "modified": "2026-06-02T15:57:35.240043Z", "name": "Malicious Extension: Vimup Video Downloader", "description": "Malicious browser extension: Vimup Video Downloader (hohmldahlhbnckmkdilgflcmpcanabmh) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hohmldahlhbnckmkdilgflcmpcanabmh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-27T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hohmldahlhbnckmkdilgflcmpcanabmh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hohmldahlhbnckmkdilgflcmpcanabmh", "external_id": "hohmldahlhbnckmkdilgflcmpcanabmh"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0bffe0fe-3f31-4795-aa17-c7c322ae4aba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.241056Z", "modified": "2026-06-02T15:57:35.241056Z", "name": "Malicious Extension: Unblock Youtube Discord C", "description": "Malicious browser extension: Unblock Youtube Discord C (ogonnpiabgolmonfpfbnkbjkaljgkeok) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ogonnpiabgolmonfpfbnkbjkaljgkeok']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-27T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ogonnpiabgolmonfpfbnkbjkaljgkeok", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ogonnpiabgolmonfpfbnkbjkaljgkeok", "external_id": "ogonnpiabgolmonfpfbnkbjkaljgkeok"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c196a983-2d47-4719-932c-b121a649dd27", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.242072Z", "modified": "2026-06-02T15:57:35.242072Z", "name": "Malicious Extension: Simplesflow", "description": "Malicious browser extension: Simplesflow (pncjgkkkojifceghhpengahpkckghlhk) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pncjgkkkojifceghhpengahpkckghlhk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-27T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pncjgkkkojifceghhpengahpkckghlhk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pncjgkkkojifceghhpengahpkckghlhk", "external_id": "pncjgkkkojifceghhpengahpkckghlhk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a966e298-46c7-4700-94cf-106a2cdbd9cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.243076Z", "modified": "2026-06-02T15:57:35.243076Z", "name": "Malicious Extension: \u0430\u043c\u043d\u0435\u0437\u0438\u044f Vpn \u2013 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432", "description": "Malicious browser extension: \u0430\u043c\u043d\u0435\u0437\u0438\u044f Vpn \u2013 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432 (lddaoiilonccpbomblnacdhhhnjdpkol) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lddaoiilonccpbomblnacdhhhnjdpkol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-27T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lddaoiilonccpbomblnacdhhhnjdpkol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lddaoiilonccpbomblnacdhhhnjdpkol", "external_id": "lddaoiilonccpbomblnacdhhhnjdpkol"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--015dc84d-16b3-4a1a-94d5-be9d6e256203", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.24409Z", "modified": "2026-06-02T15:57:35.24409Z", "name": "Malicious Extension: Pocket To Podcast", "description": "Malicious browser extension: Pocket To Podcast (mpjhffojikehlgkaoagnacmjbeifhbhp) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mpjhffojikehlgkaoagnacmjbeifhbhp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-27T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mpjhffojikehlgkaoagnacmjbeifhbhp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mpjhffojikehlgkaoagnacmjbeifhbhp", "external_id": "mpjhffojikehlgkaoagnacmjbeifhbhp"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1e5c7732-c315-4c2f-a6e3-724110bfb7cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.245101Z", "modified": "2026-06-02T15:57:35.245101Z", "name": "Malicious Extension: Video Downloader For Face", "description": "Malicious browser extension: Video Downloader For Face (jmnbkagmgippahjaaebhcgldlnadmhee) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jmnbkagmgippahjaaebhcgldlnadmhee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-27T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jmnbkagmgippahjaaebhcgldlnadmhee", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jmnbkagmgippahjaaebhcgldlnadmhee", "external_id": "jmnbkagmgippahjaaebhcgldlnadmhee"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f322edd6-c627-4ca4-87fd-289f3467abe1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.246108Z", "modified": "2026-06-02T15:57:35.246108Z", "name": "Malicious Extension: Nsp Onetab", "description": "Malicious browser extension: Nsp Onetab (konhegkdbiicoapggdjdjlgncoecgleg) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/konhegkdbiicoapggdjdjlgncoecgleg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-27T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:konhegkdbiicoapggdjdjlgncoecgleg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/konhegkdbiicoapggdjdjlgncoecgleg", "external_id": "konhegkdbiicoapggdjdjlgncoecgleg"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bce7178d-effb-4dc3-84b9-33f95fb255c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.247272Z", "modified": "2026-06-02T15:57:35.247272Z", "name": "Malicious Extension: Discord Grabber Extension", "description": "Malicious browser extension: Discord Grabber Extension (alckjegiejadcodpcjfcicmcpnpoilbd) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/alckjegiejadcodpcjfcicmcpnpoilbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:alckjegiejadcodpcjfcicmcpnpoilbd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/alckjegiejadcodpcjfcicmcpnpoilbd", "external_id": "alckjegiejadcodpcjfcicmcpnpoilbd"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--34064c3f-6357-4fe8-8388-2134b8ef228c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.248289Z", "modified": "2026-06-02T15:57:35.248289Z", "name": "Malicious Extension: Website Traffic Checker M", "description": "Malicious browser extension: Website Traffic Checker M (aapdalkmclfaahehnmicbglkohkldhne) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aapdalkmclfaahehnmicbglkohkldhne']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aapdalkmclfaahehnmicbglkohkldhne", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aapdalkmclfaahehnmicbglkohkldhne", "external_id": "aapdalkmclfaahehnmicbglkohkldhne"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--0b5a8fad-e8b5-4f99-8a73-b93d71d2fa1e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.249288Z", "modified": "2026-06-02T15:57:35.249288Z", "name": "Malicious Extension: Gpt X", "description": "Malicious browser extension: Gpt X (kabdengckniajpklimedikipkkheefjj) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kabdengckniajpklimedikipkkheefjj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kabdengckniajpklimedikipkkheefjj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kabdengckniajpklimedikipkkheefjj", "external_id": "kabdengckniajpklimedikipkkheefjj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--88ec0d64-c402-4271-bca7-b0b98b6d4c53", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.250291Z", "modified": "2026-06-02T15:57:35.250291Z", "name": "Malicious Extension: Tiktok Analytics", "description": "Malicious browser extension: Tiktok Analytics (mmcpfohhfeomglnlfilelojkchefajip) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmcpfohhfeomglnlfilelojkchefajip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmcpfohhfeomglnlfilelojkchefajip", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmcpfohhfeomglnlfilelojkchefajip", "external_id": "mmcpfohhfeomglnlfilelojkchefajip"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--dad47242-0508-4096-bbf3-a578878a7c75", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.251341Z", "modified": "2026-06-02T15:57:35.251341Z", "name": "Malicious Extension: Tiktok Comment Exporter E", "description": "Malicious browser extension: Tiktok Comment Exporter E (gbfiadncpbcjhahkbdfglobhocjgmhfi) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gbfiadncpbcjhahkbdfglobhocjgmhfi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gbfiadncpbcjhahkbdfglobhocjgmhfi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gbfiadncpbcjhahkbdfglobhocjgmhfi", "external_id": "gbfiadncpbcjhahkbdfglobhocjgmhfi"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d9b4664c-17a9-4f38-b098-f3c0c4c4bef5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.252354Z", "modified": "2026-06-02T15:57:35.252354Z", "name": "Malicious Extension: Tiktok Video Downloader", "description": "Malicious browser extension: Tiktok Video Downloader (neknljghdeiainlifcalpnkfbdicnghc) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/neknljghdeiainlifcalpnkfbdicnghc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:neknljghdeiainlifcalpnkfbdicnghc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/neknljghdeiainlifcalpnkfbdicnghc", "external_id": "neknljghdeiainlifcalpnkfbdicnghc"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e120d40b-8a1b-43f7-8037-43e2bfb1b0b7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.253358Z", "modified": "2026-06-02T15:57:35.253358Z", "name": "Malicious Extension: Trust Wallet Secure Notes", "description": "Malicious browser extension: Trust Wallet Secure Notes (elfbigacoidmjleehfjhgkahdndopcfj) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/elfbigacoidmjleehfjhgkahdndopcfj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:elfbigacoidmjleehfjhgkahdndopcfj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/elfbigacoidmjleehfjhgkahdndopcfj", "external_id": "elfbigacoidmjleehfjhgkahdndopcfj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bd693d99-e9f5-46d9-aacd-e5ab291fe9b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.254513Z", "modified": "2026-06-02T15:57:35.254513Z", "name": "Malicious Extension: Final Fantasy Stormblood", "description": "Malicious browser extension: Final Fantasy Stormblood (bbjafcjmegfefhlhkcanahpomdcmmibn) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bbjafcjmegfefhlhkcanahpomdcmmibn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-25T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bbjafcjmegfefhlhkcanahpomdcmmibn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bbjafcjmegfefhlhkcanahpomdcmmibn", "external_id": "bbjafcjmegfefhlhkcanahpomdcmmibn"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--58791127-124c-4ca1-8e5e-ee6d5d34175c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.255537Z", "modified": "2026-06-02T15:57:35.255537Z", "name": "Malicious Extension: Safepal Wallet Secure Not", "description": "Malicious browser extension: Safepal Wallet Secure Not (pfonmpmfmkbamnpckphpghoagglnenad) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfonmpmfmkbamnpckphpghoagglnenad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-25T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfonmpmfmkbamnpckphpghoagglnenad", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfonmpmfmkbamnpckphpghoagglnenad", "external_id": "pfonmpmfmkbamnpckphpghoagglnenad"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--94f43881-0ba4-480c-956a-807fe8f87ed8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.256557Z", "modified": "2026-06-02T15:57:35.256557Z", "name": "Malicious Extension: Linguafranca", "description": "Malicious browser extension: Linguafranca (jjjehgebfecefmkfahdcmggghohnkddj) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jjjehgebfecefmkfahdcmggghohnkddj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-25T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jjjehgebfecefmkfahdcmggghohnkddj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jjjehgebfecefmkfahdcmggghohnkddj", "external_id": "jjjehgebfecefmkfahdcmggghohnkddj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b56f41fb-184d-4b59-afcb-99557f1abc09", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.257582Z", "modified": "2026-06-02T15:57:35.257582Z", "name": "Malicious Extension: \u05e4\u05d9\u05e0\u05d5\u05e7\u05d9\u05dd \u05d7\u05d9\u05e4\u05d5\u05e9 \u05d1\u05d8\u05d5\u05d7 \u05d5\u05de\u05d4\u05d9\u05e8", "description": "Malicious browser extension: \u05e4\u05d9\u05e0\u05d5\u05e7\u05d9\u05dd \u05d7\u05d9\u05e4\u05d5\u05e9 \u05d1\u05d8\u05d5\u05d7 \u05d5\u05de\u05d4\u05d9\u05e8 (apjappedjeldbandppbcigamkkhoooka) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/apjappedjeldbandppbcigamkkhoooka']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-25T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:apjappedjeldbandppbcigamkkhoooka", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/apjappedjeldbandppbcigamkkhoooka", "external_id": "apjappedjeldbandppbcigamkkhoooka"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--44b3c33b-1c3a-44e1-b0da-fbc45d94522c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.258595Z", "modified": "2026-06-02T15:57:35.258595Z", "name": "Malicious Extension: Fnaf Five Nights At Fredd", "description": "Malicious browser extension: Fnaf Five Nights At Fredd (lfoapagiglbbmpaoibnhbpcofpnaipff) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lfoapagiglbbmpaoibnhbpcofpnaipff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lfoapagiglbbmpaoibnhbpcofpnaipff", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lfoapagiglbbmpaoibnhbpcofpnaipff", "external_id": "lfoapagiglbbmpaoibnhbpcofpnaipff"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9c25ce8c-bd26-48e9-9f89-ac1ca3d0c805", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.259641Z", "modified": "2026-06-02T15:57:35.259641Z", "name": "Malicious Extension: 2048 Cupcakes Game", "description": "Malicious browser extension: 2048 Cupcakes Game (odclgeagcoikcdkolkjnmafjcfocmnjk) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/odclgeagcoikcdkolkjnmafjcfocmnjk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:odclgeagcoikcdkolkjnmafjcfocmnjk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/odclgeagcoikcdkolkjnmafjcfocmnjk", "external_id": "odclgeagcoikcdkolkjnmafjcfocmnjk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--318ac25d-149a-4c23-8a90-ea544a88b514", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.260661Z", "modified": "2026-06-02T15:57:35.260661Z", "name": "Malicious Extension: Shooting Ships Game", "description": "Malicious browser extension: Shooting Ships Game (bngplmckfmcbblkahgadbpodjjjfbmph) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bngplmckfmcbblkahgadbpodjjjfbmph']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bngplmckfmcbblkahgadbpodjjjfbmph", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bngplmckfmcbblkahgadbpodjjjfbmph", "external_id": "bngplmckfmcbblkahgadbpodjjjfbmph"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c84f79ff-7a74-4b47-9fe8-a8e1516fc517", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.261821Z", "modified": "2026-06-02T15:57:35.261821Z", "name": "Malicious Extension: Bubble Shooter Unblocked", "description": "Malicious browser extension: Bubble Shooter Unblocked (bmngojcddjipokbdadbminojolebinbl) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bmngojcddjipokbdadbminojolebinbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bmngojcddjipokbdadbminojolebinbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bmngojcddjipokbdadbminojolebinbl", "external_id": "bmngojcddjipokbdadbminojolebinbl"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c8e249f9-61ec-4be0-9e2e-11cd6e3da606", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.262837Z", "modified": "2026-06-02T15:57:35.262837Z", "name": "Malicious Extension: Flappy Bird Reborn", "description": "Malicious browser extension: Flappy Bird Reborn (akbdpijbdinhefkdmlejcejnnlhloadh) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/akbdpijbdinhefkdmlejcejnnlhloadh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:akbdpijbdinhefkdmlejcejnnlhloadh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/akbdpijbdinhefkdmlejcejnnlhloadh", "external_id": "akbdpijbdinhefkdmlejcejnnlhloadh"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8f554885-6e9c-4a04-bbd1-60f3ca1cc6c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.263855Z", "modified": "2026-06-02T15:57:35.263855Z", "name": "Malicious Extension: Dino Rush T Rex", "description": "Malicious browser extension: Dino Rush T Rex (dkhphblbcfigaakffhpmdnldfcnpfkmj) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dkhphblbcfigaakffhpmdnldfcnpfkmj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dkhphblbcfigaakffhpmdnldfcnpfkmj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dkhphblbcfigaakffhpmdnldfcnpfkmj", "external_id": "dkhphblbcfigaakffhpmdnldfcnpfkmj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9c195d26-674e-4cce-a9a0-a4eab3e5d60a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.264867Z", "modified": "2026-06-02T15:57:35.264867Z", "name": "Malicious Extension: Merge Coffee Game", "description": "Malicious browser extension: Merge Coffee Game (enjhobkjefepjmmikomihdapcdilanai) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/enjhobkjefepjmmikomihdapcdilanai']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:enjhobkjefepjmmikomihdapcdilanai", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/enjhobkjefepjmmikomihdapcdilanai", "external_id": "enjhobkjefepjmmikomihdapcdilanai"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--362b7558-7265-44c6-8570-206a4a0fe268", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.265862Z", "modified": "2026-06-02T15:57:35.265862Z", "name": "Malicious Extension: Your Speech Factory", "description": "Malicious browser extension: Your Speech Factory (flllchpbmahciemkedlbhmgojgfkpndo) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/flllchpbmahciemkedlbhmgojgfkpndo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:flllchpbmahciemkedlbhmgojgfkpndo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/flllchpbmahciemkedlbhmgojgfkpndo", "external_id": "flllchpbmahciemkedlbhmgojgfkpndo"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--282d389a-53d2-4a31-8bbd-d9f2df636e27", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.266883Z", "modified": "2026-06-02T15:57:35.266883Z", "name": "Malicious Extension: Gun Mayhem Unblocked", "description": "Malicious browser extension: Gun Mayhem Unblocked (hmfgmmmbceccgdheokklfgeagdmaeaoe) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hmfgmmmbceccgdheokklfgeagdmaeaoe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hmfgmmmbceccgdheokklfgeagdmaeaoe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hmfgmmmbceccgdheokklfgeagdmaeaoe", "external_id": "hmfgmmmbceccgdheokklfgeagdmaeaoe"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d491ae50-7630-4444-9795-0e427cfa7224", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.267895Z", "modified": "2026-06-02T15:57:35.267895Z", "name": "Malicious Extension: \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u0439 Vpn \u0432\u043f\u043d 1Vpn \u0434", "description": "Malicious browser extension: \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u0439 Vpn \u0432\u043f\u043d 1Vpn \u0434 (lggkajpnihaenfdkekebaegnjcknlied) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lggkajpnihaenfdkekebaegnjcknlied']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lggkajpnihaenfdkekebaegnjcknlied", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lggkajpnihaenfdkekebaegnjcknlied", "external_id": "lggkajpnihaenfdkekebaegnjcknlied"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f7a80e0a-1285-4d8d-98eb-e81591f52b38", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.269056Z", "modified": "2026-06-02T15:57:35.269056Z", "name": "Malicious Extension: Dinosaur Run Dinosaur Gam", "description": "Malicious browser extension: Dinosaur Run Dinosaur Gam (ncbmhlhkeigdflmfnkjpihhmdmdmebmc) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ncbmhlhkeigdflmfnkjpihhmdmdmebmc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ncbmhlhkeigdflmfnkjpihhmdmdmebmc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ncbmhlhkeigdflmfnkjpihhmdmdmebmc", "external_id": "ncbmhlhkeigdflmfnkjpihhmdmdmebmc"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--eb868fd1-80ab-48d0-b9d8-3ada37db3664", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.270061Z", "modified": "2026-06-02T15:57:35.270061Z", "name": "Malicious Extension: Web Client For Master Che", "description": "Malicious browser extension: Web Client For Master Che (njlgoioohijdnoiodblkhmodkkmgkcig) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/njlgoioohijdnoiodblkhmodkkmgkcig']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:njlgoioohijdnoiodblkhmodkkmgkcig", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/njlgoioohijdnoiodblkhmodkkmgkcig", "external_id": "njlgoioohijdnoiodblkhmodkkmgkcig"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9a782714-6f1e-455f-b799-04211a4b5273", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.271061Z", "modified": "2026-06-02T15:57:35.271061Z", "name": "Malicious Extension: Smartzy Learning Agent", "description": "Malicious browser extension: Smartzy Learning Agent (bpjmjdhainlajgjpaedjihnicngdaobb) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bpjmjdhainlajgjpaedjihnicngdaobb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bpjmjdhainlajgjpaedjihnicngdaobb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bpjmjdhainlajgjpaedjihnicngdaobb", "external_id": "bpjmjdhainlajgjpaedjihnicngdaobb"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a503c36a-ff35-494e-9aae-ea1a9fc8994b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.272074Z", "modified": "2026-06-02T15:57:35.272074Z", "name": "Malicious Extension: Bn37\u0643\u0648\u062f \u062e\u0635\u0645 \u0633\u064a\u062a\u0631\u0648\u0633 \u062d\u062a\u0649 50", "description": "Malicious browser extension: Bn37\u0643\u0648\u062f \u062e\u0635\u0645 \u0633\u064a\u062a\u0631\u0648\u0633 \u062d\u062a\u0649 50 (pfkbaiflhbkegpmgjkghebcocpdlljna) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfkbaiflhbkegpmgjkghebcocpdlljna']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfkbaiflhbkegpmgjkghebcocpdlljna", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfkbaiflhbkegpmgjkghebcocpdlljna", "external_id": "pfkbaiflhbkegpmgjkghebcocpdlljna"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f2d458ed-df6a-4911-8038-bfbf522fc0c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.273084Z", "modified": "2026-06-02T15:57:35.273084Z", "name": "Malicious Extension: Alibaba Search By Image", "description": "Malicious browser extension: Alibaba Search By Image (begnkfeikebdelojdklgfkbhbeboilne) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/begnkfeikebdelojdklgfkbhbeboilne']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:begnkfeikebdelojdklgfkbhbeboilne", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/begnkfeikebdelojdklgfkbhbeboilne", "external_id": "begnkfeikebdelojdklgfkbhbeboilne"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a38f4c90-dd44-435a-8d06-8f78f9f48abd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.274081Z", "modified": "2026-06-02T15:57:35.274081Z", "name": "Malicious Extension: Calculator Extension App", "description": "Malicious browser extension: Calculator Extension App (fjbpccjakcncgogehcjbecabehamcjmm) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fjbpccjakcncgogehcjbecabehamcjmm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fjbpccjakcncgogehcjbecabehamcjmm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fjbpccjakcncgogehcjbecabehamcjmm", "external_id": "fjbpccjakcncgogehcjbecabehamcjmm"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d9f3bef9-5c6a-46de-bc5f-48305af8897b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.275076Z", "modified": "2026-06-02T15:57:35.275076Z", "name": "Malicious Extension: Website Blocker For Chrom", "description": "Malicious browser extension: Website Blocker For Chrom (habaaobnclljeaifmhlaimngklnieedl) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/habaaobnclljeaifmhlaimngklnieedl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:habaaobnclljeaifmhlaimngklnieedl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/habaaobnclljeaifmhlaimngklnieedl", "external_id": "habaaobnclljeaifmhlaimngklnieedl"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--85613216-c165-430e-aba7-685f5dc15d01", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.276236Z", "modified": "2026-06-02T15:57:35.276236Z", "name": "Malicious Extension: Indutiva CRM", "description": "Malicious browser extension: Indutiva CRM (ldgfbmnjkfncahaljnceanjaabkbjnca) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ldgfbmnjkfncahaljnceanjaabkbjnca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ldgfbmnjkfncahaljnceanjaabkbjnca", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ldgfbmnjkfncahaljnceanjaabkbjnca", "external_id": "ldgfbmnjkfncahaljnceanjaabkbjnca"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c4b51421-1c3b-4327-96c9-1bc0d12f18e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.27725Z", "modified": "2026-06-02T15:57:35.27725Z", "name": "Malicious Extension: Bloxd Io Original", "description": "Malicious browser extension: Bloxd Io Original (ackibjdmcolfjjdpabnfjipaolkkpagp) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ackibjdmcolfjjdpabnfjipaolkkpagp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ackibjdmcolfjjdpabnfjipaolkkpagp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ackibjdmcolfjjdpabnfjipaolkkpagp", "external_id": "ackibjdmcolfjjdpabnfjipaolkkpagp"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3e8de584-e363-4699-bf2a-4e55e141f84f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.278248Z", "modified": "2026-06-02T15:57:35.278248Z", "name": "Malicious Extension: Patreon Scraper", "description": "Malicious browser extension: Patreon Scraper (cofdkjlleejhgmhacajalbhedbdncgki) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cofdkjlleejhgmhacajalbhedbdncgki']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cofdkjlleejhgmhacajalbhedbdncgki", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cofdkjlleejhgmhacajalbhedbdncgki", "external_id": "cofdkjlleejhgmhacajalbhedbdncgki"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9a88d234-98aa-4f57-8262-219dfa6bfb24", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.279262Z", "modified": "2026-06-02T15:57:35.279262Z", "name": "Malicious Extension: Tower Building Unblocked", "description": "Malicious browser extension: Tower Building Unblocked (encombjcejjemnlienalodhndnmhkbei) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/encombjcejjemnlienalodhndnmhkbei']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:encombjcejjemnlienalodhndnmhkbei", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/encombjcejjemnlienalodhndnmhkbei", "external_id": "encombjcejjemnlienalodhndnmhkbei"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--69f66b00-e05e-49b1-b78a-665cf8a0d250", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.280267Z", "modified": "2026-06-02T15:57:35.280267Z", "name": "Malicious Extension: Homes R Us \u0643\u0648\u062f \u062e\u0635\u0645 \u0647\u0648\u0645 \u0627\u0631", "description": "Malicious browser extension: Homes R Us \u0643\u0648\u062f \u062e\u0635\u0645 \u0647\u0648\u0645 \u0627\u0631 (nijnkgiblphhmlodoocdahedieakejaj) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nijnkgiblphhmlodoocdahedieakejaj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nijnkgiblphhmlodoocdahedieakejaj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nijnkgiblphhmlodoocdahedieakejaj", "external_id": "nijnkgiblphhmlodoocdahedieakejaj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8bcda954-73aa-4960-9dd4-f2b630dfbcf3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.281268Z", "modified": "2026-06-02T15:57:35.281268Z", "name": "Malicious Extension: \u0643\u0648\u062f \u062e\u0635\u0645 \u062c\u064a\u0646\u064a \u0627\u0644\u0633\u0639\u0648\u062f\u064a\u0629 \u0627\u0648\u0644", "description": "Malicious browser extension: \u0643\u0648\u062f \u062e\u0635\u0645 \u062c\u064a\u0646\u064a \u0627\u0644\u0633\u0639\u0648\u062f\u064a\u0629 \u0627\u0648\u0644 (cddelmfealiejgocenpeoddnpghhhkhd) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cddelmfealiejgocenpeoddnpghhhkhd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cddelmfealiejgocenpeoddnpghhhkhd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cddelmfealiejgocenpeoddnpghhhkhd", "external_id": "cddelmfealiejgocenpeoddnpghhhkhd"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7e575e7e-c895-4da3-bb1c-98dab36e6f1e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.282272Z", "modified": "2026-06-02T15:57:35.282272Z", "name": "Malicious Extension: Drive Mad 3", "description": "Malicious browser extension: Drive Mad 3 (cochhogbgjdippajielcnibciofehabe) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cochhogbgjdippajielcnibciofehabe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cochhogbgjdippajielcnibciofehabe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cochhogbgjdippajielcnibciofehabe", "external_id": "cochhogbgjdippajielcnibciofehabe"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--66970b35-ac44-4227-9b38-9e6fb0011802", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.283431Z", "modified": "2026-06-02T15:57:35.283431Z", "name": "Malicious Extension: Monkey Friends", "description": "Malicious browser extension: Monkey Friends (kecnnjleenjkdgemjhdjmlbgbooengen) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kecnnjleenjkdgemjhdjmlbgbooengen']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kecnnjleenjkdgemjhdjmlbgbooengen", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kecnnjleenjkdgemjhdjmlbgbooengen", "external_id": "kecnnjleenjkdgemjhdjmlbgbooengen"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8c088146-4b34-412a-83b6-14b351beb87d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.284437Z", "modified": "2026-06-02T15:57:35.284437Z", "name": "Malicious Extension: Mergis Game", "description": "Malicious browser extension: Mergis Game (monokhkbflaecfhdneifdhndjaiddclk) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/monokhkbflaecfhdneifdhndjaiddclk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:monokhkbflaecfhdneifdhndjaiddclk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/monokhkbflaecfhdneifdhndjaiddclk", "external_id": "monokhkbflaecfhdneifdhndjaiddclk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6c521f47-e68f-4315-ba38-d4a7e41e9e13", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.285444Z", "modified": "2026-06-02T15:57:35.285444Z", "name": "Malicious Extension: Suika Game", "description": "Malicious browser extension: Suika Game (oplcfhebmbbmakfpjnpkjfjgffmbblnf) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oplcfhebmbbmakfpjnpkjfjgffmbblnf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oplcfhebmbbmakfpjnpkjfjgffmbblnf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oplcfhebmbbmakfpjnpkjfjgffmbblnf", "external_id": "oplcfhebmbbmakfpjnpkjfjgffmbblnf"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6eac807e-c57a-4d51-9c12-78e98691900e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.286446Z", "modified": "2026-06-02T15:57:35.286446Z", "name": "Malicious Extension: Retro Bowl Unblocked Free", "description": "Malicious browser extension: Retro Bowl Unblocked Free (pdjclflancfeeklibghhedhggipdcopb) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdjclflancfeeklibghhedhggipdcopb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdjclflancfeeklibghhedhggipdcopb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdjclflancfeeklibghhedhggipdcopb", "external_id": "pdjclflancfeeklibghhedhggipdcopb"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2c2a5c6f-9328-4481-a155-1c8a2b8c9987", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.287461Z", "modified": "2026-06-02T15:57:35.287461Z", "name": "Malicious Extension: Happy Wheels Unblocked Fr", "description": "Malicious browser extension: Happy Wheels Unblocked Fr (mohlgbjlnjoapphcfgmllpkoogabdhjc) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mohlgbjlnjoapphcfgmllpkoogabdhjc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mohlgbjlnjoapphcfgmllpkoogabdhjc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mohlgbjlnjoapphcfgmllpkoogabdhjc", "external_id": "mohlgbjlnjoapphcfgmllpkoogabdhjc"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--df063083-0548-454b-8143-e8cde29bdddb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.288469Z", "modified": "2026-06-02T15:57:35.288469Z", "name": "Malicious Extension: Rumble Downloader", "description": "Malicious browser extension: Rumble Downloader (okcfkmfllmnckdeibjikkafajliondca) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/okcfkmfllmnckdeibjikkafajliondca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:okcfkmfllmnckdeibjikkafajliondca", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/okcfkmfllmnckdeibjikkafajliondca", "external_id": "okcfkmfllmnckdeibjikkafajliondca"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2a6e87e3-7a13-48d4-a1c6-3736ed1bc288", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.289486Z", "modified": "2026-06-02T15:57:35.289486Z", "name": "Malicious Extension: Death Run 3D Official", "description": "Malicious browser extension: Death Run 3D Official (nfocihmlmhenkgiopgffdcmidppofgae) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nfocihmlmhenkgiopgffdcmidppofgae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nfocihmlmhenkgiopgffdcmidppofgae", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nfocihmlmhenkgiopgffdcmidppofgae", "external_id": "nfocihmlmhenkgiopgffdcmidppofgae"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--474a34f8-618b-48f3-8f06-ed58ad245b80", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.290646Z", "modified": "2026-06-02T15:57:35.290646Z", "name": "Malicious Extension: D19\u0643\u0648\u062f \u062e\u0635\u0645 \u0644\u0648\u0644\u0648\u0644\u064a\u0645\u0648\u0646 Lulu", "description": "Malicious browser extension: D19\u0643\u0648\u062f \u062e\u0635\u0645 \u0644\u0648\u0644\u0648\u0644\u064a\u0645\u0648\u0646 Lulu (aibjfbcpaaaaoopdffdfjnllodjehcjg) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/aibjfbcpaaaaoopdffdfjnllodjehcjg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:aibjfbcpaaaaoopdffdfjnllodjehcjg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/aibjfbcpaaaaoopdffdfjnllodjehcjg", "external_id": "aibjfbcpaaaaoopdffdfjnllodjehcjg"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--3c5ee532-3074-433b-b5fd-f33e2320cc3d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.291679Z", "modified": "2026-06-02T15:57:35.291679Z", "name": "Malicious Extension: Fancy Girls Dress Up", "description": "Malicious browser extension: Fancy Girls Dress Up (fhgepkcoifnmeeglogflapanfajfpakd) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fhgepkcoifnmeeglogflapanfajfpakd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fhgepkcoifnmeeglogflapanfajfpakd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fhgepkcoifnmeeglogflapanfajfpakd", "external_id": "fhgepkcoifnmeeglogflapanfajfpakd"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e20d0a7a-dc57-486c-851f-dbd5bf432b55", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.292685Z", "modified": "2026-06-02T15:57:35.292685Z", "name": "Malicious Extension: Block Blast Match 3 Littl", "description": "Malicious browser extension: Block Blast Match 3 Littl (ojlejpbpkmiemidpnpiikmlkmnnfbjnn) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ojlejpbpkmiemidpnpiikmlkmnnfbjnn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ojlejpbpkmiemidpnpiikmlkmnnfbjnn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ojlejpbpkmiemidpnpiikmlkmnnfbjnn", "external_id": "ojlejpbpkmiemidpnpiikmlkmnnfbjnn"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7e94e5f5-7be6-45b7-b3ff-d3b88f2a77e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.293702Z", "modified": "2026-06-02T15:57:35.293702Z", "name": "Malicious Extension: Papas Freezeria Unblocked", "description": "Malicious browser extension: Papas Freezeria Unblocked (bcfofkiahdjbphfahbkdbgjcjlahepdo) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bcfofkiahdjbphfahbkdbgjcjlahepdo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bcfofkiahdjbphfahbkdbgjcjlahepdo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bcfofkiahdjbphfahbkdbgjcjlahepdo", "external_id": "bcfofkiahdjbphfahbkdbgjcjlahepdo"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c06d8a86-3621-4ea1-a123-ef0d8b7b1d0b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.294698Z", "modified": "2026-06-02T15:57:35.294698Z", "name": "Malicious Extension: Candy Diamond Game", "description": "Malicious browser extension: Candy Diamond Game (pdbnijkgbcahmiijbahpnnhiocpjmmfe) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pdbnijkgbcahmiijbahpnnhiocpjmmfe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pdbnijkgbcahmiijbahpnnhiocpjmmfe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pdbnijkgbcahmiijbahpnnhiocpjmmfe", "external_id": "pdbnijkgbcahmiijbahpnnhiocpjmmfe"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4e018c3b-89f9-4458-861d-112bea7267d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.295718Z", "modified": "2026-06-02T15:57:35.295718Z", "name": "Malicious Extension: Candy Crush For Pcwindows", "description": "Malicious browser extension: Candy Crush For Pcwindows (kbfchkfgpjlgkbblponkmpjgffoekhdp) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kbfchkfgpjlgkbblponkmpjgffoekhdp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kbfchkfgpjlgkbblponkmpjgffoekhdp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kbfchkfgpjlgkbblponkmpjgffoekhdp", "external_id": "kbfchkfgpjlgkbblponkmpjgffoekhdp"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d47944a4-25e2-415c-bd70-16e9cc46e52c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.296742Z", "modified": "2026-06-02T15:57:35.296742Z", "name": "Malicious Extension: Web Client For Bridge Run", "description": "Malicious browser extension: Web Client For Bridge Run (oiajfnpkjplaplljpndjlkleohiidlle) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/oiajfnpkjplaplljpndjlkleohiidlle']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:oiajfnpkjplaplljpndjlkleohiidlle", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/oiajfnpkjplaplljpndjlkleohiidlle", "external_id": "oiajfnpkjplaplljpndjlkleohiidlle"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1ed1b847-10c1-4cfe-bf9f-1e4ccc858cb1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.298794Z", "modified": "2026-06-02T15:57:35.298794Z", "name": "Malicious Extension: Pac Circle Game", "description": "Malicious browser extension: Pac Circle Game (gabomfhfghccdcgjllidfalkgjmipgcn) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gabomfhfghccdcgjllidfalkgjmipgcn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gabomfhfghccdcgjllidfalkgjmipgcn", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gabomfhfghccdcgjllidfalkgjmipgcn", "external_id": "gabomfhfghccdcgjllidfalkgjmipgcn"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--09f016c1-f587-40f2-b227-daec2772fde2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.299918Z", "modified": "2026-06-02T15:57:35.299918Z", "name": "Malicious Extension: Facebook Groups Bulk Post", "description": "Malicious browser extension: Facebook Groups Bulk Post (neknfaddjhokmoajmhadjikdlieknmbk) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/neknfaddjhokmoajmhadjikdlieknmbk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:neknfaddjhokmoajmhadjikdlieknmbk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/neknfaddjhokmoajmhadjikdlieknmbk", "external_id": "neknfaddjhokmoajmhadjikdlieknmbk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--820af94b-c159-4456-879b-9387ebc6ac10", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.30095Z", "modified": "2026-06-02T15:57:35.30095Z", "name": "Malicious Extension: Redboy And Bluegirl Origi", "description": "Malicious browser extension: Redboy And Bluegirl Origi (pighfkoggjeehadnjihpjoncmplcdbhd) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pighfkoggjeehadnjihpjoncmplcdbhd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pighfkoggjeehadnjihpjoncmplcdbhd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pighfkoggjeehadnjihpjoncmplcdbhd", "external_id": "pighfkoggjeehadnjihpjoncmplcdbhd"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7a0cff43-326c-472d-b38d-ac5d0f8fe83c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.301957Z", "modified": "2026-06-02T15:57:35.301957Z", "name": "Malicious Extension: Flyin \u0643\u0648\u062f \u062e\u0635\u0645 \u0641\u0644\u0627\u064a \u0627\u0646 \u062d\u062a\u0649", "description": "Malicious browser extension: Flyin \u0643\u0648\u062f \u062e\u0635\u0645 \u0641\u0644\u0627\u064a \u0627\u0646 \u062d\u062a\u0649 (fhndilegplkppplbmkfikjdoeoimceam) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fhndilegplkppplbmkfikjdoeoimceam']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fhndilegplkppplbmkfikjdoeoimceam", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fhndilegplkppplbmkfikjdoeoimceam", "external_id": "fhndilegplkppplbmkfikjdoeoimceam"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--10017df3-27c5-4391-8631-896a1cf5f376", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.302956Z", "modified": "2026-06-02T15:57:35.302956Z", "name": "Malicious Extension: Fnp \u0643\u0648\u062f \u062e\u0635\u0645 \u0641\u064a\u0631\u0646\u0632 \u0627\u0646\u062f \u0628\u064a\u062a", "description": "Malicious browser extension: Fnp \u0643\u0648\u062f \u062e\u0635\u0645 \u0641\u064a\u0631\u0646\u0632 \u0627\u0646\u062f \u0628\u064a\u062a (nnfbhpgppkmampmhepfhddklndhglafa) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nnfbhpgppkmampmhepfhddklndhglafa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nnfbhpgppkmampmhepfhddklndhglafa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nnfbhpgppkmampmhepfhddklndhglafa", "external_id": "nnfbhpgppkmampmhepfhddklndhglafa"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bbc99d18-f30a-489c-bef3-513e4f859472", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.303985Z", "modified": "2026-06-02T15:57:35.303985Z", "name": "Malicious Extension: Rogre", "description": "Malicious browser extension: Rogre (ncjainkblnpjoljebgkhpmkmfgcopefk) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ncjainkblnpjoljebgkhpmkmfgcopefk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ncjainkblnpjoljebgkhpmkmfgcopefk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ncjainkblnpjoljebgkhpmkmfgcopefk", "external_id": "ncjainkblnpjoljebgkhpmkmfgcopefk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--39334a01-ad7e-464c-b3ed-73f29b15a4ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.305001Z", "modified": "2026-06-02T15:57:35.305001Z", "name": "Malicious Extension: Coinview Tracker", "description": "Malicious browser extension: Coinview Tracker (fokjicplplekicdnkdaagllgmejbednd) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fokjicplplekicdnkdaagllgmejbednd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fokjicplplekicdnkdaagllgmejbednd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fokjicplplekicdnkdaagllgmejbednd", "external_id": "fokjicplplekicdnkdaagllgmejbednd"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c5823556-2629-4d99-9add-b1692c106052", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.306156Z", "modified": "2026-06-02T15:57:35.306156Z", "name": "Malicious Extension: Doodle Jump For Chrome Ga", "description": "Malicious browser extension: Doodle Jump For Chrome Ga (cnhmgdfidmnmjepklhbeckjmaaojofob) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cnhmgdfidmnmjepklhbeckjmaaojofob']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cnhmgdfidmnmjepklhbeckjmaaojofob", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cnhmgdfidmnmjepklhbeckjmaaojofob", "external_id": "cnhmgdfidmnmjepklhbeckjmaaojofob"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--513c7906-bb82-42c7-8a5e-39ef01f39fcc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.307186Z", "modified": "2026-06-02T15:57:35.307186Z", "name": "Malicious Extension: Age Of War Rush Game", "description": "Malicious browser extension: Age Of War Rush Game (cbfamilfacjghhlomcbjjjeccjflbifc) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbfamilfacjghhlomcbjjjeccjflbifc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cbfamilfacjghhlomcbjjjeccjflbifc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbfamilfacjghhlomcbjjjeccjflbifc", "external_id": "cbfamilfacjghhlomcbjjjeccjflbifc"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--287be981-61ef-485b-ae0b-4f1886a36ec6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.308203Z", "modified": "2026-06-02T15:57:35.308203Z", "name": "Malicious Extension: Catch Cat Game", "description": "Malicious browser extension: Catch Cat Game (mmjchmcfkinnlhomhgjjobkfphbejebe) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmjchmcfkinnlhomhgjjobkfphbejebe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmjchmcfkinnlhomhgjjobkfphbejebe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmjchmcfkinnlhomhgjjobkfphbejebe", "external_id": "mmjchmcfkinnlhomhgjjobkfphbejebe"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a5692d53-d594-4723-947c-6bb8db6f6e7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.309208Z", "modified": "2026-06-02T15:57:35.309208Z", "name": "Malicious Extension: Facebook Groups Bulk Post", "description": "Malicious browser extension: Facebook Groups Bulk Post (lnjjcckgbpppdjcijhakcbnkggbdhccj) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lnjjcckgbpppdjcijhakcbnkggbdhccj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lnjjcckgbpppdjcijhakcbnkggbdhccj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lnjjcckgbpppdjcijhakcbnkggbdhccj", "external_id": "lnjjcckgbpppdjcijhakcbnkggbdhccj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8ddae9bf-e9ac-4bc3-8c00-997e18ebf789", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.310204Z", "modified": "2026-06-02T15:57:35.310204Z", "name": "Malicious Extension: Retro Bowl Classic", "description": "Malicious browser extension: Retro Bowl Classic (fmgjknnbhgfkpahjdigplnocloopfbdh) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmgjknnbhgfkpahjdigplnocloopfbdh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmgjknnbhgfkpahjdigplnocloopfbdh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmgjknnbhgfkpahjdigplnocloopfbdh", "external_id": "fmgjknnbhgfkpahjdigplnocloopfbdh"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--374b9bea-34c1-42c8-86f9-88122eb5aa3d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.311222Z", "modified": "2026-06-02T15:57:35.311222Z", "name": "Malicious Extension: B5 \u0643\u0648\u062f \u062e\u0635\u0645 \u0643\u0631\u064a\u062a \u0627\u0646\u062f \u0628\u0627\u0631\u064a\u0644", "description": "Malicious browser extension: B5 \u0643\u0648\u062f \u062e\u0635\u0645 \u0643\u0631\u064a\u062a \u0627\u0646\u062f \u0628\u0627\u0631\u064a\u0644 (bnddmkedjhbdkcofemggolloamdfbcfc) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bnddmkedjhbdkcofemggolloamdfbcfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bnddmkedjhbdkcofemggolloamdfbcfc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bnddmkedjhbdkcofemggolloamdfbcfc", "external_id": "bnddmkedjhbdkcofemggolloamdfbcfc"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--01bf3441-fa87-4040-a726-bafaca60a8f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.312223Z", "modified": "2026-06-02T15:57:35.312223Z", "name": "Malicious Extension: Pawsome Browser Kitties", "description": "Malicious browser extension: Pawsome Browser Kitties (lmhbioocpeiccnhhljkcpoblacefkbcg) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lmhbioocpeiccnhhljkcpoblacefkbcg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lmhbioocpeiccnhhljkcpoblacefkbcg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lmhbioocpeiccnhhljkcpoblacefkbcg", "external_id": "lmhbioocpeiccnhhljkcpoblacefkbcg"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--949750d6-519f-461f-b93b-4afd86338446", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.313387Z", "modified": "2026-06-02T15:57:35.313387Z", "name": "Malicious Extension: Duck Hunt Original", "description": "Malicious browser extension: Duck Hunt Original (kcalbmhcjdlocbnbfebpjlgdjphmhanp) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kcalbmhcjdlocbnbfebpjlgdjphmhanp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kcalbmhcjdlocbnbfebpjlgdjphmhanp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kcalbmhcjdlocbnbfebpjlgdjphmhanp", "external_id": "kcalbmhcjdlocbnbfebpjlgdjphmhanp"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--af0842bc-efa4-4df6-9717-986065f9a0f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.314394Z", "modified": "2026-06-02T15:57:35.314394Z", "name": "Malicious Extension: Threads For Pc Windows An", "description": "Malicious browser extension: Threads For Pc Windows An (mmloilclhhghfcebifdchbbpahcpgklm) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mmloilclhhghfcebifdchbbpahcpgklm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mmloilclhhghfcebifdchbbpahcpgklm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mmloilclhhghfcebifdchbbpahcpgklm", "external_id": "mmloilclhhghfcebifdchbbpahcpgklm"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--250126c8-2fa1-4945-8590-fb33f2c672e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.315445Z", "modified": "2026-06-02T15:57:35.315445Z", "name": "Malicious Extension: Drive Mad Winter", "description": "Malicious browser extension: Drive Mad Winter (khgpimcjkelfpbaejbfkpolgameimfoa) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/khgpimcjkelfpbaejbfkpolgameimfoa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:khgpimcjkelfpbaejbfkpolgameimfoa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/khgpimcjkelfpbaejbfkpolgameimfoa", "external_id": "khgpimcjkelfpbaejbfkpolgameimfoa"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f629e1a1-2516-40e1-bae7-984765c3b663", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.316462Z", "modified": "2026-06-02T15:57:35.316462Z", "name": "Malicious Extension: Real Flight Simulator Gam", "description": "Malicious browser extension: Real Flight Simulator Gam (gcfpjolndpefkilcnoknopmciohpjmlk) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gcfpjolndpefkilcnoknopmciohpjmlk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gcfpjolndpefkilcnoknopmciohpjmlk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gcfpjolndpefkilcnoknopmciohpjmlk", "external_id": "gcfpjolndpefkilcnoknopmciohpjmlk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f37f1473-2fe5-4de5-bb4c-74671884e2e0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.317468Z", "modified": "2026-06-02T15:57:35.317468Z", "name": "Malicious Extension: Papas Cheeseria Go Unbloc", "description": "Malicious browser extension: Papas Cheeseria Go Unbloc (ljhcefpabennjmljfinafoamneckblhb) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljhcefpabennjmljfinafoamneckblhb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljhcefpabennjmljfinafoamneckblhb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljhcefpabennjmljfinafoamneckblhb", "external_id": "ljhcefpabennjmljfinafoamneckblhb"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7295834b-6478-4004-908e-0ddfdce9e5ec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.318537Z", "modified": "2026-06-02T15:57:35.318537Z", "name": "Malicious Extension: Stickman Td Game Defendin", "description": "Malicious browser extension: Stickman Td Game Defendin (obmffbaomlcohkhdjakaonllppeidpeb) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/obmffbaomlcohkhdjakaonllppeidpeb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:obmffbaomlcohkhdjakaonllppeidpeb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/obmffbaomlcohkhdjakaonllppeidpeb", "external_id": "obmffbaomlcohkhdjakaonllppeidpeb"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bfc8d91c-3b5d-4d99-a927-bdc87aebaa36", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.319555Z", "modified": "2026-06-02T15:57:35.319555Z", "name": "Malicious Extension: Haraer \u0643\u0648\u062f \u062e\u0635\u0645 \u0639\u0628\u0627\u064a\u0627\u062a \u062d\u0631\u0627", "description": "Malicious browser extension: Haraer \u0643\u0648\u062f \u062e\u0635\u0645 \u0639\u0628\u0627\u064a\u0627\u062a \u062d\u0631\u0627 (fmhfjfbanjpdholknniijnodmlcohhca) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fmhfjfbanjpdholknniijnodmlcohhca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fmhfjfbanjpdholknniijnodmlcohhca", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fmhfjfbanjpdholknniijnodmlcohhca", "external_id": "fmhfjfbanjpdholknniijnodmlcohhca"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4518fa51-5d00-4d06-a5d0-067d54a0e10a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.320724Z", "modified": "2026-06-02T15:57:35.320724Z", "name": "Malicious Extension: Flappy Bird For Chrome", "description": "Malicious browser extension: Flappy Bird For Chrome (cadnonplijegfkmokpnjcgnogkbbiklh) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cadnonplijegfkmokpnjcgnogkbbiklh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cadnonplijegfkmokpnjcgnogkbbiklh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cadnonplijegfkmokpnjcgnogkbbiklh", "external_id": "cadnonplijegfkmokpnjcgnogkbbiklh"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--75a21f3b-8801-4de0-9793-82de100665c1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.321736Z", "modified": "2026-06-02T15:57:35.321736Z", "name": "Malicious Extension: Mothercare \u0643\u0648\u062f \u062e\u0635\u0645 \u0645\u0630\u0631\u0643\u064a\u0631", "description": "Malicious browser extension: Mothercare \u0643\u0648\u062f \u062e\u0635\u0645 \u0645\u0630\u0631\u0643\u064a\u0631 (mlicfekpbjigampkojlcpmofljooimkp) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mlicfekpbjigampkojlcpmofljooimkp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mlicfekpbjigampkojlcpmofljooimkp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mlicfekpbjigampkojlcpmofljooimkp", "external_id": "mlicfekpbjigampkojlcpmofljooimkp"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--817ce363-bc5a-4df4-a64c-e561fde5951d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.322744Z", "modified": "2026-06-02T15:57:35.322744Z", "name": "Malicious Extension: Doodle Jump Official", "description": "Malicious browser extension: Doodle Jump Official (jeidbjmmapdnnabckapgagcnfaimibcg) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jeidbjmmapdnnabckapgagcnfaimibcg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jeidbjmmapdnnabckapgagcnfaimibcg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jeidbjmmapdnnabckapgagcnfaimibcg", "external_id": "jeidbjmmapdnnabckapgagcnfaimibcg"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--01535de5-2916-4d45-a1fb-ebae1bd9146c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.323775Z", "modified": "2026-06-02T15:57:35.323775Z", "name": "Malicious Extension: 2024 \u0643\u0648\u062f \u062e\u0635\u0645 \u0627\u0648\u0646\u0627\u0633", "description": "Malicious browser extension: 2024 \u0643\u0648\u062f \u062e\u0635\u0645 \u0627\u0648\u0646\u0627\u0633 (opieiflijklfdmodelmjcbadicknbaec) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/opieiflijklfdmodelmjcbadicknbaec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:opieiflijklfdmodelmjcbadicknbaec", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/opieiflijklfdmodelmjcbadicknbaec", "external_id": "opieiflijklfdmodelmjcbadicknbaec"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--40bdd963-d3e2-4969-8068-5b8d7e61e707", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.324781Z", "modified": "2026-06-02T15:57:35.324781Z", "name": "Malicious Extension: Pong For Chrome", "description": "Malicious browser extension: Pong For Chrome (copapdokdidobjjmkcpkalbgkiiafeja) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/copapdokdidobjjmkcpkalbgkiiafeja']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:copapdokdidobjjmkcpkalbgkiiafeja", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/copapdokdidobjjmkcpkalbgkiiafeja", "external_id": "copapdokdidobjjmkcpkalbgkiiafeja"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--79633a2e-e5a7-47a0-8f2d-4b521079114e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.325785Z", "modified": "2026-06-02T15:57:35.325785Z", "name": "Malicious Extension: Doodle Jump For Chrome Ga", "description": "Malicious browser extension: Doodle Jump For Chrome Ga (ljdefddhnjendpanilhlajjegofdghbj) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljdefddhnjendpanilhlajjegofdghbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljdefddhnjendpanilhlajjegofdghbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljdefddhnjendpanilhlajjegofdghbj", "external_id": "ljdefddhnjendpanilhlajjegofdghbj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--507e357e-7323-4e29-a870-0a3a147ccf5c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.326805Z", "modified": "2026-06-02T15:57:35.326805Z", "name": "Malicious Extension: Tankoio Game", "description": "Malicious browser extension: Tankoio Game (jebhlopnnnlifcnkfgijcpldohiiaggc) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jebhlopnnnlifcnkfgijcpldohiiaggc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jebhlopnnnlifcnkfgijcpldohiiaggc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jebhlopnnnlifcnkfgijcpldohiiaggc", "external_id": "jebhlopnnnlifcnkfgijcpldohiiaggc"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bff2a864-5b4e-4457-b833-89638e2c0726", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.328075Z", "modified": "2026-06-02T15:57:35.328075Z", "name": "Malicious Extension: Hm \u0643\u0648\u062f \u062e\u0635\u0645 \u0625\u062a\u0634 \u0623\u0646\u062f \u0625\u0645 \u062d\u062a\u0649", "description": "Malicious browser extension: Hm \u0643\u0648\u062f \u062e\u0635\u0645 \u0625\u062a\u0634 \u0623\u0646\u062f \u0625\u0645 \u062d\u062a\u0649 (bhpdlpehipajhaaooifneiklkknifjjj) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bhpdlpehipajhaaooifneiklkknifjjj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bhpdlpehipajhaaooifneiklkknifjjj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bhpdlpehipajhaaooifneiklkknifjjj", "external_id": "bhpdlpehipajhaaooifneiklkknifjjj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cdd12f20-c663-4476-9b18-7c8bfc5a53ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.329196Z", "modified": "2026-06-02T15:57:35.329196Z", "name": "Malicious Extension: Risk Management Tool For", "description": "Malicious browser extension: Risk Management Tool For (pilbcinjaiiakenphpkificnicboojgf) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pilbcinjaiiakenphpkificnicboojgf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pilbcinjaiiakenphpkificnicboojgf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pilbcinjaiiakenphpkificnicboojgf", "external_id": "pilbcinjaiiakenphpkificnicboojgf"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d96f339c-abf1-45bf-beba-697ba7e7dc36", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.330256Z", "modified": "2026-06-02T15:57:35.330256Z", "name": "Malicious Extension: Planet Vpn \u2013 Proxy \u0441\u0435\u0442\u044c \u0441", "description": "Malicious browser extension: Planet Vpn \u2013 Proxy \u0441\u0435\u0442\u044c \u0441 (hadlljkdicfniihfhcacmgbblmokfccg) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hadlljkdicfniihfhcacmgbblmokfccg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hadlljkdicfniihfhcacmgbblmokfccg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hadlljkdicfniihfhcacmgbblmokfccg", "external_id": "hadlljkdicfniihfhcacmgbblmokfccg"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ca03f43d-aa48-4b30-a1af-cbc435cc0a5e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.331287Z", "modified": "2026-06-02T15:57:35.331287Z", "name": "Malicious Extension: G\u200bem Xrpl Wal\u200blet Extensi", "description": "Malicious browser extension: G\u200bem Xrpl Wal\u200blet Extensi (fkbfgkdkgmeijekneekinafjmnbdpgdp) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fkbfgkdkgmeijekneekinafjmnbdpgdp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fkbfgkdkgmeijekneekinafjmnbdpgdp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fkbfgkdkgmeijekneekinafjmnbdpgdp", "external_id": "fkbfgkdkgmeijekneekinafjmnbdpgdp"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e7bffb80-e25d-4248-8eaf-7beadbd9fd74", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.332408Z", "modified": "2026-06-02T15:57:35.332408Z", "name": "Malicious Extension: Coinpulse \u2014 Crypto Price", "description": "Malicious browser extension: Coinpulse \u2014 Crypto Price (ekcbjgijlngdoflejfilndnggclfnnmk) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ekcbjgijlngdoflejfilndnggclfnnmk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ekcbjgijlngdoflejfilndnggclfnnmk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ekcbjgijlngdoflejfilndnggclfnnmk", "external_id": "ekcbjgijlngdoflejfilndnggclfnnmk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--52b54fe1-718f-4a76-bc8d-a9d48270e924", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.333475Z", "modified": "2026-06-02T15:57:35.333475Z", "name": "Malicious Extension: 1Vpn \u0440\u0430\u0431\u043e\u0447\u0438\u0439 Vpn \u0434\u043b\u044f Chro", "description": "Malicious browser extension: 1Vpn \u0440\u0430\u0431\u043e\u0447\u0438\u0439 Vpn \u0434\u043b\u044f Chro (ccnplnlglcgmpageepmemnfkolonindp) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ccnplnlglcgmpageepmemnfkolonindp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ccnplnlglcgmpageepmemnfkolonindp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ccnplnlglcgmpageepmemnfkolonindp", "external_id": "ccnplnlglcgmpageepmemnfkolonindp"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--87eff9c9-8d72-4714-baf9-c4c0d2c7b3b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.334508Z", "modified": "2026-06-02T15:57:35.334508Z", "name": "Malicious Extension: Sn Copilot", "description": "Malicious browser extension: Sn Copilot (ejekojhheikibfdlbplhcomeadfgiefl) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ejekojhheikibfdlbplhcomeadfgiefl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ejekojhheikibfdlbplhcomeadfgiefl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ejekojhheikibfdlbplhcomeadfgiefl", "external_id": "ejekojhheikibfdlbplhcomeadfgiefl"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a13a9ef0-900c-4998-bbab-7e7735d66387", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.335736Z", "modified": "2026-06-02T15:57:35.335736Z", "name": "Malicious Extension: Turbo Vpn \u0434\u043b\u044f Chrome \u044e\u0442\u0443\u0431", "description": "Malicious browser extension: Turbo Vpn \u0434\u043b\u044f Chrome \u044e\u0442\u0443\u0431 (nddeioahdlioinjagdedpagnfmddbjne) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nddeioahdlioinjagdedpagnfmddbjne']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nddeioahdlioinjagdedpagnfmddbjne", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nddeioahdlioinjagdedpagnfmddbjne", "external_id": "nddeioahdlioinjagdedpagnfmddbjne"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--99954ff5-edad-4eaa-80f5-a4f2ec6dbb83", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.336752Z", "modified": "2026-06-02T15:57:35.336752Z", "name": "Malicious Extension: \u0440\u0430\u0437\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0440\u0443\u0442\u0440\u0435\u043a\u0435\u0440 O", "description": "Malicious browser extension: \u0440\u0430\u0437\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0440\u0443\u0442\u0440\u0435\u043a\u0435\u0440 O (cbncafcknnohpfgdklkogjibjogiodpi) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cbncafcknnohpfgdklkogjibjogiodpi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cbncafcknnohpfgdklkogjibjogiodpi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cbncafcknnohpfgdklkogjibjogiodpi", "external_id": "cbncafcknnohpfgdklkogjibjogiodpi"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2f857ee8-5ecd-41d3-9655-c99ecf4a0c27", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.33776Z", "modified": "2026-06-02T15:57:35.33776Z", "name": "Malicious Extension: Aurora Nord Vpn \u2014 \u043b\u0435\u0434\u044f\u043d\u043e\u0439", "description": "Malicious browser extension: Aurora Nord Vpn \u2014 \u043b\u0435\u0434\u044f\u043d\u043e\u0439 (fbadpdfcnifjhnbihohlihcfgghoaadc) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fbadpdfcnifjhnbihohlihcfgghoaadc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fbadpdfcnifjhnbihohlihcfgghoaadc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fbadpdfcnifjhnbihohlihcfgghoaadc", "external_id": "fbadpdfcnifjhnbihohlihcfgghoaadc"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5446679b-9f85-40a4-82a3-41878b856c21", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.338763Z", "modified": "2026-06-02T15:57:35.338763Z", "name": "Malicious Extension: Bitbox02 App Nova Wallet", "description": "Malicious browser extension: Bitbox02 App Nova Wallet (hjekkieemfepgdjjhhbhbhkgapjfpgfc) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hjekkieemfepgdjjhhbhbhkgapjfpgfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hjekkieemfepgdjjhhbhbhkgapjfpgfc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hjekkieemfepgdjjhhbhbhkgapjfpgfc", "external_id": "hjekkieemfepgdjjhhbhbhkgapjfpgfc"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e809be5e-6dc1-4a87-bfa2-2045ed2b2c69", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.341342Z", "modified": "2026-06-02T15:57:35.341342Z", "name": "Malicious Extension: Aliexpress Free Invoice A", "description": "Malicious browser extension: Aliexpress Free Invoice A (onenadolihhojkmdlicomeoekmmcnegh) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/onenadolihhojkmdlicomeoekmmcnegh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:onenadolihhojkmdlicomeoekmmcnegh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/onenadolihhojkmdlicomeoekmmcnegh", "external_id": "onenadolihhojkmdlicomeoekmmcnegh"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e5d41c96-a3cc-45d2-b675-6c083b74a31b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.342438Z", "modified": "2026-06-02T15:57:35.342438Z", "name": "Malicious Extension: Sn Copilot", "description": "Malicious browser extension: Sn Copilot (ckjmdbiojfmelogdnplmikiodgjlfpha) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ckjmdbiojfmelogdnplmikiodgjlfpha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ckjmdbiojfmelogdnplmikiodgjlfpha", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ckjmdbiojfmelogdnplmikiodgjlfpha", "external_id": "ckjmdbiojfmelogdnplmikiodgjlfpha"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1a80bdd6-1173-4861-980a-13a383fb3164", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.343489Z", "modified": "2026-06-02T15:57:35.343489Z", "name": "Malicious Extension: Quicksee \u2013 Peek At Your W", "description": "Malicious browser extension: Quicksee \u2013 Peek At Your W (dhpfidchcjjoicmmikaneognhiohnphe) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dhpfidchcjjoicmmikaneognhiohnphe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dhpfidchcjjoicmmikaneognhiohnphe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dhpfidchcjjoicmmikaneognhiohnphe", "external_id": "dhpfidchcjjoicmmikaneognhiohnphe"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--92934abe-06d9-40f8-b5b0-fa1541917202", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.344693Z", "modified": "2026-06-02T15:57:35.344693Z", "name": "Malicious Extension: C\u200boin St\u200bats Wal\u200blet Ulti", "description": "Malicious browser extension: C\u200boin St\u200bats Wal\u200blet Ulti (kdbnddcohpommffaklpgklhglnpnmkhj) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kdbnddcohpommffaklpgklhglnpnmkhj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kdbnddcohpommffaklpgklhglnpnmkhj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kdbnddcohpommffaklpgklhglnpnmkhj", "external_id": "kdbnddcohpommffaklpgklhglnpnmkhj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d241d63b-d388-4b16-be59-96eb6f984ef9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.345705Z", "modified": "2026-06-02T15:57:35.345705Z", "name": "Malicious Extension: Browsec Vpn \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u0432 \u0440\u0444", "description": "Malicious browser extension: Browsec Vpn \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u0432 \u0440\u0444 (pbkbidhlmeindcajhnohfgljlhkbkhfg) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pbkbidhlmeindcajhnohfgljlhkbkhfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-22T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pbkbidhlmeindcajhnohfgljlhkbkhfg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pbkbidhlmeindcajhnohfgljlhkbkhfg", "external_id": "pbkbidhlmeindcajhnohfgljlhkbkhfg"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--814764b8-9db0-4fcd-a52d-c32bfa2180aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.346707Z", "modified": "2026-06-02T15:57:35.346707Z", "name": "Malicious Extension: Chat Flow Crm Automate Yo", "description": "Malicious browser extension: Chat Flow Crm Automate Yo (igphhgfjnebcafoiplfpkgadlbhdpmnm) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/igphhgfjnebcafoiplfpkgadlbhdpmnm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:igphhgfjnebcafoiplfpkgadlbhdpmnm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/igphhgfjnebcafoiplfpkgadlbhdpmnm", "external_id": "igphhgfjnebcafoiplfpkgadlbhdpmnm"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1f22277b-2582-46b5-85a3-bec6161796fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.347732Z", "modified": "2026-06-02T15:57:35.347732Z", "name": "Malicious Extension: NeatYT \u2013 Clean UI & Comment Search for YouTube", "description": "Malicious browser extension: NeatYT \u2013 Clean UI & Comment Search for YouTube (fojokgfmpipggghfmfnnflbaenhffmol) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fojokgfmpipggghfmfnnflbaenhffmol']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fojokgfmpipggghfmfnnflbaenhffmol", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fojokgfmpipggghfmfnnflbaenhffmol", "external_id": "fojokgfmpipggghfmfnnflbaenhffmol"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--887ab44f-9e80-4ec7-8f60-8ae6c289a666", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.348736Z", "modified": "2026-06-02T15:57:35.348736Z", "name": "Malicious Extension: Planet Vpn", "description": "Malicious browser extension: Planet Vpn (emnggacgjccpjhphgochediffoijlokc) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/emnggacgjccpjhphgochediffoijlokc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:emnggacgjccpjhphgochediffoijlokc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/emnggacgjccpjhphgochediffoijlokc", "external_id": "emnggacgjccpjhphgochediffoijlokc"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bd13a3ea-3f1c-4456-af14-ed6156a69450", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.349763Z", "modified": "2026-06-02T15:57:35.349763Z", "name": "Malicious Extension: \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u0439 Turbo Vpn \u2014 \u0432\u044b", "description": "Malicious browser extension: \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u0439 Turbo Vpn \u2014 \u0432\u044b (idgbohgppnpfddnhcoikipohdmlpmjmb) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/idgbohgppnpfddnhcoikipohdmlpmjmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:idgbohgppnpfddnhcoikipohdmlpmjmb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/idgbohgppnpfddnhcoikipohdmlpmjmb", "external_id": "idgbohgppnpfddnhcoikipohdmlpmjmb"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f7399ae9-64ad-41a0-8e48-e87bc723acae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.350769Z", "modified": "2026-06-02T15:57:35.350769Z", "name": "Malicious Extension: Urban Vpn \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u0432\u043f\u043d \u0432 2", "description": "Malicious browser extension: Urban Vpn \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u0432\u043f\u043d \u0432 2 (coafogciaollloclmjgkliibflkejdon) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/coafogciaollloclmjgkliibflkejdon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:coafogciaollloclmjgkliibflkejdon", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/coafogciaollloclmjgkliibflkejdon", "external_id": "coafogciaollloclmjgkliibflkejdon"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e21feb9a-4fa5-4a3f-86cd-4cd0abd588dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.351943Z", "modified": "2026-06-02T15:57:35.351943Z", "name": "Malicious Extension: Hola Vpn \u0440\u0430\u0431\u043e\u0447\u0438\u0439 Vpn \u0432 20", "description": "Malicious browser extension: Hola Vpn \u0440\u0430\u0431\u043e\u0447\u0438\u0439 Vpn \u0432 20 (gffafiabcifddagoobhnapcambklhmkh) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/gffafiabcifddagoobhnapcambklhmkh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:gffafiabcifddagoobhnapcambklhmkh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/gffafiabcifddagoobhnapcambklhmkh", "external_id": "gffafiabcifddagoobhnapcambklhmkh"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2f24aa36-9bef-4c54-b6e2-33d2eca48891", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.352953Z", "modified": "2026-06-02T15:57:35.352953Z", "name": "Malicious Extension: Proton Vpn", "description": "Malicious browser extension: Proton Vpn (mocbcncbleebmmnmhafgppnaocmpafne) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mocbcncbleebmmnmhafgppnaocmpafne']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mocbcncbleebmmnmhafgppnaocmpafne", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mocbcncbleebmmnmhafgppnaocmpafne", "external_id": "mocbcncbleebmmnmhafgppnaocmpafne"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5e881208-3678-4524-9007-74c84c4f6c07", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.353954Z", "modified": "2026-06-02T15:57:35.353954Z", "name": "Malicious Extension: Vpnly \u2014 \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0439 Vpn \u0434\u043b", "description": "Malicious browser extension: Vpnly \u2014 \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0439 Vpn \u0434\u043b (mephkmedpjhgihgboeiodaglkdghfppi) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mephkmedpjhgihgboeiodaglkdghfppi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mephkmedpjhgihgboeiodaglkdghfppi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mephkmedpjhgihgboeiodaglkdghfppi", "external_id": "mephkmedpjhgihgboeiodaglkdghfppi"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ca6f43f0-0838-4497-a17e-a858a4271b8c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.354952Z", "modified": "2026-06-02T15:57:35.354952Z", "name": "Malicious Extension: \u5373\u68a6Dreamina\u53bb\u6c34\u5370\u4e0b\u8f7d", "description": "Malicious browser extension: \u5373\u68a6Dreamina\u53bb\u6c34\u5370\u4e0b\u8f7d (dmmfddnfemidgpbeepkbhgnfpelofome) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dmmfddnfemidgpbeepkbhgnfpelofome']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-20T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dmmfddnfemidgpbeepkbhgnfpelofome", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dmmfddnfemidgpbeepkbhgnfpelofome", "external_id": "dmmfddnfemidgpbeepkbhgnfpelofome"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--37565e3b-7f4c-43f0-bbc7-b25d024d0a2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.355974Z", "modified": "2026-06-02T15:57:35.355974Z", "name": "Malicious Extension: Iot Wallet", "description": "Malicious browser extension: Iot Wallet (niknbdnkhfeahkfnhggjpeecgkffpeij) Bundling Unwanted Software", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/niknbdnkhfeahkfnhggjpeecgkffpeij']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:niknbdnkhfeahkfnhggjpeecgkffpeij", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/niknbdnkhfeahkfnhggjpeecgkffpeij", "external_id": "niknbdnkhfeahkfnhggjpeecgkffpeij"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b4427bf7-0de0-4c1a-b5b1-11ad5ae342d0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.356995Z", "modified": "2026-06-02T15:57:35.356995Z", "name": "Malicious Extension: \u0430\u043c\u043d\u0435\u0437\u0438\u044f Vpn", "description": "Malicious browser extension: \u0430\u043c\u043d\u0435\u0437\u0438\u044f Vpn (hejdlnmhjmmgjbehibliiamplaenafea) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hejdlnmhjmmgjbehibliiamplaenafea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hejdlnmhjmmgjbehibliiamplaenafea", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hejdlnmhjmmgjbehibliiamplaenafea", "external_id": "hejdlnmhjmmgjbehibliiamplaenafea"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--072ae9dc-eeaf-4110-aa85-723c31514ec7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.358012Z", "modified": "2026-06-02T15:57:35.358012Z", "name": "Malicious Extension: Formgenieai", "description": "Malicious browser extension: Formgenieai (cdaiocdmndedefifbgijbmoeglfmbfkf) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cdaiocdmndedefifbgijbmoeglfmbfkf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cdaiocdmndedefifbgijbmoeglfmbfkf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cdaiocdmndedefifbgijbmoeglfmbfkf", "external_id": "cdaiocdmndedefifbgijbmoeglfmbfkf"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--065b0362-fa3d-438f-9d36-17c3e93fd659", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.359189Z", "modified": "2026-06-02T15:57:35.359189Z", "name": "Malicious Extension: Auto Mcgraw Smartbook", "description": "Malicious browser extension: Auto Mcgraw Smartbook (bekpomfgdchhlcmjkniohmdgabakdnpp) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bekpomfgdchhlcmjkniohmdgabakdnpp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bekpomfgdchhlcmjkniohmdgabakdnpp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bekpomfgdchhlcmjkniohmdgabakdnpp", "external_id": "bekpomfgdchhlcmjkniohmdgabakdnpp"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--36c1ee3a-6ba5-4916-bf48-21c67650f3de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.360213Z", "modified": "2026-06-02T15:57:35.360213Z", "name": "Malicious Extension: Funpay Bot Litten", "description": "Malicious browser extension: Funpay Bot Litten (kmfapfjejnebolngienhgcifhkcldlbj) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kmfapfjejnebolngienhgcifhkcldlbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kmfapfjejnebolngienhgcifhkcldlbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kmfapfjejnebolngienhgcifhkcldlbj", "external_id": "kmfapfjejnebolngienhgcifhkcldlbj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5194cf94-4343-4b7f-ab86-3b036dd4c82c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.361217Z", "modified": "2026-06-02T15:57:35.361217Z", "name": "Malicious Extension: Tiktok Watermark Free Dow", "description": "Malicious browser extension: Tiktok Watermark Free Dow (nkgannblnnljljnaodaahgpabpcdfkal) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nkgannblnnljljnaodaahgpabpcdfkal']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nkgannblnnljljnaodaahgpabpcdfkal", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nkgannblnnljljnaodaahgpabpcdfkal", "external_id": "nkgannblnnljljnaodaahgpabpcdfkal"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--63df3056-835e-45f6-9089-bbfdf19fcc84", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.362224Z", "modified": "2026-06-02T15:57:35.362224Z", "name": "Malicious Extension: Tiktok Downloader", "description": "Malicious browser extension: Tiktok Downloader (klmifgmjobcbolahmmlheohcnhjjmdlk) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/klmifgmjobcbolahmmlheohcnhjjmdlk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:klmifgmjobcbolahmmlheohcnhjjmdlk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/klmifgmjobcbolahmmlheohcnhjjmdlk", "external_id": "klmifgmjobcbolahmmlheohcnhjjmdlk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--60ea6e8a-5453-4def-a3aa-b926855d965a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.363237Z", "modified": "2026-06-02T15:57:35.363237Z", "name": "Malicious Extension: Pokernow Assistant", "description": "Malicious browser extension: Pokernow Assistant (kbaibgafcamlpfbhklaigpgemgoifdfe) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kbaibgafcamlpfbhklaigpgemgoifdfe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kbaibgafcamlpfbhklaigpgemgoifdfe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kbaibgafcamlpfbhklaigpgemgoifdfe", "external_id": "kbaibgafcamlpfbhklaigpgemgoifdfe"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cf65e111-ea60-4f07-bdcb-ccc9104fcf17", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.364242Z", "modified": "2026-06-02T15:57:35.364242Z", "name": "Malicious Extension: Auto 2Fa Otp", "description": "Malicious browser extension: Auto 2Fa Otp (dlekmlommfnniilkjmjobhjdokimbmmo) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dlekmlommfnniilkjmjobhjdokimbmmo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dlekmlommfnniilkjmjobhjdokimbmmo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dlekmlommfnniilkjmjobhjdokimbmmo", "external_id": "dlekmlommfnniilkjmjobhjdokimbmmo"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--f6a73482-7c08-47a6-b7d2-45dfc776d3e5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.365244Z", "modified": "2026-06-02T15:57:35.365244Z", "name": "Malicious Extension: Nilai", "description": "Malicious browser extension: Nilai (pladablfphgjljebkeomhjcjdkohcnen) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pladablfphgjljebkeomhjcjdkohcnen']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pladablfphgjljebkeomhjcjdkohcnen", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pladablfphgjljebkeomhjcjdkohcnen", "external_id": "pladablfphgjljebkeomhjcjdkohcnen"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--18f023d3-7fd7-4ce9-95b3-0b61aac593fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.366396Z", "modified": "2026-06-02T15:57:35.366396Z", "name": "Malicious Extension: Linkedin Ai Automation", "description": "Malicious browser extension: Linkedin Ai Automation (mnkdcfdccjmcflbmlfhnfhjhhchfhpma) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mnkdcfdccjmcflbmlfhnfhjhhchfhpma']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mnkdcfdccjmcflbmlfhnfhjhhchfhpma", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mnkdcfdccjmcflbmlfhnfhjhhchfhpma", "external_id": "mnkdcfdccjmcflbmlfhnfhjhhchfhpma"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--7ff2854a-b865-4910-b49e-ca2cb8bae534", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.367418Z", "modified": "2026-06-02T15:57:35.367418Z", "name": "Malicious Extension: Tiktok Video Downloader H", "description": "Malicious browser extension: Tiktok Video Downloader H (idnanafggnifgcdleabgkhknojpbkgbf) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/idnanafggnifgcdleabgkhknojpbkgbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:idnanafggnifgcdleabgkhknojpbkgbf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/idnanafggnifgcdleabgkhknojpbkgbf", "external_id": "idnanafggnifgcdleabgkhknojpbkgbf"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6685bfeb-59c8-4a55-9028-807b4958201f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.368427Z", "modified": "2026-06-02T15:57:35.368427Z", "name": "Malicious Extension: AI Agent", "description": "Malicious browser extension: AI Agent (hnppehcgmflfkcdkbkaeemjfngffmeag) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hnppehcgmflfkcdkbkaeemjfngffmeag']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-18T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hnppehcgmflfkcdkbkaeemjfngffmeag", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hnppehcgmflfkcdkbkaeemjfngffmeag", "external_id": "hnppehcgmflfkcdkbkaeemjfngffmeag"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e1160c30-e922-4c3c-baec-dabdbdcc451e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.369424Z", "modified": "2026-06-02T15:57:35.369424Z", "name": "Malicious Extension: WaSpeed: Superpoderes para o seu WhatsApp, CRM e muito mais.", "description": "Malicious browser extension: WaSpeed: Superpoderes para o seu WhatsApp, CRM e muito mais. (balkfdkhbcjjmhndnblgmlmcabnapogp) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/balkfdkhbcjjmhndnblgmlmcabnapogp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:balkfdkhbcjjmhndnblgmlmcabnapogp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/balkfdkhbcjjmhndnblgmlmcabnapogp", "external_id": "balkfdkhbcjjmhndnblgmlmcabnapogp"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1069a341-311f-421e-8a47-b3b7f215f0d8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.370436Z", "modified": "2026-06-02T15:57:35.370436Z", "name": "Malicious Extension: ZAPSUPREMO", "description": "Malicious browser extension: ZAPSUPREMO (balbfiejpjgneifaaidphbjikcagbmci) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/balbfiejpjgneifaaidphbjikcagbmci']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:balbfiejpjgneifaaidphbjikcagbmci", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/balbfiejpjgneifaaidphbjikcagbmci", "external_id": "balbfiejpjgneifaaidphbjikcagbmci"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--be900820-e4cd-47a7-afa5-6e6bd27671f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.37145Z", "modified": "2026-06-02T15:57:35.37145Z", "name": "Malicious Extension: Escale Chat", "description": "Malicious browser extension: Escale Chat (ebnoicngibkinocfemedifbollfpficb) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ebnoicngibkinocfemedifbollfpficb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ebnoicngibkinocfemedifbollfpficb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ebnoicngibkinocfemedifbollfpficb", "external_id": "ebnoicngibkinocfemedifbollfpficb"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1df1f40f-6d00-45ce-b4eb-0b3c4023598b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.372451Z", "modified": "2026-06-02T15:57:35.372451Z", "name": "Malicious Extension: Z Turbinado", "description": "Malicious browser extension: Z Turbinado (ebbhncadikjgpblegighhmfkecimfioa) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ebbhncadikjgpblegighhmfkecimfioa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ebbhncadikjgpblegighhmfkecimfioa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ebbhncadikjgpblegighhmfkecimfioa", "external_id": "ebbhncadikjgpblegighhmfkecimfioa"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ec12cb37-d177-49f7-9fb8-3f6e84c6180f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.373601Z", "modified": "2026-06-02T15:57:35.373601Z", "name": "Malicious Extension: guruwa", "description": "Malicious browser extension: guruwa (kagkfihfjjijllckobgjgklgabaabipd) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kagkfihfjjijllckobgjgklgabaabipd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kagkfihfjjijllckobgjgklgabaabipd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kagkfihfjjijllckobgjgklgabaabipd", "external_id": "kagkfihfjjijllckobgjgklgabaabipd"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1d5f3299-a654-48d4-b17a-50c89980552a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.374613Z", "modified": "2026-06-02T15:57:35.374613Z", "name": "Malicious Extension: TALKNEXUS", "description": "Malicious browser extension: TALKNEXUS (kafolfcddfckcjockfmahogjkfeoibdf) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kafolfcddfckcjockfmahogjkfeoibdf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kafolfcddfckcjockfmahogjkfeoibdf", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kafolfcddfckcjockfmahogjkfeoibdf", "external_id": "kafolfcddfckcjockfmahogjkfeoibdf"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--12867efa-c20a-44b7-aadb-051c132ae63f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.37563Z", "modified": "2026-06-02T15:57:35.37563Z", "name": "Malicious Extension: W10X", "description": "Malicious browser extension: W10X (jngekpmpoljpeflhnobadfokbmmoflfg) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jngekpmpoljpeflhnobadfokbmmoflfg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jngekpmpoljpeflhnobadfokbmmoflfg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jngekpmpoljpeflhnobadfokbmmoflfg", "external_id": "jngekpmpoljpeflhnobadfokbmmoflfg"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--83ff80b6-ffb2-482c-85f1-172417e88c2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.376633Z", "modified": "2026-06-02T15:57:35.376633Z", "name": "Malicious Extension: EaseZap", "description": "Malicious browser extension: EaseZap (jlplnjdjnhkdigmpooonjmjppdkahljh) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jlplnjdjnhkdigmpooonjmjppdkahljh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jlplnjdjnhkdigmpooonjmjppdkahljh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jlplnjdjnhkdigmpooonjmjppdkahljh", "external_id": "jlplnjdjnhkdigmpooonjmjppdkahljh"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4e0badd7-668a-4db8-8f4c-2319ed8e5c51", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.377639Z", "modified": "2026-06-02T15:57:35.377639Z", "name": "Malicious Extension: Altus Leads - WhatsApp Turbinado, mais vendas, menos esfor\u00e7o", "description": "Malicious browser extension: Altus Leads - WhatsApp Turbinado, mais vendas, menos esfor\u00e7o (jloncnggofbpceamlmbpchpkhdkejcbi) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jloncnggofbpceamlmbpchpkhdkejcbi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jloncnggofbpceamlmbpchpkhdkejcbi", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jloncnggofbpceamlmbpchpkhdkejcbi", "external_id": "jloncnggofbpceamlmbpchpkhdkejcbi"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4d301704-7648-43c0-be3e-51608a0e5ede", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.378638Z", "modified": "2026-06-02T15:57:35.378638Z", "name": "Malicious Extension: WhatsJud", "description": "Malicious browser extension: WhatsJud (jljogmnmbomgnjhcicakcfmgfkkgmnbp) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/jljogmnmbomgnjhcicakcfmgfkkgmnbp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:jljogmnmbomgnjhcicakcfmgfkkgmnbp", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/jljogmnmbomgnjhcicakcfmgfkkgmnbp", "external_id": "jljogmnmbomgnjhcicakcfmgfkkgmnbp"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4236cf55-5d03-49b9-b3a1-208f6bc5c47d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.379669Z", "modified": "2026-06-02T15:57:35.379669Z", "name": "Malicious Extension: Econectada - CRM WhatsApp Web", "description": "Malicious browser extension: Econectada - CRM WhatsApp Web (laahjimkfmcdknlcmpdlndipjiaklgjj) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/laahjimkfmcdknlcmpdlndipjiaklgjj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:laahjimkfmcdknlcmpdlndipjiaklgjj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/laahjimkfmcdknlcmpdlndipjiaklgjj", "external_id": "laahjimkfmcdknlcmpdlndipjiaklgjj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--654bba46-fad2-4590-a58d-1d24724d7e0f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.380838Z", "modified": "2026-06-02T15:57:35.380838Z", "name": "Malicious Extension: Fronty Leads", "description": "Malicious browser extension: Fronty Leads (lackhjbdjbnbbhbpoaloegokakncjfeg) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lackhjbdjbnbbhbpoaloegokakncjfeg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lackhjbdjbnbbhbpoaloegokakncjfeg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lackhjbdjbnbbhbpoaloegokakncjfeg", "external_id": "lackhjbdjbnbbhbpoaloegokakncjfeg"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--36042ee2-6995-4f42-9d22-d20619b7c22d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.381847Z", "modified": "2026-06-02T15:57:35.381847Z", "name": "Malicious Extension: CLINICHAT", "description": "Malicious browser extension: CLINICHAT (likkccegmkoonimkjnmgpadngedknpdk) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/likkccegmkoonimkjnmgpadngedknpdk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:likkccegmkoonimkjnmgpadngedknpdk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/likkccegmkoonimkjnmgpadngedknpdk", "external_id": "likkccegmkoonimkjnmgpadngedknpdk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--75ac22f9-be4f-4fc5-a820-26c84794f970", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.382845Z", "modified": "2026-06-02T15:57:35.382845Z", "name": "Malicious Extension: WhaBoost CRM para WhatsApp", "description": "Malicious browser extension: WhaBoost CRM para WhatsApp (ljhmflggieimegekmjjbhplndnlhlmbj) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ljhmflggieimegekmjjbhplndnlhlmbj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ljhmflggieimegekmjjbhplndnlhlmbj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ljhmflggieimegekmjjbhplndnlhlmbj", "external_id": "ljhmflggieimegekmjjbhplndnlhlmbj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--78dd25fd-b60a-4aa0-8028-3090ccb7f75b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.383875Z", "modified": "2026-06-02T15:57:35.383875Z", "name": "Malicious Extension: Vecta Hub - Tecnologia que ajuda sua empresa a vender mais", "description": "Malicious browser extension: Vecta Hub - Tecnologia que ajuda sua empresa a vender mais (lkgllnlahmlafcjpbbfhgmjfidibkado) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lkgllnlahmlafcjpbbfhgmjfidibkado']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lkgllnlahmlafcjpbbfhgmjfidibkado", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lkgllnlahmlafcjpbbfhgmjfidibkado", "external_id": "lkgllnlahmlafcjpbbfhgmjfidibkado"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--d8b99516-2419-4da7-afed-114abc431775", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.384881Z", "modified": "2026-06-02T15:57:35.384881Z", "name": "Malicious Extension: NP", "description": "Malicious browser extension: NP (ohlghhgckmkaflhepflfaghhidhbhgdd) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ohlghhgckmkaflhepflfaghhidhbhgdd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ohlghhgckmkaflhepflfaghhidhbhgdd", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ohlghhgckmkaflhepflfaghhidhbhgdd", "external_id": "ohlghhgckmkaflhepflfaghhidhbhgdd"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--ee1d9899-554c-4a89-a987-9c1df102e59d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.385878Z", "modified": "2026-06-02T15:57:35.385878Z", "name": "Malicious Extension: EnVimassa", "description": "Malicious browser extension: EnVimassa (dmclpdnkojpjgeacajcaichgkkhfbeim) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dmclpdnkojpjgeacajcaichgkkhfbeim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dmclpdnkojpjgeacajcaichgkkhfbeim", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dmclpdnkojpjgeacajcaichgkkhfbeim", "external_id": "dmclpdnkojpjgeacajcaichgkkhfbeim"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--e128f2b1-b0ec-4cf2-9440-e2ebad57dacd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.386882Z", "modified": "2026-06-02T15:57:35.386882Z", "name": "Malicious Extension: Wotimiza", "description": "Malicious browser extension: Wotimiza (cndhimkfgeclaohdjgnbcllhadhcmidm) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/cndhimkfgeclaohdjgnbcllhadhcmidm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:cndhimkfgeclaohdjgnbcllhadhcmidm", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/cndhimkfgeclaohdjgnbcllhadhcmidm", "external_id": "cndhimkfgeclaohdjgnbcllhadhcmidm"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--49948d33-0268-4e78-b7b6-837bdaec73b2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.388941Z", "modified": "2026-06-02T15:57:35.388941Z", "name": "Malicious Extension: Zap Machine", "description": "Malicious browser extension: Zap Machine (pfmiilkeiipiiibodoolglmbgpcchcgl) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/pfmiilkeiipiiibodoolglmbgpcchcgl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:pfmiilkeiipiiibodoolglmbgpcchcgl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/pfmiilkeiipiiibodoolglmbgpcchcgl", "external_id": "pfmiilkeiipiiibodoolglmbgpcchcgl"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--57cd4502-e5a1-461b-8d96-374ce6ab6a5a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.390016Z", "modified": "2026-06-02T15:57:35.390016Z", "name": "Malicious Extension: Sender Up: Automa\u00e7\u00f5es para WhatsApp Web, d\u00ea um Up nas suas vendas!", "description": "Malicious browser extension: Sender Up: Automa\u00e7\u00f5es para WhatsApp Web, d\u00ea um Up nas suas vendas! (mnhdancdipddlfcmfkfkdfcejcnippij) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/mnhdancdipddlfcmfkfkdfcejcnippij']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-13T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:mnhdancdipddlfcmfkfkdfcejcnippij", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/mnhdancdipddlfcmfkfkdfcejcnippij", "external_id": "mnhdancdipddlfcmfkfkdfcejcnippij"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--57f06c97-8301-481e-90a5-3e5b1a2a34a4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.391032Z", "modified": "2026-06-02T15:57:35.391032Z", "name": "Malicious Extension: Sinceerly", "description": "Malicious browser extension: Sinceerly (lhokehflammomchbkmpohfeidffnlpmo) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/lhokehflammomchbkmpohfeidffnlpmo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-04-23T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:lhokehflammomchbkmpohfeidffnlpmo", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/lhokehflammomchbkmpohfeidffnlpmo", "external_id": "lhokehflammomchbkmpohfeidffnlpmo"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--50f5b839-3e87-4d15-b27c-48ae7a4ac085", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.392061Z", "modified": "2026-06-02T15:57:35.392061Z", "name": "Malicious Extension: Lazy Statistics", "description": "Malicious browser extension: Lazy Statistics (ddojedanlfphhidganiompkcdodcbkpg) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ddojedanlfphhidganiompkcdodcbkpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-03-05T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ddojedanlfphhidganiompkcdodcbkpg", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ddojedanlfphhidganiompkcdodcbkpg", "external_id": "ddojedanlfphhidganiompkcdodcbkpg"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--c77b4e4d-1197-4739-9af2-c23a319784ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.393064Z", "modified": "2026-06-02T15:57:35.393064Z", "name": "Malicious Extension: Clicksit Crm Automate You", "description": "Malicious browser extension: Clicksit Crm Automate You (imgjdmafnohpidfpbggfccpmmcnofmlh) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/imgjdmafnohpidfpbggfccpmmcnofmlh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-03-05T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:imgjdmafnohpidfpbggfccpmmcnofmlh", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/imgjdmafnohpidfpbggfccpmmcnofmlh", "external_id": "imgjdmafnohpidfpbggfccpmmcnofmlh"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--8854079d-066d-41ee-a3c8-621959057fb8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.394076Z", "modified": "2026-06-02T15:57:35.394076Z", "name": "Malicious Extension: Multi Chat Messenger For", "description": "Malicious browser extension: Multi Chat Messenger For (dllplfhjknghhdneiblmkolbjappecbe) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/dllplfhjknghhdneiblmkolbjappecbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-03-05T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:dllplfhjknghhdneiblmkolbjappecbe", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/dllplfhjknghhdneiblmkolbjappecbe", "external_id": "dllplfhjknghhdneiblmkolbjappecbe"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--2d401f63-bc37-4e7a-b907-7f1f7373dfcf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.395082Z", "modified": "2026-06-02T15:57:35.395082Z", "name": "Malicious Extension: Telegram Booster", "description": "Malicious browser extension: Telegram Booster (fdecgdiklaikdmgbglpjhcndphplbpbl) Policy Violation", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fdecgdiklaikdmgbglpjhcndphplbpbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-03-05T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fdecgdiklaikdmgbglpjhcndphplbpbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fdecgdiklaikdmgbglpjhcndphplbpbl", "external_id": "fdecgdiklaikdmgbglpjhcndphplbpbl"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--01582fce-87b7-45c4-a4ab-6af9c56579d3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.39626Z", "modified": "2026-06-02T15:57:35.39626Z", "name": "Malicious Extension: Ads Cleaner for Facebook", "description": "Malicious browser extension: Ads Cleaner for Facebook (nhiafglcjghpmcipelflfhkckdpcokid) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/nhiafglcjghpmcipelflfhkckdpcokid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-11-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:nhiafglcjghpmcipelflfhkckdpcokid", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/nhiafglcjghpmcipelflfhkckdpcokid", "external_id": "nhiafglcjghpmcipelflfhkckdpcokid"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--495b8e5d-c29b-4a4c-aa66-3cee5ea897ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.39727Z", "modified": "2026-06-02T15:57:35.39727Z", "name": "Malicious Extension: Free Unlimited VPN", "description": "Malicious browser extension: Free Unlimited VPN (fgpecemjbefkjlcgnhjohdonijdkfooj) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fgpecemjbefkjlcgnhjohdonijdkfooj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-11-19T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fgpecemjbefkjlcgnhjohdonijdkfooj", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fgpecemjbefkjlcgnhjohdonijdkfooj", "external_id": "fgpecemjbefkjlcgnhjohdonijdkfooj"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--9cf06050-6186-4298-a4a6-e5c5096b3203", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.398284Z", "modified": "2026-06-02T15:57:35.398284Z", "name": "Malicious Extension: WhatsApp Message Summary", "description": "Malicious browser extension: WhatsApp Message Summary (fahgecbhaoedbchcmhakmjbfbfhgjmbl) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/fahgecbhaoedbchcmhakmjbfbfhgjmbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-08-11T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:fahgecbhaoedbchcmhakmjbfbfhgjmbl", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/fahgecbhaoedbchcmhakmjbfbfhgjmbl", "external_id": "fahgecbhaoedbchcmhakmjbfbfhgjmbl"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--a8993134-f3c4-4d29-8170-1b2b83508356", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.399302Z", "modified": "2026-06-02T15:57:35.399302Z", "name": "Malicious Extension: Speed Dial | Bookmarks | New Tab Page | Quick Access | Custom Search", "description": "Malicious browser extension: Speed Dial | Bookmarks | New Tab Page | Quick Access | Custom Search (anlhakiodmebohjmkbciohpglnjifjaa) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/anlhakiodmebohjmkbciohpglnjifjaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-05-21T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:anlhakiodmebohjmkbciohpglnjifjaa", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/anlhakiodmebohjmkbciohpglnjifjaa", "external_id": "anlhakiodmebohjmkbciohpglnjifjaa"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4bcc54d3-3cbb-4173-8fc9-f928e191fbc6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.400324Z", "modified": "2026-06-02T15:57:35.400324Z", "name": "Malicious Extension: OKmusic - \u0441\u043a\u0430\u0447\u0430\u0442\u044c \u043c\u0443\u0437\u044b\u043a\u0443 \u0438 \u0432\u0438\u0434\u0435\u043e \u041e\u0434\u043d\u043e\u043a\u043b\u0430\u0441\u0441\u043d\u0438\u043a\u0438 | OK.ru Music Downloader", "description": "Malicious browser extension: OKmusic - \u0441\u043a\u0430\u0447\u0430\u0442\u044c \u043c\u0443\u0437\u044b\u043a\u0443 \u0438 \u0432\u0438\u0434\u0435\u043e \u041e\u0434\u043d\u043e\u043a\u043b\u0430\u0441\u0441\u043d\u0438\u043a\u0438 | OK.ru Music Downloader (ibibeegnncapfdcgpdnnbjbbojglhlmk) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ibibeegnncapfdcgpdnnbjbbojglhlmk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-05-21T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ibibeegnncapfdcgpdnnbjbbojglhlmk", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ibibeegnncapfdcgpdnnbjbbojglhlmk", "external_id": "ibibeegnncapfdcgpdnnbjbbojglhlmk"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5b38acd2-a586-4bec-b5fe-62518cbe6b94", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.401328Z", "modified": "2026-06-02T15:57:35.401328Z", "name": "Malicious Extension: Ads Blocker", "description": "Malicious browser extension: Ads Blocker (ngahaphlngmdfhbhkplbglnfhehnpgdb) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/ngahaphlngmdfhbhkplbglnfhehnpgdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-05-21T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:ngahaphlngmdfhbhkplbglnfhehnpgdb", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/ngahaphlngmdfhbhkplbglnfhehnpgdb", "external_id": "ngahaphlngmdfhbhkplbglnfhehnpgdb"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--4d616274-8cf6-439e-92b2-3e53eeda42b4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.402322Z", "modified": "2026-06-02T15:57:35.402322Z", "name": "Malicious Extension: VPN-free.pro - Free Unlimited VPN", "description": "Malicious browser extension: VPN-free.pro - Free Unlimited VPN (bibjcjfmgapbfoljiojpipaooddpkpai) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/bibjcjfmgapbfoljiojpipaooddpkpai']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-05-21T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:bibjcjfmgapbfoljiojpipaooddpkpai", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/bibjcjfmgapbfoljiojpipaooddpkpai", "external_id": "bibjcjfmgapbfoljiojpipaooddpkpai"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--b3354c76-98b2-4fd9-b743-ab336b54de7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.403488Z", "modified": "2026-06-02T15:57:35.403488Z", "name": "Malicious Extension: VPN Professional - Free Secure and Unlimited VPN Proxy Chrome Extension", "description": "Malicious browser extension: VPN Professional - Free Secure and Unlimited VPN Proxy Chrome Extension (foiopecknacmiihiocgdjgbjokkpkohc) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/foiopecknacmiihiocgdjgbjokkpkohc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-05-21T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:foiopecknacmiihiocgdjgbjokkpkohc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/foiopecknacmiihiocgdjgbjokkpkohc", "external_id": "foiopecknacmiihiocgdjgbjokkpkohc"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--5b0065f1-3a45-4220-af61-148b952f8176", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.404521Z", "modified": "2026-06-02T15:57:35.404521Z", "name": "Malicious Extension: \u0421\u043a\u0430\u0447\u0430\u0442\u044c \u043c\u0443\u0437\u044b\u043a\u0443", "description": "Malicious browser extension: \u0421\u043a\u0430\u0447\u0430\u0442\u044c \u043c\u0443\u0437\u044b\u043a\u0443 (hfofhoffdcfcjgmilkpnhkamcgemaban) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/hfofhoffdcfcjgmilkpnhkamcgemaban']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-04-24T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:hfofhoffdcfcjgmilkpnhkamcgemaban", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/hfofhoffdcfcjgmilkpnhkamcgemaban", "external_id": "hfofhoffdcfcjgmilkpnhkamcgemaban"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--bc0ad9b0-7211-4ef7-93fc-bc9d37f5c546", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.405547Z", "modified": "2026-06-02T15:57:35.405547Z", "name": "Malicious Extension: VPN Professional - Free Unlimited VPN Proxy", "description": "Malicious browser extension: VPN Professional - Free Unlimited VPN Proxy (kekfppnajjchccpkfaogiomfcncbgagc) Malware", "indicator_types": ["malicious-activity"], "pattern": "[url:value = 'https://chromewebstore.google.com/detail/kekfppnajjchccpkfaogiomfcncbgagc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2025-04-06T00:00:00Z", "kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "impact"}], "labels": ["ext-id:kekfppnajjchccpkfaogiomfcncbgagc", "browser:chrome"], "external_references": [{"source_name": "Chrome Web Store", "url": "https://chromewebstore.google.com/detail/kekfppnajjchccpkfaogiomfcncbgagc", "external_id": "kekfppnajjchccpkfaogiomfcncbgagc"}, {"source_name": "Article", "url": "https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/malicious_extensions_detailed.csv"}]}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c7868fe6-90f8-445e-814e-b49f4de013b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.333754Z", "modified": "2026-06-02T15:57:32.333754Z", "relationship_type": "indicates", "source_ref": "indicator--d1cf1ee4-9953-4d18-9e7a-4419f231cbe8", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5acc20e7-46f5-4ea0-b778-df5fd1ccfdfd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.335368Z", "modified": "2026-06-02T15:57:32.335368Z", "relationship_type": "indicates", "source_ref": "indicator--7e4cb1f2-b98c-4f5c-b023-db6662d0613e", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9bd200cd-e2b3-4936-b3c3-8c00ac9f6c2b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.336831Z", "modified": "2026-06-02T15:57:32.336831Z", "relationship_type": "indicates", "source_ref": "indicator--14a9da13-a2e1-4d22-a1a7-5da5de39689c", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--316f7193-ceca-4b6d-ae7e-44da175bf9ad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.338222Z", "modified": "2026-06-02T15:57:32.338222Z", "relationship_type": "indicates", "source_ref": "indicator--72cb94c6-01ac-4573-aac5-d02948c4fcde", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--93becffc-4b33-4752-b7d0-4a2fc1ee7f5d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.339454Z", "modified": "2026-06-02T15:57:32.339454Z", "relationship_type": "indicates", "source_ref": "indicator--e4439165-3f80-4bbc-8270-36e30d2e3e29", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a4e42c25-3c50-4866-a0cd-b1a187a7431e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.340603Z", "modified": "2026-06-02T15:57:32.340603Z", "relationship_type": "indicates", "source_ref": "indicator--a27a8d93-05f2-4ff6-ab0a-26d6788f2421", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6f18a252-f2c1-462d-8bc7-ad369fa42e51", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.341721Z", "modified": "2026-06-02T15:57:32.341721Z", "relationship_type": "indicates", "source_ref": "indicator--8f780067-6881-4c1e-ac1b-08f201434bff", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6e4e97d6-3f1f-4fb9-97ca-31f3177f0725", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.342929Z", "modified": "2026-06-02T15:57:32.342929Z", "relationship_type": "indicates", "source_ref": "indicator--d625d11c-1625-4724-b916-7e0edd9f8913", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6fb1e194-a83d-415d-9e60-5d1c69c3fa7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.344211Z", "modified": "2026-06-02T15:57:32.344211Z", "relationship_type": "indicates", "source_ref": "indicator--2e55acbd-d576-4d56-9e8f-5d293adc0f27", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ad263957-6394-4266-a7ee-aa65d36005dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.345359Z", "modified": "2026-06-02T15:57:32.345359Z", "relationship_type": "indicates", "source_ref": "indicator--ebb88e00-eb11-467e-8a28-d1c791af899e", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b1463261-7d36-4735-864f-45f2d13679d5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.3466Z", "modified": "2026-06-02T15:57:32.3466Z", "relationship_type": "indicates", "source_ref": "indicator--e73943c6-bde1-4d3d-868e-c690f074a7e4", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c99fbd3a-e2fb-4517-b733-d483ad4ac762", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.347754Z", "modified": "2026-06-02T15:57:32.347754Z", "relationship_type": "indicates", "source_ref": "indicator--ac1d854a-38f1-4df8-8a3c-335bf4f9c732", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2b233453-9341-4aa7-a85b-a636b018cd4e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.348858Z", "modified": "2026-06-02T15:57:32.348858Z", "relationship_type": "indicates", "source_ref": "indicator--1b7b2530-f53a-47ca-81cb-21ed946d97e3", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--df450dee-f1ad-427b-a749-5260eaff4b51", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.349933Z", "modified": "2026-06-02T15:57:32.349933Z", "relationship_type": "indicates", "source_ref": "indicator--3dd72257-9eb1-40d8-8603-8f2ef183b191", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--97f8e890-784a-4d20-909f-123aaea37ba7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.351014Z", "modified": "2026-06-02T15:57:32.351014Z", "relationship_type": "indicates", "source_ref": "indicator--56f0c4da-d1ec-413d-be18-62e0cdeaedcd", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b3d0d51b-007c-4638-849b-8bd1f7af3c3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.352098Z", "modified": "2026-06-02T15:57:32.352098Z", "relationship_type": "indicates", "source_ref": "indicator--6a16b873-350b-4f49-9c86-e3736ed9ef9b", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ebec29be-4bea-46a8-97d9-6250d5ee8790", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.35317Z", "modified": "2026-06-02T15:57:32.35317Z", "relationship_type": "indicates", "source_ref": "indicator--0ca2da1f-6b31-43d7-8d0c-0cd8dacca43a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9e04501a-850e-4c0f-957a-9d8557368b1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.354404Z", "modified": "2026-06-02T15:57:32.354404Z", "relationship_type": "indicates", "source_ref": "indicator--586761c2-d55c-4d48-9ab5-ab5b82150356", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--37c178dc-4e66-42c2-8d26-6041ab0b55d5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.35551Z", "modified": "2026-06-02T15:57:32.35551Z", "relationship_type": "indicates", "source_ref": "indicator--eb38a18e-a904-4824-8cb3-983f038e472e", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--feff40c1-7885-46ec-8915-851886af578a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.356585Z", "modified": "2026-06-02T15:57:32.356585Z", "relationship_type": "indicates", "source_ref": "indicator--fa3f1f1d-6ed9-4665-afc4-932e5ee818d6", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1ace96a5-7368-4250-8d53-670e805444fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.357657Z", "modified": "2026-06-02T15:57:32.357657Z", "relationship_type": "indicates", "source_ref": "indicator--35d35351-3b5c-4589-a197-fafb4e136085", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9fbba378-7f38-4049-b0d1-1630513c6f69", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.358726Z", "modified": "2026-06-02T15:57:32.358726Z", "relationship_type": "indicates", "source_ref": "indicator--2de4358e-59f8-4653-bec8-ab8fc583a94e", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5be801b9-701c-4c8e-9a2d-e22dd2401e84", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.359813Z", "modified": "2026-06-02T15:57:32.359813Z", "relationship_type": "indicates", "source_ref": "indicator--ffc0aac1-bd4c-46e2-acee-a5cf67fa6875", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8ff81b28-9acf-4347-a5f8-8771cb046e07", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.360896Z", "modified": "2026-06-02T15:57:32.360896Z", "relationship_type": "indicates", "source_ref": "indicator--4dfa900c-d430-437b-b86d-7c2dd5b2b12f", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--862e4a6d-88f8-4883-99c0-f50b1d322601", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.362117Z", "modified": "2026-06-02T15:57:32.362117Z", "relationship_type": "indicates", "source_ref": "indicator--1dfce761-e890-4a64-a633-58bc496349e6", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f7c7b4a1-f446-49c8-9a84-6b42b731ccd8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.363209Z", "modified": "2026-06-02T15:57:32.363209Z", "relationship_type": "indicates", "source_ref": "indicator--61ba1bba-006d-4f9d-9f06-b3c1d3f9ff14", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--49f74e43-1a26-4fbf-9e98-8e7eafaa20e9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.364282Z", "modified": "2026-06-02T15:57:32.364282Z", "relationship_type": "indicates", "source_ref": "indicator--093136b2-d4bd-4176-aab7-b62ade152dad", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ae75a829-8575-4d0a-8fac-8bf87da26064", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.365342Z", "modified": "2026-06-02T15:57:32.365342Z", "relationship_type": "indicates", "source_ref": "indicator--4c4523b4-caf0-4bf3-9c07-6f0269fc8bb3", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--86bd6aea-6419-47b4-8ca5-9251b4d349b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.366406Z", "modified": "2026-06-02T15:57:32.366406Z", "relationship_type": "indicates", "source_ref": "indicator--f2d9bacf-478a-47dd-b4e1-dab5bde3b9f1", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fdaffb99-c660-4c7f-8185-8d57bfd49fca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.367486Z", "modified": "2026-06-02T15:57:32.367486Z", "relationship_type": "indicates", "source_ref": "indicator--09580681-7bd8-4a83-9dd7-2caecd74c67f", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc16b4a3-4cf6-4bc6-a33c-41e02db88ce2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.368548Z", "modified": "2026-06-02T15:57:32.368548Z", "relationship_type": "indicates", "source_ref": "indicator--3af8b0c1-2669-4cd7-868c-f9660205dccc", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--02272361-496c-430d-be26-a9668b0c20fe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.369752Z", "modified": "2026-06-02T15:57:32.369752Z", "relationship_type": "indicates", "source_ref": "indicator--b8cc34ab-758d-40cb-a499-ca442e857de0", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4a87d7b2-ae57-471a-a016-482bf03c9e4a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.370825Z", "modified": "2026-06-02T15:57:32.370825Z", "relationship_type": "indicates", "source_ref": "indicator--c2deaf65-5edb-460e-ad73-693fb51c31bb", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b76a282f-a532-4b34-b46b-217232e6c19f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.371902Z", "modified": "2026-06-02T15:57:32.371902Z", "relationship_type": "indicates", "source_ref": "indicator--a107eb29-b7f0-4ca0-82ae-a87113268049", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--11f1570b-9993-498b-a1c2-0e48307ce6f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.372969Z", "modified": "2026-06-02T15:57:32.372969Z", "relationship_type": "indicates", "source_ref": "indicator--d5ba5a65-6dcf-43ee-9278-6cdf9a807f79", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6bd8d863-7346-4801-bdcb-7ac8e3caeb97", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.374032Z", "modified": "2026-06-02T15:57:32.374032Z", "relationship_type": "indicates", "source_ref": "indicator--4dc586ba-6514-4592-b678-08e14e071a6f", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f4161e3-f37e-47d1-9b75-fb0f08092ffc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.375081Z", "modified": "2026-06-02T15:57:32.375081Z", "relationship_type": "indicates", "source_ref": "indicator--ed3f52e7-e50d-4989-bb56-cab6bcf46a08", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--72bb0c3e-1d44-4116-b7c0-4718d78e358c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.376148Z", "modified": "2026-06-02T15:57:32.376148Z", "relationship_type": "indicates", "source_ref": "indicator--7df01931-ab10-4ad1-a839-5a95cbb567cf", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--36e89e69-f5a5-41cc-a976-4b555970fa05", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.377343Z", "modified": "2026-06-02T15:57:32.377343Z", "relationship_type": "indicates", "source_ref": "indicator--fe918439-2c85-44c2-9f2f-558142d62c4a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e58cec6a-bd49-42c1-ab48-7a505d3ceeb3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.378429Z", "modified": "2026-06-02T15:57:32.378429Z", "relationship_type": "indicates", "source_ref": "indicator--30ab8087-f6ab-4307-a0f9-4f6c8efe6f57", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--04bb5335-af06-4ad8-81db-098504f4ee2b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.37952Z", "modified": "2026-06-02T15:57:32.37952Z", "relationship_type": "indicates", "source_ref": "indicator--35ee779c-bc56-49fa-9272-e140e9df11f8", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c9ea6ec4-1f96-4d01-9532-f05e05e76e37", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.380603Z", "modified": "2026-06-02T15:57:32.380603Z", "relationship_type": "indicates", "source_ref": "indicator--cdce8581-5856-4b47-95b4-a748f51df994", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3839d2e6-3669-44a6-977e-74546cbccf47", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.381673Z", "modified": "2026-06-02T15:57:32.381673Z", "relationship_type": "indicates", "source_ref": "indicator--58d5fbb6-3e2f-46b8-8f5b-7a5e59d63d7e", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d669bcc7-add5-47e3-b2a7-0a654a312066", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.38275Z", "modified": "2026-06-02T15:57:32.38275Z", "relationship_type": "indicates", "source_ref": "indicator--efa81e39-ef8e-47c8-b121-5a27cdf4a934", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b6b5fc3b-f30b-41b6-859c-474c798b524c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.383842Z", "modified": "2026-06-02T15:57:32.383842Z", "relationship_type": "indicates", "source_ref": "indicator--4c66e113-202d-49a4-87ad-f67ef1f887b9", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2a4c69f8-d6dd-4b7f-9fc4-22f72b77ff6c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.385071Z", "modified": "2026-06-02T15:57:32.385071Z", "relationship_type": "indicates", "source_ref": "indicator--6b22e520-fd49-44ba-80e1-6a78faf1cd22", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c0d834c6-4ddc-4868-85c6-6c2504ef118c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.386144Z", "modified": "2026-06-02T15:57:32.386144Z", "relationship_type": "indicates", "source_ref": "indicator--b8e743cf-b13c-4944-a899-ab1efccd7a92", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3d3c8554-6b0e-49b9-a628-0937c73746bd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.387238Z", "modified": "2026-06-02T15:57:32.387238Z", "relationship_type": "indicates", "source_ref": "indicator--2f9971ac-f3a1-4da7-b207-4f2d6cba2e11", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ffcc5993-3a08-42e5-91ba-528da483e9db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.388321Z", "modified": "2026-06-02T15:57:32.388321Z", "relationship_type": "indicates", "source_ref": "indicator--f432787c-cab9-4b73-94ff-fda950576146", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d9bea7e2-4650-49e4-9a73-132bad925ab8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.389381Z", "modified": "2026-06-02T15:57:32.389381Z", "relationship_type": "indicates", "source_ref": "indicator--093553bc-bcd0-4117-b278-2bc6e7fb4ab9", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e3ffd486-b8a4-4504-93a6-727aaf4e2604", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.390448Z", "modified": "2026-06-02T15:57:32.390448Z", "relationship_type": "indicates", "source_ref": "indicator--def76cd5-c07d-49ae-9e59-e712680e5bc1", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--59e71939-1b2a-4451-b3ca-44bed47ef7d3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.391513Z", "modified": "2026-06-02T15:57:32.391513Z", "relationship_type": "indicates", "source_ref": "indicator--f7df439c-ddaf-4b3b-84cf-d75e7ff8a459", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c973b147-a897-47a2-8807-613a37fe2844", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.392731Z", "modified": "2026-06-02T15:57:32.392731Z", "relationship_type": "indicates", "source_ref": "indicator--429d9c7d-fa8b-455c-9843-3c737b8e02a8", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--22555143-ad30-4408-90b8-4695339e96f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.393804Z", "modified": "2026-06-02T15:57:32.393804Z", "relationship_type": "indicates", "source_ref": "indicator--075b6898-91d5-483d-9a84-012e7a96155c", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--39a8b101-ffb5-4dc0-b7fc-81bbe0945150", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.394859Z", "modified": "2026-06-02T15:57:32.394859Z", "relationship_type": "indicates", "source_ref": "indicator--dfc48089-4790-4fc6-a80d-a0328523887d", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--43cf2999-f590-4322-a7fd-ed5668ddde82", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.395929Z", "modified": "2026-06-02T15:57:32.395929Z", "relationship_type": "indicates", "source_ref": "indicator--72c076ee-fa7e-4262-b23f-41d76d2a6059", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2bb558ae-c639-4c88-b382-a7653a5f9b77", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.396998Z", "modified": "2026-06-02T15:57:32.396998Z", "relationship_type": "indicates", "source_ref": "indicator--bba0b6fd-d50f-44a9-b07a-f71c216e42be", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--41a696dc-3521-4827-9b41-fb76368eafdb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.398048Z", "modified": "2026-06-02T15:57:32.398048Z", "relationship_type": "indicates", "source_ref": "indicator--a7757e68-6be1-44f9-aa01-d51ad02a984c", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4f8dfb24-4fae-4b2f-ad63-a1ebf2873f62", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.399098Z", "modified": "2026-06-02T15:57:32.399098Z", "relationship_type": "indicates", "source_ref": "indicator--9059221b-3caf-4246-9783-ada39524e0c4", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--88cdd58d-671e-4132-81d3-bff1ab19c0b9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.400336Z", "modified": "2026-06-02T15:57:32.400336Z", "relationship_type": "indicates", "source_ref": "indicator--4353746c-79ac-451a-9cd6-7189fab20501", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--867863f0-243e-4f5c-9a9b-a2514ec0a93f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.401422Z", "modified": "2026-06-02T15:57:32.401422Z", "relationship_type": "indicates", "source_ref": "indicator--ca5a1c66-f581-4fee-9580-19645601e645", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f3a596fe-be5c-43be-91f2-6bf2356637a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.402493Z", "modified": "2026-06-02T15:57:32.402493Z", "relationship_type": "indicates", "source_ref": "indicator--8c59d02f-f374-4af7-8854-60c842b25a59", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a4b58365-8329-4c49-bec5-6cb01536cd6d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.403576Z", "modified": "2026-06-02T15:57:32.403576Z", "relationship_type": "indicates", "source_ref": "indicator--99e4b9d8-7a5e-4cc6-9f7e-faf5a6596fd8", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2bca8c90-4c0b-4259-aab9-e3611f0e19b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.404636Z", "modified": "2026-06-02T15:57:32.404636Z", "relationship_type": "indicates", "source_ref": "indicator--b7597fb6-3f2b-4d01-a660-0f587137f22f", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7e57797b-7b6d-4653-a044-f6ef667a9e92", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.405709Z", "modified": "2026-06-02T15:57:32.405709Z", "relationship_type": "indicates", "source_ref": "indicator--f70937f1-e995-4e88-9bde-21b6f457162a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--449b545a-e2c6-4eb4-a87a-84c42be6d055", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.406772Z", "modified": "2026-06-02T15:57:32.406772Z", "relationship_type": "indicates", "source_ref": "indicator--ba45f874-28a3-451d-a7fa-5854374c849c", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4012ee4e-8064-455f-875b-54dccdedbee6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.409041Z", "modified": "2026-06-02T15:57:32.409041Z", "relationship_type": "indicates", "source_ref": "indicator--533a67cd-3da8-4514-83c7-5f5e778a2d41", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5bf4416a-f243-430a-aa10-0c8e9ece131d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.410206Z", "modified": "2026-06-02T15:57:32.410206Z", "relationship_type": "indicates", "source_ref": "indicator--6d47557b-6349-4819-90a9-e4ea58f47205", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bdc748d9-5370-4215-a119-d7176fc460a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.411326Z", "modified": "2026-06-02T15:57:32.411326Z", "relationship_type": "indicates", "source_ref": "indicator--fa0e98c6-dbfd-4618-86f3-f004d6173a8a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3d75abcc-ede6-49c0-aa2d-f97a863fd1a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.412415Z", "modified": "2026-06-02T15:57:32.412415Z", "relationship_type": "indicates", "source_ref": "indicator--8eed9bca-7e78-4870-a63a-5976910a603e", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--75b78dad-b12f-4e24-8d50-617c6eb045da", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.413489Z", "modified": "2026-06-02T15:57:32.413489Z", "relationship_type": "indicates", "source_ref": "indicator--fa0f122b-c139-4764-bffe-08ff3eaa8b15", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8f53f205-4505-40c7-b06c-8671c7a9f282", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.414558Z", "modified": "2026-06-02T15:57:32.414558Z", "relationship_type": "indicates", "source_ref": "indicator--6133fd68-9365-4b17-9fc6-1c7241c9d66f", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--06e9a54b-ddbf-4af4-af7b-adcb7b299aed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.415641Z", "modified": "2026-06-02T15:57:32.415641Z", "relationship_type": "indicates", "source_ref": "indicator--7c9ab1d5-96e6-452a-9b22-edc41fdcaca1", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a8cad79e-d4db-4456-89a5-2cbe4d943a1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.416859Z", "modified": "2026-06-02T15:57:32.416859Z", "relationship_type": "indicates", "source_ref": "indicator--29499375-9dd0-4f3d-ae82-9d4a24432072", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b0e26e03-5dfa-4589-861f-0feccbf8b7cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.417944Z", "modified": "2026-06-02T15:57:32.417944Z", "relationship_type": "indicates", "source_ref": "indicator--6c38ae7b-c855-4859-ac9a-408834c7bf62", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6d290bfa-e87e-4824-a84b-0f3f0e79e092", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.419006Z", "modified": "2026-06-02T15:57:32.419006Z", "relationship_type": "indicates", "source_ref": "indicator--fb6790fb-c175-4b7a-b99b-5ca07252e0a1", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--04c6993b-45b4-4b63-826d-656fe879af35", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.42008Z", "modified": "2026-06-02T15:57:32.42008Z", "relationship_type": "indicates", "source_ref": "indicator--fcd9a027-494e-4f41-b609-73a159623a0a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0b4ddf45-7275-4467-8d70-03640d3c2e12", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.421147Z", "modified": "2026-06-02T15:57:32.421147Z", "relationship_type": "indicates", "source_ref": "indicator--c581e43f-e722-411e-a5a3-ccebf854b863", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--532995b2-b5dc-4566-ae8a-8a3dea7a8550", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.422317Z", "modified": "2026-06-02T15:57:32.422317Z", "relationship_type": "indicates", "source_ref": "indicator--54c15b2b-32cc-4ef9-9e16-2110817b34db", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ce851145-9fad-4471-80e0-6f0e512a6adf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.423397Z", "modified": "2026-06-02T15:57:32.423397Z", "relationship_type": "indicates", "source_ref": "indicator--1ee3e774-dfdd-4d6c-b5e2-3d324a33f055", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c44e7035-52b8-40cf-a44b-5459fef5ff90", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.424622Z", "modified": "2026-06-02T15:57:32.424622Z", "relationship_type": "indicates", "source_ref": "indicator--22d6940d-c1fe-4f84-adfc-858c6ebd8dc0", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d2729504-51b3-4091-9973-02c5855fc303", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.425705Z", "modified": "2026-06-02T15:57:32.425705Z", "relationship_type": "indicates", "source_ref": "indicator--1ec3baaa-2607-4077-b956-7f80b79bd3d5", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2bea11bc-215a-4d90-9ae5-ae18406f64b4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.426793Z", "modified": "2026-06-02T15:57:32.426793Z", "relationship_type": "indicates", "source_ref": "indicator--80a87285-c037-4d76-bccd-87c8793ef7fd", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d4895185-2561-4fc6-84dc-70ab4761a971", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.42788Z", "modified": "2026-06-02T15:57:32.42788Z", "relationship_type": "indicates", "source_ref": "indicator--6776fff1-4fc8-4cec-8de0-d8ec10903c2a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--22d0dae1-bd90-4c3d-a49b-e30890494577", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.428965Z", "modified": "2026-06-02T15:57:32.428965Z", "relationship_type": "indicates", "source_ref": "indicator--add1374c-0454-4b8d-9d20-dec10dd45975", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f3b419bf-92e4-45f8-8f83-74deec0c814d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.430031Z", "modified": "2026-06-02T15:57:32.430031Z", "relationship_type": "indicates", "source_ref": "indicator--d3b89f1d-98ea-4d6a-936e-231d2b8de129", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9feaad5a-6600-4617-b80a-ffe172b49d29", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.431092Z", "modified": "2026-06-02T15:57:32.431092Z", "relationship_type": "indicates", "source_ref": "indicator--216ab328-79db-44c8-bafe-07bb99ddc065", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3cd0fa03-e7eb-4798-9f7a-bb495068dee7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.432325Z", "modified": "2026-06-02T15:57:32.432325Z", "relationship_type": "indicates", "source_ref": "indicator--02f552e1-66b4-4e55-88ae-9bfcba76d3d7", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--14974c41-c0c3-4b0f-99b2-2537039a6eab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.433404Z", "modified": "2026-06-02T15:57:32.433404Z", "relationship_type": "indicates", "source_ref": "indicator--073e1f0f-f30a-4bce-825e-41bf05b4a960", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e2e801cf-ba0b-44d4-80f4-15e91ddae381", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.434504Z", "modified": "2026-06-02T15:57:32.434504Z", "relationship_type": "indicates", "source_ref": "indicator--864e7f93-4152-47a9-ab1e-85cb3f207ae6", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c4b06ae4-e3d1-4b3f-ac55-bb5c5f3b1144", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.435588Z", "modified": "2026-06-02T15:57:32.435588Z", "relationship_type": "indicates", "source_ref": "indicator--7b1edc97-5bd9-42b6-96c6-695d130219ee", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0d8e2481-3560-4a28-959f-9c2506495611", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.43666Z", "modified": "2026-06-02T15:57:32.43666Z", "relationship_type": "indicates", "source_ref": "indicator--6eb5512d-1b9b-4179-a018-20af5a1eb38c", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--86b8435f-3256-4896-814f-8d64f4fb2d41", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.437727Z", "modified": "2026-06-02T15:57:32.437727Z", "relationship_type": "indicates", "source_ref": "indicator--73cc64ec-c4db-46ec-85ef-334a4fdcc117", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a5467bc0-7a13-4c7b-8984-b42225b7970d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.438785Z", "modified": "2026-06-02T15:57:32.438785Z", "relationship_type": "indicates", "source_ref": "indicator--fbe5463e-c3b8-4a39-a587-e19cd5ec46db", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a53f9e62-25e0-43de-8909-9bf1dcbe575b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.440026Z", "modified": "2026-06-02T15:57:32.440026Z", "relationship_type": "indicates", "source_ref": "indicator--4a05b664-57ae-47e4-8c40-04e7cf07654b", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f782654c-20d7-41a3-a437-2648e3f25493", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.441109Z", "modified": "2026-06-02T15:57:32.441109Z", "relationship_type": "indicates", "source_ref": "indicator--3cd5584c-1bd8-46c5-88a1-ce609dc11f4f", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6ddcc790-8ed4-470e-96f9-2ad5f231d916", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.442179Z", "modified": "2026-06-02T15:57:32.442179Z", "relationship_type": "indicates", "source_ref": "indicator--8da10e8c-d2f2-4f88-bf41-185ff446bf75", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8f6a744c-6231-49ea-b341-c0e92a065c7a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.444175Z", "modified": "2026-06-02T15:57:32.444175Z", "relationship_type": "indicates", "source_ref": "indicator--465a13df-faa9-4622-8f0f-77efb1d9c44f", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8a14c11d-cc64-4fcb-a960-7b9919100193", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.445376Z", "modified": "2026-06-02T15:57:32.445376Z", "relationship_type": "indicates", "source_ref": "indicator--7909f14c-2de0-4c43-98ad-54e80423f32a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--650a3e3e-f51c-420d-a6f5-ecae69158997", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.44652Z", "modified": "2026-06-02T15:57:32.44652Z", "relationship_type": "indicates", "source_ref": "indicator--e20d06f3-991c-42a0-98e1-9e0ecb30c6f7", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2ed8544f-3cc6-43ea-8e2b-877c514a8563", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.44764Z", "modified": "2026-06-02T15:57:32.44764Z", "relationship_type": "indicates", "source_ref": "indicator--dfad3269-0b31-43ca-b950-11581a5b4e52", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f0e15323-7546-4195-9652-8c7124b2549a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.448925Z", "modified": "2026-06-02T15:57:32.448925Z", "relationship_type": "indicates", "source_ref": "indicator--393e7134-9e5f-49c0-8555-a77965c6a339", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--86488538-cca0-41bd-8b4d-7fbfd8dff893", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.45001Z", "modified": "2026-06-02T15:57:32.45001Z", "relationship_type": "indicates", "source_ref": "indicator--9d2c38d4-2e1a-46b9-84ea-315132e37d41", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d52e3389-1a21-4fc5-8224-ff77cb457f96", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.451075Z", "modified": "2026-06-02T15:57:32.451075Z", "relationship_type": "indicates", "source_ref": "indicator--57f71e19-5ab0-424c-abee-d1f84e40f558", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3ddb710c-17cf-460d-8ede-89375b9f86da", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.452156Z", "modified": "2026-06-02T15:57:32.452156Z", "relationship_type": "indicates", "source_ref": "indicator--deb5d00c-17b7-4474-820d-12df29c97338", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cb3b1457-b64d-4f3d-a15c-46f265df6fad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.453214Z", "modified": "2026-06-02T15:57:32.453214Z", "relationship_type": "indicates", "source_ref": "indicator--8068c964-4eac-47e2-a0f9-7506b5059301", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--787068f6-171e-48bf-b27b-66a84d0d0a9f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.45428Z", "modified": "2026-06-02T15:57:32.45428Z", "relationship_type": "indicates", "source_ref": "indicator--1506e42c-b0d2-4a8f-b5b4-d55c42ca8bf1", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--029276a9-79cd-49b8-94c0-3c4b5e4c3f1f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.455358Z", "modified": "2026-06-02T15:57:32.455358Z", "relationship_type": "indicates", "source_ref": "indicator--bf1d3949-7b00-4e56-8dce-655d46d87c0e", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--00b6a233-f477-412a-b6db-656096a9eac3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.456576Z", "modified": "2026-06-02T15:57:32.456576Z", "relationship_type": "indicates", "source_ref": "indicator--bcd40c57-9877-49b4-923e-f1235815e220", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eb2b3bc9-709d-44ef-9590-801788e78844", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.457658Z", "modified": "2026-06-02T15:57:32.457658Z", "relationship_type": "indicates", "source_ref": "indicator--40044138-a69b-4565-9f43-026aec2238af", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--33e8fbe9-fdb3-43cf-8dd0-a7b16660f903", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.458716Z", "modified": "2026-06-02T15:57:32.458716Z", "relationship_type": "indicates", "source_ref": "indicator--6b253cf7-2767-4fe6-8a80-eb758df1c2be", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0e148806-297a-4b26-b384-7cba1c9e884e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.459739Z", "modified": "2026-06-02T15:57:32.459739Z", "relationship_type": "indicates", "source_ref": "indicator--f82b8b6f-ed97-405a-b2ae-fbdbcc6f60a0", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--449d46e6-792c-43d9-92b8-2650f7dbb421", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.460744Z", "modified": "2026-06-02T15:57:32.460744Z", "relationship_type": "indicates", "source_ref": "indicator--1d9374b4-0ec2-4307-9bae-5d56cf14904e", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f72b504d-73d1-470d-b0c1-f475d86f02a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.461768Z", "modified": "2026-06-02T15:57:32.461768Z", "relationship_type": "indicates", "source_ref": "indicator--c1379723-852d-4494-a586-2cd069053110", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--930ea9ce-b5bd-47fb-95f0-2285c34c6637", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.462768Z", "modified": "2026-06-02T15:57:32.462768Z", "relationship_type": "indicates", "source_ref": "indicator--6754d83b-6409-4961-80c2-73c6f9eda18f", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dcfb64e7-a486-4107-beec-02627cbe92e8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.463929Z", "modified": "2026-06-02T15:57:32.463929Z", "relationship_type": "indicates", "source_ref": "indicator--be22b090-3734-4fe2-b89c-62822e5aca40", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bc3ca622-9f50-4651-901e-fcda8ca7d28b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.464943Z", "modified": "2026-06-02T15:57:32.464943Z", "relationship_type": "indicates", "source_ref": "indicator--441d26f7-4ee7-4183-a73f-2069b19366a7", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--45ee4f23-6991-4347-943a-615c9c4d7af0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.465943Z", "modified": "2026-06-02T15:57:32.465943Z", "relationship_type": "indicates", "source_ref": "indicator--09eb9bcf-191b-4469-8990-d6865395a7b9", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--13153a4d-7611-425b-9f9b-d622aa82fdd0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.466935Z", "modified": "2026-06-02T15:57:32.466935Z", "relationship_type": "indicates", "source_ref": "indicator--a324157b-8b36-44b7-be61-a9e64896b9f0", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3829977c-2354-43e0-8b2a-f16139f17396", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.467988Z", "modified": "2026-06-02T15:57:32.467988Z", "relationship_type": "indicates", "source_ref": "indicator--dacc1975-75e3-430c-8113-d27ec5b5cae8", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5dae9b2c-38a5-44e0-855e-8b56faa52392", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.469053Z", "modified": "2026-06-02T15:57:32.469053Z", "relationship_type": "indicates", "source_ref": "indicator--57f14619-b3d5-4cbd-9bca-9c0c2b27e933", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8807a6d6-31f6-4558-8fd3-329b1214956f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.470132Z", "modified": "2026-06-02T15:57:32.470132Z", "relationship_type": "indicates", "source_ref": "indicator--64d49d34-f2c3-47cf-a9ca-166f66eba368", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--70042ee2-404d-4486-9c7f-1fe2f796c2d0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.471415Z", "modified": "2026-06-02T15:57:32.471415Z", "relationship_type": "indicates", "source_ref": "indicator--d3a12c1f-0fb6-43e8-9d0a-2301ecaeb45b", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--29b5bffd-5a3e-4666-9393-a10fd2627d59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.472515Z", "modified": "2026-06-02T15:57:32.472515Z", "relationship_type": "indicates", "source_ref": "indicator--ae0057be-c21f-4024-b22b-b91e2a31c89a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--449be203-9d85-4646-bf3a-0564b344fc22", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.473579Z", "modified": "2026-06-02T15:57:32.473579Z", "relationship_type": "indicates", "source_ref": "indicator--2e485f6b-2677-461a-9d6c-916fb0b908f3", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b2aaaa46-6fff-449f-82f8-ad09ba9904f4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.474644Z", "modified": "2026-06-02T15:57:32.474644Z", "relationship_type": "indicates", "source_ref": "indicator--5bf47651-dbd4-4494-a8d4-6b8a825eee2a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--70670335-ab78-4928-9f19-f27ccf654d53", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.475727Z", "modified": "2026-06-02T15:57:32.475727Z", "relationship_type": "indicates", "source_ref": "indicator--d3096373-2de5-4caf-ae77-6b290935c6cf", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1b99923f-d297-4a05-b2fc-6ef99dea6913", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.47677Z", "modified": "2026-06-02T15:57:32.47677Z", "relationship_type": "indicates", "source_ref": "indicator--7bab2f44-6ed6-4334-882a-d14896b5659a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--80f37423-6c6d-4a83-a919-ba7f30770a9a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.47792Z", "modified": "2026-06-02T15:57:32.47792Z", "relationship_type": "indicates", "source_ref": "indicator--18daf97b-0d8d-4aa1-9ecf-2414573f864a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bc1de59a-fdf1-49ff-b4a2-1e0900a8858b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.479385Z", "modified": "2026-06-02T15:57:32.479385Z", "relationship_type": "indicates", "source_ref": "indicator--4c443976-0989-4c78-be79-38135b249033", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1f646898-f7c7-4d73-b7b8-2f948100cd21", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.480609Z", "modified": "2026-06-02T15:57:32.480609Z", "relationship_type": "indicates", "source_ref": "indicator--7bf12a0a-87f7-4a4d-8511-4f6ac08a4b46", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--50f660dc-8236-42a9-9f6c-6450116a5783", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.481821Z", "modified": "2026-06-02T15:57:32.481821Z", "relationship_type": "indicates", "source_ref": "indicator--18506a1f-c0cd-4986-9c0a-3c50595809ac", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bad25b73-35a8-41f5-a6aa-4f541f6f8b17", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.483004Z", "modified": "2026-06-02T15:57:32.483004Z", "relationship_type": "indicates", "source_ref": "indicator--1ad1cf59-2e16-477f-901e-88bb2ed43552", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--07d58f6d-d496-482f-82ab-0004ba0ed0d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.484131Z", "modified": "2026-06-02T15:57:32.484131Z", "relationship_type": "indicates", "source_ref": "indicator--41258603-f48f-4fe9-984e-328cd337aa1c", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d5e89f35-bb24-47bd-bbfe-c1eecb5da637", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.485174Z", "modified": "2026-06-02T15:57:32.485174Z", "relationship_type": "indicates", "source_ref": "indicator--4f8362cf-5a60-413a-add5-00b0400a6b11", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e7aff46c-4460-4b10-a67e-bdb9fd79c722", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.486198Z", "modified": "2026-06-02T15:57:32.486198Z", "relationship_type": "indicates", "source_ref": "indicator--6ac2fa05-126f-40e6-b051-c4e91b7fe6ff", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3b5c851d-f071-4a81-a569-6c22b949290c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.487417Z", "modified": "2026-06-02T15:57:32.487417Z", "relationship_type": "indicates", "source_ref": "indicator--47ef35df-3075-435f-b778-ade7813bd333", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4028c0ac-0e2e-4af2-a400-1247a57d773c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.488473Z", "modified": "2026-06-02T15:57:32.488473Z", "relationship_type": "indicates", "source_ref": "indicator--c3655a2c-0dfb-4e36-bf58-6d87e680c718", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ea7c8458-6b53-4e37-a6f5-24efeef64a3b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.489498Z", "modified": "2026-06-02T15:57:32.489498Z", "relationship_type": "indicates", "source_ref": "indicator--5724b971-9196-4345-b531-815b1832b1e1", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e2722591-706c-411c-a68c-03feaa84f085", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.490519Z", "modified": "2026-06-02T15:57:32.490519Z", "relationship_type": "indicates", "source_ref": "indicator--a126e23c-ccf3-49c8-b953-b8ffb5814fd7", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1ec49246-5abd-46b7-98b6-233c70b24fb8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.491538Z", "modified": "2026-06-02T15:57:32.491538Z", "relationship_type": "indicates", "source_ref": "indicator--e1916ce3-0673-4aeb-a0ac-069246f38c63", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8ab8fc70-b573-42c3-92f2-eb0d746c9386", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.492542Z", "modified": "2026-06-02T15:57:32.492542Z", "relationship_type": "indicates", "source_ref": "indicator--daf7a934-1969-428a-b392-d4180e3d96f4", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--345862c6-bb7e-42bc-a8f8-1a029c0cd992", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.493536Z", "modified": "2026-06-02T15:57:32.493536Z", "relationship_type": "indicates", "source_ref": "indicator--35f245aa-76b1-4ddc-b11e-9ed595ccee17", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--942cb5e9-b2f0-4677-86a6-8c82cb3ad562", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.494702Z", "modified": "2026-06-02T15:57:32.494702Z", "relationship_type": "indicates", "source_ref": "indicator--2844b473-c674-4601-92b1-9d0b8977ed63", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b7f5cfd2-14fa-4be4-9989-c1fa0a033cd7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.49573Z", "modified": "2026-06-02T15:57:32.49573Z", "relationship_type": "indicates", "source_ref": "indicator--fdf4d1b0-8a31-4d7c-853e-179e9b2e04d9", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1715e779-20eb-454f-83b0-b001f25f6b10", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.496728Z", "modified": "2026-06-02T15:57:32.496728Z", "relationship_type": "indicates", "source_ref": "indicator--1d63e293-b35d-4b04-8728-cc914941d6f3", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ac537295-b2a1-4d51-ac7b-cb2c4526ff3b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.497721Z", "modified": "2026-06-02T15:57:32.497721Z", "relationship_type": "indicates", "source_ref": "indicator--df2b68da-9157-4a41-926f-19f91cc95aa7", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0b2c3ab2-9633-4506-b901-a0b44375e7af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.498712Z", "modified": "2026-06-02T15:57:32.498712Z", "relationship_type": "indicates", "source_ref": "indicator--b40e7350-1534-4fd9-844b-2e227fe15998", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3aff8e29-e689-4457-97fe-cd9659c28506", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.499722Z", "modified": "2026-06-02T15:57:32.499722Z", "relationship_type": "indicates", "source_ref": "indicator--b5e52b97-93f5-4048-8f3a-fb3f179ca018", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f0fb95fd-301f-43a1-91f4-7e1f69f6e53a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.500724Z", "modified": "2026-06-02T15:57:32.500724Z", "relationship_type": "indicates", "source_ref": "indicator--978676c9-cd96-4c4b-995a-6393e17e3631", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b7b4cead-df57-480d-afe1-b9b5b823251f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.502856Z", "modified": "2026-06-02T15:57:32.502856Z", "relationship_type": "indicates", "source_ref": "indicator--f9fe5084-789f-4e96-ac1f-2ada324bcff1", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7f183471-0e6b-4bb3-bd82-a66b1bbcbde1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.50401Z", "modified": "2026-06-02T15:57:32.50401Z", "relationship_type": "indicates", "source_ref": "indicator--7bf9a1c2-bf6c-42c8-b61f-20e34b601110", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a1d8e202-f149-45d8-aa7f-0cb19c5c8831", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.505065Z", "modified": "2026-06-02T15:57:32.505065Z", "relationship_type": "indicates", "source_ref": "indicator--08087502-0352-4486-b86d-41b77fa644eb", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9e8b9f28-e667-4f1c-b237-7e17658681fe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.506119Z", "modified": "2026-06-02T15:57:32.506119Z", "relationship_type": "indicates", "source_ref": "indicator--d081e781-4c3c-4a1c-869d-81e63a861024", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--13c21e74-0d69-4da7-9154-414f54d83334", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.507151Z", "modified": "2026-06-02T15:57:32.507151Z", "relationship_type": "indicates", "source_ref": "indicator--8239a7f8-c880-43c9-b8bd-ae4b5e46d86b", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--59c12d7c-0c0d-428a-99d5-d74ba008b10c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.508169Z", "modified": "2026-06-02T15:57:32.508169Z", "relationship_type": "indicates", "source_ref": "indicator--3dde732f-c454-4e08-9c05-2ebeff6f0860", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--db6091e2-db11-4e30-87b2-0ec93f8482da", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.50918Z", "modified": "2026-06-02T15:57:32.50918Z", "relationship_type": "indicates", "source_ref": "indicator--b8e309d3-c964-4d3a-8184-a16141667724", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bedb9fbe-0fb0-4595-af3b-b2afb3a071f9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.510335Z", "modified": "2026-06-02T15:57:32.510335Z", "relationship_type": "indicates", "source_ref": "indicator--da01ad8f-4bb1-4e36-8e25-af5e6a057300", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ee825d73-a5c5-43d1-ae9c-bbc147accb51", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.511368Z", "modified": "2026-06-02T15:57:32.511368Z", "relationship_type": "indicates", "source_ref": "indicator--d89f0ccc-79ed-406b-96eb-c7c7e4cb2e6e", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3e779541-c5e2-41fc-a7cd-2262dd29ff98", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.512381Z", "modified": "2026-06-02T15:57:32.512381Z", "relationship_type": "indicates", "source_ref": "indicator--f8995c9f-1520-4a5f-b761-15508bc872c4", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e039a22e-7142-4259-b372-c9f49cbccfb3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.513378Z", "modified": "2026-06-02T15:57:32.513378Z", "relationship_type": "indicates", "source_ref": "indicator--19143a6f-7865-49be-9b2f-6129c256b035", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8478be05-222a-4535-8dbf-66bd9a3b21e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.514384Z", "modified": "2026-06-02T15:57:32.514384Z", "relationship_type": "indicates", "source_ref": "indicator--844660d7-d82c-4b72-aa78-ab7cca49d74d", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b87329fa-0869-4e5b-b00d-6fd79a7c940a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.515395Z", "modified": "2026-06-02T15:57:32.515395Z", "relationship_type": "indicates", "source_ref": "indicator--37809b22-5327-4306-9a23-63169b19661e", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8629410c-0e78-464f-80bc-4349c0b4f52c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.516407Z", "modified": "2026-06-02T15:57:32.516407Z", "relationship_type": "indicates", "source_ref": "indicator--8c511abf-4f92-448f-b8b8-20c9a33beea7", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ca6c56a3-32a8-4128-be84-89c4d9c4a987", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.517565Z", "modified": "2026-06-02T15:57:32.517565Z", "relationship_type": "indicates", "source_ref": "indicator--bb7ca7c2-3845-40da-a8ab-af003f434858", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c35966fa-b6d8-49c6-bd2a-1f955cc3dd88", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.518579Z", "modified": "2026-06-02T15:57:32.518579Z", "relationship_type": "indicates", "source_ref": "indicator--8368f5de-4804-45f6-b309-35c111436ed4", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--50bba2cb-ed42-47b7-86c6-4bd218611a3f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.519596Z", "modified": "2026-06-02T15:57:32.519596Z", "relationship_type": "indicates", "source_ref": "indicator--2823e92c-5312-4b8a-a348-92086a57d084", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--17f8cdba-5615-4e24-9452-14d1fba2198b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.520606Z", "modified": "2026-06-02T15:57:32.520606Z", "relationship_type": "indicates", "source_ref": "indicator--08a83477-b6ed-4522-ac34-bc15b38a33fa", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d1c5db06-e112-4aee-8ebf-9c0e87a0224f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.521603Z", "modified": "2026-06-02T15:57:32.521603Z", "relationship_type": "indicates", "source_ref": "indicator--1694c70c-d4b0-459c-ab3c-fc9ae3cd0a58", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bb172878-f248-4898-83d9-05bfbf9492fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.522596Z", "modified": "2026-06-02T15:57:32.522596Z", "relationship_type": "indicates", "source_ref": "indicator--aff83377-239e-4d9d-9197-c051e4cbc0dd", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d22ab84d-3b7e-4652-8dc9-c9a7e18f7521", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.523609Z", "modified": "2026-06-02T15:57:32.523609Z", "relationship_type": "indicates", "source_ref": "indicator--e635cbf3-5428-425c-a643-2ed3d9c350bc", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bfd22eee-c89a-4241-8c4d-1675a498da2d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.524758Z", "modified": "2026-06-02T15:57:32.524758Z", "relationship_type": "indicates", "source_ref": "indicator--85ff7715-36bc-4134-9757-3319c36cb848", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--45eb7e92-cb77-467a-a4d1-d6492c5ffeb7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.525775Z", "modified": "2026-06-02T15:57:32.525775Z", "relationship_type": "indicates", "source_ref": "indicator--926264ec-5696-46e1-9561-6d595b28cdff", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d0f5a0e6-4043-409d-818d-0c61e491a0a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.526781Z", "modified": "2026-06-02T15:57:32.526781Z", "relationship_type": "indicates", "source_ref": "indicator--fe0d6b2c-1faf-4908-9248-2342d11621b6", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0513d50a-63d3-4e70-b0ce-eed98c05a147", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.527798Z", "modified": "2026-06-02T15:57:32.527798Z", "relationship_type": "indicates", "source_ref": "indicator--8052e485-9b72-417c-988d-63a312326f8b", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--193514af-b426-4309-9054-f63c17907938", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.528807Z", "modified": "2026-06-02T15:57:32.528807Z", "relationship_type": "indicates", "source_ref": "indicator--68935938-5ba9-4763-890a-276fdf58554c", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--60ca2547-2148-4d05-be78-834d35c94a9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.529807Z", "modified": "2026-06-02T15:57:32.529807Z", "relationship_type": "indicates", "source_ref": "indicator--3b9f2a59-1a04-45c3-bfb8-b10b46c5ef9e", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2a071a87-7b2c-4d93-aef5-c8da97f678d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.530805Z", "modified": "2026-06-02T15:57:32.530805Z", "relationship_type": "indicates", "source_ref": "indicator--82352e29-9362-4134-8154-62021fb46e22", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--050253c9-08fd-4b5a-be40-d830acd2b166", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.531972Z", "modified": "2026-06-02T15:57:32.531972Z", "relationship_type": "indicates", "source_ref": "indicator--fd7abb99-0d05-42cd-81ad-50591802660a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f3926e54-197b-4202-96a7-f17afc3cdb37", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.533003Z", "modified": "2026-06-02T15:57:32.533003Z", "relationship_type": "indicates", "source_ref": "indicator--0b5cff67-4e2b-4b78-ad2b-68312f4ba276", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0b082c77-b93d-4a35-ad7c-05b17ee730fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.534002Z", "modified": "2026-06-02T15:57:32.534002Z", "relationship_type": "indicates", "source_ref": "indicator--2d3d6fb7-f487-46b9-9f58-e373e889fb6f", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--803d2926-0a85-43b9-8daf-97a609eac7c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.534999Z", "modified": "2026-06-02T15:57:32.534999Z", "relationship_type": "indicates", "source_ref": "indicator--1bee2305-d7de-49e0-a80e-3d10869f80fd", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e1ec5e31-bb35-422b-acd7-73ba9d3b972a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.536055Z", "modified": "2026-06-02T15:57:32.536055Z", "relationship_type": "indicates", "source_ref": "indicator--564e6dc5-40ed-472b-9796-402eb3fc7386", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2868ac5a-60b7-4f39-84b4-2641e181811f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.537089Z", "modified": "2026-06-02T15:57:32.537089Z", "relationship_type": "indicates", "source_ref": "indicator--e2a4d4d0-6874-4c9c-beab-4cab3e031bdc", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--769b4636-2b21-49c8-96c8-e5e7826c5979", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.538109Z", "modified": "2026-06-02T15:57:32.538109Z", "relationship_type": "indicates", "source_ref": "indicator--83596aed-b5e6-4440-881f-04299af9e301", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9ff6cc52-68a4-441a-b362-88d2781aa347", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.539284Z", "modified": "2026-06-02T15:57:32.539284Z", "relationship_type": "indicates", "source_ref": "indicator--0456584d-4be2-428f-83df-bc619ea82e79", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--89a7440a-ca89-483c-8692-f93a4c3b9072", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.540319Z", "modified": "2026-06-02T15:57:32.540319Z", "relationship_type": "indicates", "source_ref": "indicator--87bcc404-42d7-4bab-a4a9-4aa4d64dad17", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5c0b6df7-eb01-49cb-9301-ebd9a8611d4a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.541327Z", "modified": "2026-06-02T15:57:32.541327Z", "relationship_type": "indicates", "source_ref": "indicator--60e1e100-dbee-4a65-b148-cda22acd6890", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--371fc35c-60a7-4525-80e9-51bccfbedb51", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.542331Z", "modified": "2026-06-02T15:57:32.542331Z", "relationship_type": "indicates", "source_ref": "indicator--ecb1fab8-179a-434d-8a52-626fb2765cfd", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e3f7dec3-3134-4a25-8086-7c45f165c8e9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.543346Z", "modified": "2026-06-02T15:57:32.543346Z", "relationship_type": "indicates", "source_ref": "indicator--fe4cfff6-2612-4032-ab54-12fcc40a7b05", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0cc7bee3-9589-49d6-8f4a-371116194a66", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.544516Z", "modified": "2026-06-02T15:57:32.544516Z", "relationship_type": "indicates", "source_ref": "indicator--f675efe0-7e9b-4431-bcd4-4605674cbb55", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cf1c42b9-e1a2-4620-b98c-d313cd8e2ebc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.54557Z", "modified": "2026-06-02T15:57:32.54557Z", "relationship_type": "indicates", "source_ref": "indicator--df7cd161-42fc-4160-be20-f8bc367c16fd", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--86dafe77-ebee-42aa-8b41-2f5599c00b2d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.546745Z", "modified": "2026-06-02T15:57:32.546745Z", "relationship_type": "indicates", "source_ref": "indicator--4a5b5d34-8e2c-4ec2-9139-c131bc5f3990", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5643d090-8412-4dc2-bfff-142b00a36fee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.547826Z", "modified": "2026-06-02T15:57:32.547826Z", "relationship_type": "indicates", "source_ref": "indicator--e968edf2-d0c8-47bd-bdde-f38aa3c3ca9f", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c516106b-904c-4547-80f4-aad6cb660eee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.548849Z", "modified": "2026-06-02T15:57:32.548849Z", "relationship_type": "indicates", "source_ref": "indicator--8043595d-5fa4-4365-9110-9c1b35419b07", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5c0c9ce6-2b49-4818-b696-03b628c92a61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.549862Z", "modified": "2026-06-02T15:57:32.549862Z", "relationship_type": "indicates", "source_ref": "indicator--54f423a5-9c3a-44a9-93f9-d231cb8be056", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--70a37b9e-89c1-4279-99e6-b2348a55783b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.550878Z", "modified": "2026-06-02T15:57:32.550878Z", "relationship_type": "indicates", "source_ref": "indicator--0ae8c1c8-1d9e-4a8e-9826-9eb4b194a577", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7383259b-0d5b-4c5d-9fa8-bb1656a26fa8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.551914Z", "modified": "2026-06-02T15:57:32.551914Z", "relationship_type": "indicates", "source_ref": "indicator--f3e7bfaf-7887-46d5-82c6-d4e5b07f4351", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5fb17c73-8291-484b-a877-da6aace3f2f8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.552927Z", "modified": "2026-06-02T15:57:32.552927Z", "relationship_type": "indicates", "source_ref": "indicator--b910ef08-4165-41b6-8827-79c00207bc24", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d0a188fe-13e8-4b74-8c0d-d009dde026e7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.554144Z", "modified": "2026-06-02T15:57:32.554144Z", "relationship_type": "indicates", "source_ref": "indicator--9ff6e5c1-9504-48c7-b560-3bec5149722c", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--506a4684-2eb2-429e-bd67-a1bcce98b084", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.555192Z", "modified": "2026-06-02T15:57:32.555192Z", "relationship_type": "indicates", "source_ref": "indicator--4dfd87e3-01be-45a3-a408-d968d5192545", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--72690ed9-3e85-44bf-9177-8755c6815837", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.556214Z", "modified": "2026-06-02T15:57:32.556214Z", "relationship_type": "indicates", "source_ref": "indicator--b490049a-2cc8-4c89-be2a-01fb5b47eab7", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--93f7b5ec-7b07-480e-bdb7-49a019846bb4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.557227Z", "modified": "2026-06-02T15:57:32.557227Z", "relationship_type": "indicates", "source_ref": "indicator--e9b32950-7cb9-4b9c-a4cb-ed69aab41fc6", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c25a80d5-eaa3-4faf-8c4d-e395b9c60756", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.558248Z", "modified": "2026-06-02T15:57:32.558248Z", "relationship_type": "indicates", "source_ref": "indicator--b724c972-4212-4586-bec9-db61d2d99a28", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--39899c94-a319-4a06-9bdb-a0a545558fde", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.559305Z", "modified": "2026-06-02T15:57:32.559305Z", "relationship_type": "indicates", "source_ref": "indicator--523a571c-bd1c-46ad-a501-55de57498b5c", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--609b45d5-ad20-4e1c-b898-1f1e23a07521", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.560329Z", "modified": "2026-06-02T15:57:32.560329Z", "relationship_type": "indicates", "source_ref": "indicator--b8974b93-e598-421a-a13c-857156c0a21c", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9f80a639-5c3b-41b8-8a21-213ff79a1d3c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.561485Z", "modified": "2026-06-02T15:57:32.561485Z", "relationship_type": "indicates", "source_ref": "indicator--a8b04ff3-898a-4be5-9225-4a991eeda8bc", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f0e1cf6a-66da-4b1a-a6ba-c3f1e25dd035", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.562515Z", "modified": "2026-06-02T15:57:32.562515Z", "relationship_type": "indicates", "source_ref": "indicator--24f4599b-66ed-4124-846f-a938aab8fe9a", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1772baef-1ac9-45fb-9769-6bbf5620b615", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.563536Z", "modified": "2026-06-02T15:57:32.563536Z", "relationship_type": "indicates", "source_ref": "indicator--83f563b6-eff2-4483-896b-19c4e7da2b59", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--44cef95d-8353-4bec-b80c-cda381c9a1cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.564567Z", "modified": "2026-06-02T15:57:32.564567Z", "relationship_type": "indicates", "source_ref": "indicator--b857a320-c774-4702-a3f3-f3ed4294b30f", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eb3c4efd-7735-4ff3-a365-f1260e57bc73", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.565583Z", "modified": "2026-06-02T15:57:32.565583Z", "relationship_type": "indicates", "source_ref": "indicator--363d6bb3-c4b8-49ed-80ef-e7f6ed65d293", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b2745bc0-62f1-4afc-9ece-7b321d2a8d26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.566586Z", "modified": "2026-06-02T15:57:32.566586Z", "relationship_type": "indicates", "source_ref": "indicator--7d9c53ef-7820-4b3c-ab74-7cf5c0d35f81", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bf6b4e19-c37a-49fa-b5f6-52f63140b8c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.56761Z", "modified": "2026-06-02T15:57:32.56761Z", "relationship_type": "indicates", "source_ref": "indicator--541648ae-1a56-48d3-b835-05c961a6b6a8", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2a560379-f69e-4e62-9d8f-432b01b62b41", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.56876Z", "modified": "2026-06-02T15:57:32.56876Z", "relationship_type": "indicates", "source_ref": "indicator--622620e5-fe36-47df-9238-cdb3fdeb6d89", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--287f33aa-dc81-470f-a54e-d2c5e4b84f16", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.569777Z", "modified": "2026-06-02T15:57:32.569777Z", "relationship_type": "indicates", "source_ref": "indicator--ff63644c-63ca-4735-b3d6-46eb54191348", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3399155b-edc9-4cd0-a384-05effd6c0682", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.570789Z", "modified": "2026-06-02T15:57:32.570789Z", "relationship_type": "indicates", "source_ref": "indicator--9e617b22-8de6-47d7-b083-0612f5487548", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--599c9b99-7771-4d74-b918-f744370fc075", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.571831Z", "modified": "2026-06-02T15:57:32.571831Z", "relationship_type": "indicates", "source_ref": "indicator--9f41ae35-e6af-4fe5-8ac4-3c3e5aea59eb", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c95a6cdf-cd44-42b8-aff4-b296aef75fc8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.572844Z", "modified": "2026-06-02T15:57:32.572844Z", "relationship_type": "indicates", "source_ref": "indicator--b6b0259d-7dec-4a6f-b5a1-532ffc01ac58", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9fc447a5-89c9-4afe-95b4-cd516c84cd66", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.573928Z", "modified": "2026-06-02T15:57:32.573928Z", "relationship_type": "indicates", "source_ref": "indicator--8d39ee28-29a4-49b9-b44a-7d914c67a255", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--655df101-c141-45b9-934c-0923918d782f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.574951Z", "modified": "2026-06-02T15:57:32.574951Z", "relationship_type": "indicates", "source_ref": "indicator--f3e8fd84-805e-43bd-b063-1eb890d81804", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--36349fee-2585-4ff5-b443-fcef414204f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.576135Z", "modified": "2026-06-02T15:57:32.576135Z", "relationship_type": "indicates", "source_ref": "indicator--1cdd8f7d-f322-4309-81ad-28d0e7e05660", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--33e6baff-d810-4102-b8c5-b670db3a84d0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.577161Z", "modified": "2026-06-02T15:57:32.577161Z", "relationship_type": "indicates", "source_ref": "indicator--bd5bf159-8a57-4892-9af2-3b91cf94524b", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5d03d7d5-4c08-4e5e-be77-d8975e9298c6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.578206Z", "modified": "2026-06-02T15:57:32.578206Z", "relationship_type": "indicates", "source_ref": "indicator--a0e8fee1-56ca-4d96-b399-dc4d00c45014", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6e91fc41-8c5d-42dc-9563-d7d5f06c6324", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.579238Z", "modified": "2026-06-02T15:57:32.579238Z", "relationship_type": "indicates", "source_ref": "indicator--99b6cd29-aefa-4937-b1d6-da43d2b1757e", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b104fc8d-396d-4f2f-aead-10010f8665a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.580251Z", "modified": "2026-06-02T15:57:32.580251Z", "relationship_type": "indicates", "source_ref": "indicator--70ff7051-122f-4234-a4fa-65a2dc7e45cb", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e8eb02aa-7e83-4438-8fca-5821725ad81d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.58125Z", "modified": "2026-06-02T15:57:32.58125Z", "relationship_type": "indicates", "source_ref": "indicator--4b16d2b5-3e11-4cce-a2ab-64a4db744abe", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2364c955-ef19-4f85-8b11-0a905f29c4f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.582256Z", "modified": "2026-06-02T15:57:32.582256Z", "relationship_type": "indicates", "source_ref": "indicator--14bf04bb-0516-4158-8588-4d4a3d179e60", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9a2fc66c-d58a-431a-b18b-0e1fb612711d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.583431Z", "modified": "2026-06-02T15:57:32.583431Z", "relationship_type": "indicates", "source_ref": "indicator--97cd58c7-1da2-4b24-a96c-7943593652dd", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b210fbe5-70ce-4c36-be15-c7392243526d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.584462Z", "modified": "2026-06-02T15:57:32.584462Z", "relationship_type": "indicates", "source_ref": "indicator--b6c1210d-ba97-4b82-95cf-628090a4c7bd", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ae9a96af-7cfe-44d4-b04e-dde0bd7611c2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.585473Z", "modified": "2026-06-02T15:57:32.585473Z", "relationship_type": "indicates", "source_ref": "indicator--ddc5ff0c-c3c7-4e59-be1b-6fa8111abcbb", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ce4a9360-3fa9-4c64-aa6e-0c779ffa7a86", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.586478Z", "modified": "2026-06-02T15:57:32.586478Z", "relationship_type": "indicates", "source_ref": "indicator--12af13e8-df7b-4156-8bc9-ea8824c25e18", "target_ref": "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4cdb6af7-4829-40b2-a536-3d6f888e6353", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.58786Z", "modified": "2026-06-02T15:57:32.58786Z", "relationship_type": "indicates", "source_ref": "indicator--7bc6a366-0c82-41f9-acc7-2ca1e06826e4", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5db8c25c-b363-421d-b015-0cdf43e3f6d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.588915Z", "modified": "2026-06-02T15:57:32.588915Z", "relationship_type": "indicates", "source_ref": "indicator--ed370d52-27fc-4e21-8e93-60146e8a210d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4a686eaa-135a-49c7-80d9-80b55c86c8d1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.589977Z", "modified": "2026-06-02T15:57:32.589977Z", "relationship_type": "indicates", "source_ref": "indicator--cc72c9f5-0e31-4808-bb8e-acda150caee3", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--99b8c203-daeb-414d-886b-fd9be7f8fd34", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.592102Z", "modified": "2026-06-02T15:57:32.592102Z", "relationship_type": "indicates", "source_ref": "indicator--7b9a4536-829c-4c1e-9da1-34344b272368", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--47d3dde8-3d5f-4d47-bb42-a50172132c04", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.593259Z", "modified": "2026-06-02T15:57:32.593259Z", "relationship_type": "indicates", "source_ref": "indicator--f10bcd32-7e7f-4a32-9734-efec8c912890", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b59d3313-3895-4dd5-8327-6e362176c493", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.594345Z", "modified": "2026-06-02T15:57:32.594345Z", "relationship_type": "indicates", "source_ref": "indicator--3e931bf4-41a4-4875-9c14-29eb3c388d73", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8b8d3e36-d05f-4e7d-8fe6-696908220b0f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.595445Z", "modified": "2026-06-02T15:57:32.595445Z", "relationship_type": "indicates", "source_ref": "indicator--8fdacb92-e97f-4450-8128-8492386ff847", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5849007d-21fa-4744-b32b-d50147dc46fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.596463Z", "modified": "2026-06-02T15:57:32.596463Z", "relationship_type": "indicates", "source_ref": "indicator--a15a4af4-1b7b-4a51-9534-a9fc0beb63e7", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--461a2c8f-19b1-444c-ade5-6bf3e7e2a930", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.597462Z", "modified": "2026-06-02T15:57:32.597462Z", "relationship_type": "indicates", "source_ref": "indicator--d948e6b6-36b9-402a-a676-3116b3d1f79b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6a203adf-4262-40a4-a566-3a24ce751ada", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.598462Z", "modified": "2026-06-02T15:57:32.598462Z", "relationship_type": "indicates", "source_ref": "indicator--e010325c-9b35-4bc5-b072-24586ede89b8", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e3031f9b-0ce0-43da-8589-8d8d2e74304c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.623677Z", "modified": "2026-06-02T15:57:32.623677Z", "relationship_type": "indicates", "source_ref": "indicator--898305cf-0372-47d1-b834-bee1f2959b9b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b516e24e-6273-416e-a5a2-cc68dd86ba7b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.625186Z", "modified": "2026-06-02T15:57:32.625186Z", "relationship_type": "indicates", "source_ref": "indicator--82ad2635-6b5f-40f4-bb4a-43165726f8c5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--31735d03-9e70-4db8-8526-d114645927fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.626508Z", "modified": "2026-06-02T15:57:32.626508Z", "relationship_type": "indicates", "source_ref": "indicator--5101fa67-3574-46b4-b400-8d7374b995f4", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a8a633a2-063a-4233-86d6-21de2757a820", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.627753Z", "modified": "2026-06-02T15:57:32.627753Z", "relationship_type": "indicates", "source_ref": "indicator--a947e291-de42-44ee-a90d-d3fa8f8542cf", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a08ff73a-d6f2-425e-b638-7b303c372a69", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.628904Z", "modified": "2026-06-02T15:57:32.628904Z", "relationship_type": "indicates", "source_ref": "indicator--9661b333-8815-4504-ad81-7b9b170fe499", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b3156bb7-4ee0-4dfc-8b68-400d8f8e288e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.630042Z", "modified": "2026-06-02T15:57:32.630042Z", "relationship_type": "indicates", "source_ref": "indicator--184b6e63-f9b9-4570-9870-d6f1e56a08e1", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3d2df166-94d1-4dcf-8afa-cf55d508d5d3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.631302Z", "modified": "2026-06-02T15:57:32.631302Z", "relationship_type": "indicates", "source_ref": "indicator--b7d1a1ab-5e59-42a8-8435-1d80578adff8", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a9e08427-70e3-4d5a-949c-b6f7d43b9dd3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.632414Z", "modified": "2026-06-02T15:57:32.632414Z", "relationship_type": "indicates", "source_ref": "indicator--400bab91-63ac-44f7-be4b-0c062f85a4a0", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7061592c-486f-4604-8c5a-e99a5e4f5a68", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.633487Z", "modified": "2026-06-02T15:57:32.633487Z", "relationship_type": "indicates", "source_ref": "indicator--0b49224f-4fa4-4c95-a4c7-e4108cf59766", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4f9ef1bf-ff6e-43cb-ba48-0fa2d7d58e0c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.634566Z", "modified": "2026-06-02T15:57:32.634566Z", "relationship_type": "indicates", "source_ref": "indicator--dcb476d1-b758-44bf-ac96-3d28286cc137", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--915856d5-a8e7-48f8-8022-06feee38624e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.635587Z", "modified": "2026-06-02T15:57:32.635587Z", "relationship_type": "indicates", "source_ref": "indicator--327997e8-0402-433c-92e7-eb095c434ab2", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4f579adf-5a46-4965-b8c3-4c646c621489", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.636596Z", "modified": "2026-06-02T15:57:32.636596Z", "relationship_type": "indicates", "source_ref": "indicator--e4e2f6b6-1c28-4f74-a237-d1a85a1a87ce", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cce954d5-58e3-4031-99c7-d397b6ad7ccf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.637651Z", "modified": "2026-06-02T15:57:32.637651Z", "relationship_type": "indicates", "source_ref": "indicator--87a2f0f7-e856-4151-b0de-ce3f211ef896", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f3f7db23-06d5-4a80-8609-4a6e412c2280", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.638874Z", "modified": "2026-06-02T15:57:32.638874Z", "relationship_type": "indicates", "source_ref": "indicator--94d2827d-2c32-489f-93ba-bd2b25818ae2", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d7252a47-1786-4d55-a7da-9fb07667067c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.639959Z", "modified": "2026-06-02T15:57:32.639959Z", "relationship_type": "indicates", "source_ref": "indicator--21897d1f-f726-4636-8571-267d20f9fa59", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b1d53fa7-d739-45b8-bc49-d8e388c11b5b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.641119Z", "modified": "2026-06-02T15:57:32.641119Z", "relationship_type": "indicates", "source_ref": "indicator--208ad613-fce0-46d0-864b-811d2b4c3ccf", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--151d9e87-3884-4d5c-9392-debd1e34fcc1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.642217Z", "modified": "2026-06-02T15:57:32.642217Z", "relationship_type": "indicates", "source_ref": "indicator--8219f108-6f02-4538-9315-3ab6fda6c16c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--da8d37f9-9be7-44c4-a98b-4a46391b710e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.643312Z", "modified": "2026-06-02T15:57:32.643312Z", "relationship_type": "indicates", "source_ref": "indicator--09466bbe-e7b2-4c77-90fb-289d835ab311", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b2b365fb-e451-4795-8d95-a760ac561fc0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.645275Z", "modified": "2026-06-02T15:57:32.645275Z", "relationship_type": "indicates", "source_ref": "indicator--75363d44-e011-4191-9f4b-cd33ca0b1bd2", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c838eedb-0f0f-4dfd-b813-ccfb303dd2e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.646513Z", "modified": "2026-06-02T15:57:32.646513Z", "relationship_type": "indicates", "source_ref": "indicator--2e105df6-4d55-44f7-a187-9d93e8d248f5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--add9b68b-1b32-4d90-b544-8248f70adff1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.647822Z", "modified": "2026-06-02T15:57:32.647822Z", "relationship_type": "indicates", "source_ref": "indicator--6988bc4f-d13f-4d04-995f-56b9051a9666", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--abb07f57-e7ac-4d71-b7b0-a67bb0e92b86", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.648931Z", "modified": "2026-06-02T15:57:32.648931Z", "relationship_type": "indicates", "source_ref": "indicator--695c2a4c-1446-4095-ab7f-e41915c863d7", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--26839c92-c90d-45d0-a323-2ea21e9547eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.650003Z", "modified": "2026-06-02T15:57:32.650003Z", "relationship_type": "indicates", "source_ref": "indicator--eb33d804-3b2a-4128-b351-4fee84574e7d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3f0078a5-ce1e-4986-a0dc-50ae7b4bed2e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.651068Z", "modified": "2026-06-02T15:57:32.651068Z", "relationship_type": "indicates", "source_ref": "indicator--b756bf21-6ad3-4e8e-b88f-afab6db4ad1f", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2e969d4d-1cce-4397-aba8-82892e0a695a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.652153Z", "modified": "2026-06-02T15:57:32.652153Z", "relationship_type": "indicates", "source_ref": "indicator--f0fa7ad1-68c2-406c-bd09-537e57f4f5ec", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f9bcb390-d7ec-4bfa-af1a-e5bf2d664248", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.65322Z", "modified": "2026-06-02T15:57:32.65322Z", "relationship_type": "indicates", "source_ref": "indicator--c8af3588-1138-496f-ba53-b952483a3fdd", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--83d8e14a-b566-4274-9935-20097ab75c7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.654273Z", "modified": "2026-06-02T15:57:32.654273Z", "relationship_type": "indicates", "source_ref": "indicator--7fb58637-abd1-426d-9585-9717300ea02a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f6deb556-07da-4a05-8712-524428251f6d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.6555Z", "modified": "2026-06-02T15:57:32.6555Z", "relationship_type": "indicates", "source_ref": "indicator--0c1e49d7-1f37-4797-9f0b-9fcb1fd9a9f8", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--986aab1c-d5cc-4c6b-8b3f-0598dd99ad4c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.656572Z", "modified": "2026-06-02T15:57:32.656572Z", "relationship_type": "indicates", "source_ref": "indicator--a2d6ffda-c80d-48ca-bdf2-adae2fd042be", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eddd3fd7-9da8-4ecf-9ac1-0ea9cefd1445", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.657638Z", "modified": "2026-06-02T15:57:32.657638Z", "relationship_type": "indicates", "source_ref": "indicator--9346c1f0-3274-4f19-9c8a-b9bf1cac9d97", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--65958803-562d-4a2e-8839-74181ef43380", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.658686Z", "modified": "2026-06-02T15:57:32.658686Z", "relationship_type": "indicates", "source_ref": "indicator--53504a01-1041-4898-a19b-bcbb3cf22d9b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fb11ed71-89cb-4bce-8f30-435a0e32d7eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.659775Z", "modified": "2026-06-02T15:57:32.659775Z", "relationship_type": "indicates", "source_ref": "indicator--94543ae2-34a7-4b8c-acf2-d8344274309b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--50ca23e4-a608-491e-a52b-906d4e1b6b95", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.660839Z", "modified": "2026-06-02T15:57:32.660839Z", "relationship_type": "indicates", "source_ref": "indicator--a111332c-8065-4e8f-a3de-75a01255758b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--21d9ad58-6956-47ee-8812-a742fcddcc07", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.661899Z", "modified": "2026-06-02T15:57:32.661899Z", "relationship_type": "indicates", "source_ref": "indicator--c95dc94d-e2af-4b84-b780-692737eb2470", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2031ba8f-2b56-4b66-8340-d7434a31aa93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.663114Z", "modified": "2026-06-02T15:57:32.663114Z", "relationship_type": "indicates", "source_ref": "indicator--f361c87b-866b-4358-b281-b536ed86bdfd", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--05453abf-374d-4f4d-af8c-0bce4c804333", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.664193Z", "modified": "2026-06-02T15:57:32.664193Z", "relationship_type": "indicates", "source_ref": "indicator--267c9a9b-8d20-4ece-b3ed-47241b8edc0a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4dad3234-8f78-4f0a-bf32-157b683e470d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.665247Z", "modified": "2026-06-02T15:57:32.665247Z", "relationship_type": "indicates", "source_ref": "indicator--307bfbb3-2388-4911-ac2c-d271135a258a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0540d52e-e044-41b3-a164-db229f8784d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.666303Z", "modified": "2026-06-02T15:57:32.666303Z", "relationship_type": "indicates", "source_ref": "indicator--f0196b53-c001-4de7-9476-7ce6f3d2a185", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cd8f2a93-17f7-44b2-80d7-5d5da2a156dc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.667364Z", "modified": "2026-06-02T15:57:32.667364Z", "relationship_type": "indicates", "source_ref": "indicator--91afce42-ab39-4877-ab6f-d83cbcf113bd", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2ca11909-fafa-4dc0-83de-ee93374c65c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.668425Z", "modified": "2026-06-02T15:57:32.668425Z", "relationship_type": "indicates", "source_ref": "indicator--a80ee5e6-7369-43cf-adc5-a593f8ff48fa", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ccde85bc-75f0-4c90-8e3d-3eeffa21e6d1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.669487Z", "modified": "2026-06-02T15:57:32.669487Z", "relationship_type": "indicates", "source_ref": "indicator--ef14cfdc-ba37-4177-9d1e-fb140fb7e206", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e8cb8a25-7b89-40ca-a951-e86e8a1240de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.670693Z", "modified": "2026-06-02T15:57:32.670693Z", "relationship_type": "indicates", "source_ref": "indicator--afebb3e3-fbb6-48ab-9d4e-0765be5f823a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--13a53c5e-851e-4755-835a-f399fe3bee99", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.671779Z", "modified": "2026-06-02T15:57:32.671779Z", "relationship_type": "indicates", "source_ref": "indicator--d6db0950-c7c2-4f04-a17a-2d272f7bc251", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7b0f2704-9e02-4a2e-a80a-fd67574ac8d1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.672834Z", "modified": "2026-06-02T15:57:32.672834Z", "relationship_type": "indicates", "source_ref": "indicator--08da37b3-2690-47cd-8b9d-ccbaf965511c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6bd53b53-85ed-45a3-bb89-9d077ef5fd8d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.67388Z", "modified": "2026-06-02T15:57:32.67388Z", "relationship_type": "indicates", "source_ref": "indicator--e5cfe91d-3bc1-45f3-be70-be681a7f8b91", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3c830629-41dd-4acf-b1cd-88890e7f99a1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.67493Z", "modified": "2026-06-02T15:57:32.67493Z", "relationship_type": "indicates", "source_ref": "indicator--5f8349d6-246f-49d5-bc05-3bab7041ac3e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a492141b-995f-4869-b6dc-8ea68dcfb2a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.675999Z", "modified": "2026-06-02T15:57:32.675999Z", "relationship_type": "indicates", "source_ref": "indicator--ac8d05cd-83b7-4182-bd3d-51de4e920219", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f1588648-b8fb-4da3-aa0b-05456b951199", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.677054Z", "modified": "2026-06-02T15:57:32.677054Z", "relationship_type": "indicates", "source_ref": "indicator--b16a993f-deef-451d-ab22-1f1c0f1f4372", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5bd586af-f10e-4feb-9364-0c625e283511", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.678253Z", "modified": "2026-06-02T15:57:32.678253Z", "relationship_type": "indicates", "source_ref": "indicator--ac80af90-624f-481f-808c-0e9efdca1507", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c1338eda-e8b0-4aac-8fbf-e6bf9299b14b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.679323Z", "modified": "2026-06-02T15:57:32.679323Z", "relationship_type": "indicates", "source_ref": "indicator--dbaa6fcc-e4c0-4a63-914d-4d182de4579b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--74289352-1403-4a9a-bdd9-4fd92f45d0f4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.680379Z", "modified": "2026-06-02T15:57:32.680379Z", "relationship_type": "indicates", "source_ref": "indicator--ae839d45-8ff1-438f-a8e6-37fdf707e3c1", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2b861ccb-039a-41e4-af6a-5454b0d00c87", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.681445Z", "modified": "2026-06-02T15:57:32.681445Z", "relationship_type": "indicates", "source_ref": "indicator--f6ab1c82-209b-4a9b-85d1-42885789fc8f", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2775c89f-1437-46de-b695-6dbb24058d2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.682506Z", "modified": "2026-06-02T15:57:32.682506Z", "relationship_type": "indicates", "source_ref": "indicator--040a3746-08cd-4464-91e0-7be853c9b793", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--09a1e7c5-7b84-4438-9306-1440ec01d99a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.683581Z", "modified": "2026-06-02T15:57:32.683581Z", "relationship_type": "indicates", "source_ref": "indicator--db62ef8f-3af5-4e18-9389-e2837daad0a6", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--404e8690-bda6-4bd4-b59c-efe98284a746", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.684647Z", "modified": "2026-06-02T15:57:32.684647Z", "relationship_type": "indicates", "source_ref": "indicator--93187731-a9ce-4231-a23d-314bc7932f4c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2c31e77e-3c7f-49f0-9cb0-d0accd53969c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.685857Z", "modified": "2026-06-02T15:57:32.685857Z", "relationship_type": "indicates", "source_ref": "indicator--49136c93-b3a5-4bd7-b31d-e204a4a70ee2", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d6b16df8-ed36-49dc-a181-e235d3e08771", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.68692Z", "modified": "2026-06-02T15:57:32.68692Z", "relationship_type": "indicates", "source_ref": "indicator--e0382bd0-fee3-48e2-800e-ab0d7950f730", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--937b62ce-9772-47e3-be80-b934499f5c0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.687991Z", "modified": "2026-06-02T15:57:32.687991Z", "relationship_type": "indicates", "source_ref": "indicator--e25097e6-9b47-4f0c-abca-d5d7a98a7e3e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--25fbea24-8276-4cff-b24a-a44bc5cfea93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.689071Z", "modified": "2026-06-02T15:57:32.689071Z", "relationship_type": "indicates", "source_ref": "indicator--b7985c9a-6c57-4ed0-b51d-4d21662021a8", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e3e2ef81-52ce-4433-811e-b065327a0c8f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.690129Z", "modified": "2026-06-02T15:57:32.690129Z", "relationship_type": "indicates", "source_ref": "indicator--8ddbd267-98e9-4228-801b-0e35245557ec", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5f5cc68e-1cd9-4dbf-a59d-646a7d1a0aba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.691193Z", "modified": "2026-06-02T15:57:32.691193Z", "relationship_type": "indicates", "source_ref": "indicator--d4cde65b-fd60-4e4b-8acf-19b655f1ad27", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b4ee3e64-0949-4154-be0f-11af64eb1436", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.692249Z", "modified": "2026-06-02T15:57:32.692249Z", "relationship_type": "indicates", "source_ref": "indicator--56fed766-8c3d-4fad-a3bf-f0bcdb59a2cd", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c6fb42c0-57bc-4b13-9d5f-366718561618", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.693457Z", "modified": "2026-06-02T15:57:32.693457Z", "relationship_type": "indicates", "source_ref": "indicator--eca2c61d-88a6-45ea-ab0c-7e36956d276a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--13851c01-aeb0-4efb-ac98-c60145e9dec0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.694528Z", "modified": "2026-06-02T15:57:32.694528Z", "relationship_type": "indicates", "source_ref": "indicator--f94a29e0-c055-489f-8ef6-673980ea4e47", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3679dd85-cf05-4af7-bff2-d8e98500944b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.695592Z", "modified": "2026-06-02T15:57:32.695592Z", "relationship_type": "indicates", "source_ref": "indicator--4fcddf81-306c-4a06-b23f-bfccfac29c3e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4a037c29-83b1-4183-bc7f-d53bb492bdae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.696652Z", "modified": "2026-06-02T15:57:32.696652Z", "relationship_type": "indicates", "source_ref": "indicator--18145dc8-8921-481d-943f-4f89a6d48faa", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cd25ac34-cb0f-4c4f-a6a6-766a8577aa49", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.697709Z", "modified": "2026-06-02T15:57:32.697709Z", "relationship_type": "indicates", "source_ref": "indicator--20a1adb5-c4cd-4b9d-913b-6959037b307e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--27ee6079-a4c8-47a7-8c21-4fa7e59b2447", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.698761Z", "modified": "2026-06-02T15:57:32.698761Z", "relationship_type": "indicates", "source_ref": "indicator--59ed550d-878c-4fdb-8811-14246e7a2597", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8c0f0ca6-ea18-4033-994d-ba00529d039b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.699839Z", "modified": "2026-06-02T15:57:32.699839Z", "relationship_type": "indicates", "source_ref": "indicator--3e77a855-23b2-4dd5-a8f0-92e01ffb0c02", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e6fa28b6-755a-455b-a695-c5ef1dbf7752", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.701041Z", "modified": "2026-06-02T15:57:32.701041Z", "relationship_type": "indicates", "source_ref": "indicator--775a871c-dbbb-4e2c-b1ce-4eb63f15e95c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f0acb532-83db-4ef9-ba3f-963be04fc6cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.702107Z", "modified": "2026-06-02T15:57:32.702107Z", "relationship_type": "indicates", "source_ref": "indicator--efbf0246-9f8e-4314-a8c5-009a73bdc882", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a34de33f-fe9b-41d5-b195-9e71389c27c2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.70318Z", "modified": "2026-06-02T15:57:32.70318Z", "relationship_type": "indicates", "source_ref": "indicator--42bd5453-1835-4656-b7b2-93491f5ce479", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--83d30a55-3122-426c-92a7-e6c1d2ab13cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.704277Z", "modified": "2026-06-02T15:57:32.704277Z", "relationship_type": "indicates", "source_ref": "indicator--24b0b886-7d37-4496-8797-3c305ad01dab", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--def01d53-75f6-4b94-ac75-31f2d45724ab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.705349Z", "modified": "2026-06-02T15:57:32.705349Z", "relationship_type": "indicates", "source_ref": "indicator--3a10c65f-7cff-4bdc-93a1-9e4856e78005", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3993e8d0-9124-4d13-b709-c1cee6e57942", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.706409Z", "modified": "2026-06-02T15:57:32.706409Z", "relationship_type": "indicates", "source_ref": "indicator--408d73e6-c75d-438c-95cf-49093ea772a5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--12324120-4498-4eb9-9690-f91df10af163", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.707513Z", "modified": "2026-06-02T15:57:32.707513Z", "relationship_type": "indicates", "source_ref": "indicator--a58a3bc9-fd9d-466b-97c4-3ce8666381db", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef2c1667-b237-47be-b813-0649e369d5f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.708824Z", "modified": "2026-06-02T15:57:32.708824Z", "relationship_type": "indicates", "source_ref": "indicator--af3c72d5-20cb-48e8-9e2c-c9e47539906f", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1b6fbadd-1b22-4ebc-883f-7637d9c80b88", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.709921Z", "modified": "2026-06-02T15:57:32.709921Z", "relationship_type": "indicates", "source_ref": "indicator--cf01aad2-8eff-484b-9df0-169ef41fb73e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--58d6b6d6-c679-4383-b8dc-300670bcc898", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.711005Z", "modified": "2026-06-02T15:57:32.711005Z", "relationship_type": "indicates", "source_ref": "indicator--95856fc1-18c7-4d96-bc71-4edd566d04a5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ab381462-33a1-4fdc-83ff-b70524e67936", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.712091Z", "modified": "2026-06-02T15:57:32.712091Z", "relationship_type": "indicates", "source_ref": "indicator--2f00f313-1213-44e8-a66c-03afa942f5ec", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--53b0d546-d7dd-41c6-80cd-8c9bb4f0fc0b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.713148Z", "modified": "2026-06-02T15:57:32.713148Z", "relationship_type": "indicates", "source_ref": "indicator--ce1ec2b7-e7f9-4cbb-9c22-857e969965c0", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7d21dcd7-7bf9-42e0-9002-be72c7499f0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.714209Z", "modified": "2026-06-02T15:57:32.714209Z", "relationship_type": "indicates", "source_ref": "indicator--b5c49b25-314f-421e-a081-1a2446f8b96b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--631678be-56fe-45b6-9ebc-97559aff370b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.715297Z", "modified": "2026-06-02T15:57:32.715297Z", "relationship_type": "indicates", "source_ref": "indicator--2813bb3b-4ab8-4478-bff2-494e65f6e669", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a677de64-6512-4035-939f-5d9b45b7d1af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.717607Z", "modified": "2026-06-02T15:57:32.717607Z", "relationship_type": "indicates", "source_ref": "indicator--19d9bd7b-1843-46bb-855f-4a6e9d647864", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7b95193c-c956-4232-b01b-fd2af215f7c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.718797Z", "modified": "2026-06-02T15:57:32.718797Z", "relationship_type": "indicates", "source_ref": "indicator--484ece5e-1d82-4caf-a211-c93ea9509e30", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ead4db74-d5cb-4926-a0f3-ade8557ffc88", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.719919Z", "modified": "2026-06-02T15:57:32.719919Z", "relationship_type": "indicates", "source_ref": "indicator--9fe5ba98-d5d4-44f4-aabb-eb9fbae2a1ff", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1173cf3e-607c-4c76-aefa-7352bd2a21ab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.720998Z", "modified": "2026-06-02T15:57:32.720998Z", "relationship_type": "indicates", "source_ref": "indicator--a9445c64-ce13-4aa4-b24e-fe3a9a14e765", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--70bf3221-751e-43c3-b80a-964ba22fd7fe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.722077Z", "modified": "2026-06-02T15:57:32.722077Z", "relationship_type": "indicates", "source_ref": "indicator--7169b249-a22e-4862-9d8a-d8672420cdb6", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--93ee3cc1-43fc-475e-a51a-03c7d019ebe4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.723151Z", "modified": "2026-06-02T15:57:32.723151Z", "relationship_type": "indicates", "source_ref": "indicator--45476812-4f9e-4fc1-9493-8b50a8f887ce", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--df945072-c570-4b89-a4a6-4f21ba277ca5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.724225Z", "modified": "2026-06-02T15:57:32.724225Z", "relationship_type": "indicates", "source_ref": "indicator--85527233-73ce-491e-b052-59f37d2c2092", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a7748b9a-5352-40ce-b838-88f1c5f19cba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.725448Z", "modified": "2026-06-02T15:57:32.725448Z", "relationship_type": "indicates", "source_ref": "indicator--9dc21a79-3d6b-40f2-92f9-96fe240ca22f", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--af023a49-4eba-45c7-b5b1-acc32543f3a3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.726521Z", "modified": "2026-06-02T15:57:32.726521Z", "relationship_type": "indicates", "source_ref": "indicator--a9c1a39d-e0f9-459c-aff1-ff1955152c79", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--08a458a3-7a2d-48d8-820a-46ae9130df0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.727602Z", "modified": "2026-06-02T15:57:32.727602Z", "relationship_type": "indicates", "source_ref": "indicator--96b66d5f-0527-4f94-92c0-5fe3da222df1", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1c584b70-817c-4582-bf8b-9a0059539994", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.728666Z", "modified": "2026-06-02T15:57:32.728666Z", "relationship_type": "indicates", "source_ref": "indicator--8966418f-7d0f-45a0-a049-5641a9a29ca9", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fc20a8f6-4d0f-4dce-b686-844486963ae2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.729735Z", "modified": "2026-06-02T15:57:32.729735Z", "relationship_type": "indicates", "source_ref": "indicator--d9b70b9f-49ae-4f7d-ab3e-3ab61d4c5878", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--82d4f9d7-13ef-4d60-95f2-f05b90f727ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.730797Z", "modified": "2026-06-02T15:57:32.730797Z", "relationship_type": "indicates", "source_ref": "indicator--2a29ed31-47b6-4f12-88f7-0af2d905669f", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1b40c400-7d31-436d-8336-3661c070fc6a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.731865Z", "modified": "2026-06-02T15:57:32.731865Z", "relationship_type": "indicates", "source_ref": "indicator--e36b413a-646e-4f85-81ee-efc3eeee4c0c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--de6fb14b-a2ba-45ab-98f9-0acc95a7d330", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.733079Z", "modified": "2026-06-02T15:57:32.733079Z", "relationship_type": "indicates", "source_ref": "indicator--e8c78390-e053-4ef2-91bd-05d32ad19c6e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b0655726-1b0a-4258-81b5-4ec768eb3000", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.734155Z", "modified": "2026-06-02T15:57:32.734155Z", "relationship_type": "indicates", "source_ref": "indicator--bfcc5742-5ed3-408f-ba46-1f62c38fb59c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--328ef7a1-dafc-451c-8bbc-c3267bb9183b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.735227Z", "modified": "2026-06-02T15:57:32.735227Z", "relationship_type": "indicates", "source_ref": "indicator--eae0b98f-ef37-42dd-8b02-122212e3112a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6825a45f-ded2-4115-8c85-2c6434972ee3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.736298Z", "modified": "2026-06-02T15:57:32.736298Z", "relationship_type": "indicates", "source_ref": "indicator--f7e2aff6-d8c2-468d-97cb-9ddd73433c67", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a67bde39-b7b2-4a28-99c5-7e19c09e8cc3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.737345Z", "modified": "2026-06-02T15:57:32.737345Z", "relationship_type": "indicates", "source_ref": "indicator--9d7ed8be-5b89-4ffd-9826-d10a0cd52ac0", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f389cb61-dcea-44da-a881-a0566165edc4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.738397Z", "modified": "2026-06-02T15:57:32.738397Z", "relationship_type": "indicates", "source_ref": "indicator--784d3f25-e3d4-49f0-9e70-0004b3e71888", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8d1d2030-0708-4b68-926f-fa011aa9a987", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.73946Z", "modified": "2026-06-02T15:57:32.73946Z", "relationship_type": "indicates", "source_ref": "indicator--c7982f94-5325-412c-b5d6-efd8ef0629f7", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4da225f0-3c5b-4397-a9cd-4287f01da29c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.740665Z", "modified": "2026-06-02T15:57:32.740665Z", "relationship_type": "indicates", "source_ref": "indicator--b75601b7-4f34-432d-88ca-8bab710d7623", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef365fa2-9eab-42d8-87e9-22d88f0fdba8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.741731Z", "modified": "2026-06-02T15:57:32.741731Z", "relationship_type": "indicates", "source_ref": "indicator--268275e7-e81b-41bb-b354-456bd1e2a14e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1688c59f-10e9-45d4-a23e-f531b3930748", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.742796Z", "modified": "2026-06-02T15:57:32.742796Z", "relationship_type": "indicates", "source_ref": "indicator--fc4b1737-e5f4-4809-b969-53ebd5691d55", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--af999231-806a-4317-8d1f-4c48a639b4b9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.743859Z", "modified": "2026-06-02T15:57:32.743859Z", "relationship_type": "indicates", "source_ref": "indicator--1e182d00-cc31-4146-ba13-f2b4248c4399", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bdb360bc-6c74-4f30-b277-c46c2f27968d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.744909Z", "modified": "2026-06-02T15:57:32.744909Z", "relationship_type": "indicates", "source_ref": "indicator--e83badda-f935-4732-a5a0-766d3235cfb3", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6e810be2-3fac-415e-b841-4e9e0e7579dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.746141Z", "modified": "2026-06-02T15:57:32.746141Z", "relationship_type": "indicates", "source_ref": "indicator--b6410c99-e627-45e9-9b80-ca2bd9424a61", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bab464aa-8781-4571-8d9a-821bd77b3792", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.74725Z", "modified": "2026-06-02T15:57:32.74725Z", "relationship_type": "indicates", "source_ref": "indicator--64be4c70-a04b-47a7-b15d-851e2760f80b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9595afe1-4a84-4aa1-8e03-0c8f2dd0a66b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.748517Z", "modified": "2026-06-02T15:57:32.748517Z", "relationship_type": "indicates", "source_ref": "indicator--71548859-541c-4289-a53d-14e9a5b53422", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e1a3b72d-0e89-40d8-b406-bb6034abf494", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.749618Z", "modified": "2026-06-02T15:57:32.749618Z", "relationship_type": "indicates", "source_ref": "indicator--d4a4f542-f2d5-466a-81cf-72dcd563cab0", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--43896d2b-f506-490e-a365-4bf4e70c35af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.750679Z", "modified": "2026-06-02T15:57:32.750679Z", "relationship_type": "indicates", "source_ref": "indicator--dd1ebad1-b0e4-4104-ab68-53158b862519", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--29805428-16d8-4e21-9492-019028b95b99", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.751754Z", "modified": "2026-06-02T15:57:32.751754Z", "relationship_type": "indicates", "source_ref": "indicator--81c7d1ef-a7bb-41f6-8763-ae4102acc8dc", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e2bf45db-83f1-48f2-9d94-0cd2f45ae879", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.752806Z", "modified": "2026-06-02T15:57:32.752806Z", "relationship_type": "indicates", "source_ref": "indicator--afcb3676-4f97-4a3f-a957-ba0cf53f2b5e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fa6f588a-671b-456c-92d5-f502dd952822", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.75386Z", "modified": "2026-06-02T15:57:32.75386Z", "relationship_type": "indicates", "source_ref": "indicator--37a4eb8b-ea0f-45ad-8fec-932681ab31b8", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--98f6afcc-af56-4b60-8b5f-8511ed11b8b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.754929Z", "modified": "2026-06-02T15:57:32.754929Z", "relationship_type": "indicates", "source_ref": "indicator--6cd57df8-b967-4c82-ac38-a4b915bc10a1", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--be98a440-0208-4462-9dd2-a2b9cb640af2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.75615Z", "modified": "2026-06-02T15:57:32.75615Z", "relationship_type": "indicates", "source_ref": "indicator--a2bbbb24-e370-4924-9264-d659df7dce33", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fe25a47d-f245-4103-9b8a-e3bf2dbbd80c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.757218Z", "modified": "2026-06-02T15:57:32.757218Z", "relationship_type": "indicates", "source_ref": "indicator--f26d6b8e-342e-4db6-9b41-3afba6e8d81c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6a610929-b473-42b6-a78c-3ca3f2f6b0f4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.758269Z", "modified": "2026-06-02T15:57:32.758269Z", "relationship_type": "indicates", "source_ref": "indicator--179d596b-21b9-471b-825b-9249ec0ffd88", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--54ee7a12-64d7-4b30-9543-faaca59b2eef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.759331Z", "modified": "2026-06-02T15:57:32.759331Z", "relationship_type": "indicates", "source_ref": "indicator--45f3f810-41ef-4ac3-8043-1f8822b63b36", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aa98aee2-1461-4bd6-9ffc-ab5719cd5463", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.760429Z", "modified": "2026-06-02T15:57:32.760429Z", "relationship_type": "indicates", "source_ref": "indicator--f5c5d66a-595c-442e-9632-57b8aa78b005", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6d414c1a-0c50-4be8-a3d4-a246f3703270", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.761499Z", "modified": "2026-06-02T15:57:32.761499Z", "relationship_type": "indicates", "source_ref": "indicator--ac13cc14-4e9a-46de-972c-0de75ebdd33f", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f4d1c5d1-66aa-407d-b6eb-6b0c7c8de2b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.762564Z", "modified": "2026-06-02T15:57:32.762564Z", "relationship_type": "indicates", "source_ref": "indicator--a2519f4d-ee95-4c7d-85e6-17dddb57a79b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cebc802f-e4c1-4ced-b988-e9e8fb2a55a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.763802Z", "modified": "2026-06-02T15:57:32.763802Z", "relationship_type": "indicates", "source_ref": "indicator--7131a8e6-fec0-4535-ad97-1274e82c3969", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c3608587-cdd9-40db-b45d-8eb60db6481b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.76488Z", "modified": "2026-06-02T15:57:32.76488Z", "relationship_type": "indicates", "source_ref": "indicator--1f8f34d1-2c22-4017-a900-b386a4907960", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f20da4af-23e8-470f-93ee-1d42e64f81a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.765936Z", "modified": "2026-06-02T15:57:32.765936Z", "relationship_type": "indicates", "source_ref": "indicator--fb3af415-6297-40e0-8427-28f9354cc6fc", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2dd891d5-472b-4552-92ed-58644b4adac4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.767002Z", "modified": "2026-06-02T15:57:32.767002Z", "relationship_type": "indicates", "source_ref": "indicator--dd2a8ae0-faba-40ef-b23f-5960eab6bd52", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cb88d176-e3ab-4b10-82ff-9f0dceb4fb93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.768071Z", "modified": "2026-06-02T15:57:32.768071Z", "relationship_type": "indicates", "source_ref": "indicator--f6dbbcf0-00a7-48c6-ab9c-3f850d121553", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e2b7bd30-7146-4a98-a621-d91251f0fc35", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.769118Z", "modified": "2026-06-02T15:57:32.769118Z", "relationship_type": "indicates", "source_ref": "indicator--3a97063d-4a42-4b3f-a6b7-52f4e05b6ff1", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9b6b586d-fff5-46a9-a89c-32c0950a7f94", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.770166Z", "modified": "2026-06-02T15:57:32.770166Z", "relationship_type": "indicates", "source_ref": "indicator--967a1c03-52ec-4e43-9d19-b9ecc6babba4", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c13443fe-e4e7-4c2b-934e-0cfc5453c0ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.771392Z", "modified": "2026-06-02T15:57:32.771392Z", "relationship_type": "indicates", "source_ref": "indicator--0ec973e2-af17-4e5b-9d78-0bf491d57cf1", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2691e8cb-db1c-4a64-a708-29b4cf26dd00", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.772475Z", "modified": "2026-06-02T15:57:32.772475Z", "relationship_type": "indicates", "source_ref": "indicator--a6651f85-a027-4a48-bb8b-ced25e736321", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8229815a-b68d-4eaa-a27b-8acdde996eb0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.77353Z", "modified": "2026-06-02T15:57:32.77353Z", "relationship_type": "indicates", "source_ref": "indicator--8a204708-9bfe-4e84-9e0e-90b7d54cf767", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b46e9d54-b0be-4fe1-b5d1-6939e765a66c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.774587Z", "modified": "2026-06-02T15:57:32.774587Z", "relationship_type": "indicates", "source_ref": "indicator--c1d8d2f5-a7fe-46ff-940b-c118411f2f91", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5a4a6ecf-5b7c-4cdb-80fc-87fea678ceaf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.775648Z", "modified": "2026-06-02T15:57:32.775648Z", "relationship_type": "indicates", "source_ref": "indicator--09ae6497-01b1-4c95-936c-9b2dac820494", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d6418308-40fd-4256-91af-02d97b804d6d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.776692Z", "modified": "2026-06-02T15:57:32.776692Z", "relationship_type": "indicates", "source_ref": "indicator--51b099f9-b49d-43ee-bd52-58e53323b897", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8f8ef5d0-d757-4497-af0d-ac2374f59498", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.777743Z", "modified": "2026-06-02T15:57:32.777743Z", "relationship_type": "indicates", "source_ref": "indicator--ec79193c-25f9-4263-8585-aeb0c10b9224", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cfc0fcd3-9308-4794-a4d6-9e926af830e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.778947Z", "modified": "2026-06-02T15:57:32.778947Z", "relationship_type": "indicates", "source_ref": "indicator--dba196f7-45f7-4e94-a93b-522c0945931a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--80de05c5-4a35-4a9e-b022-754579336a31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.780026Z", "modified": "2026-06-02T15:57:32.780026Z", "relationship_type": "indicates", "source_ref": "indicator--d26c46ce-6484-4ea8-8053-73c24c5787e5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0fe3cf2b-2db5-460e-934b-4af3d9c36976", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.781075Z", "modified": "2026-06-02T15:57:32.781075Z", "relationship_type": "indicates", "source_ref": "indicator--ddd20d9c-af2b-422e-8fa7-4c8989d7d103", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5b9f6f46-aee5-4417-99e9-fd58cb93c9c9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.782126Z", "modified": "2026-06-02T15:57:32.782126Z", "relationship_type": "indicates", "source_ref": "indicator--f86fc16c-5f69-4763-9650-86e8d5409208", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d75cacd5-3384-4d20-9d66-f5c21e4c462e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.783208Z", "modified": "2026-06-02T15:57:32.783208Z", "relationship_type": "indicates", "source_ref": "indicator--1715d83c-638a-44eb-b3f2-9d239491f321", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0e5bba5c-c72d-43d3-9a59-27fec9607f6a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.784285Z", "modified": "2026-06-02T15:57:32.784285Z", "relationship_type": "indicates", "source_ref": "indicator--c0d0d28c-ce07-424a-8452-396003cb72eb", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--635de190-fd0e-4d77-b775-27490e1a924f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.785352Z", "modified": "2026-06-02T15:57:32.785352Z", "relationship_type": "indicates", "source_ref": "indicator--76190b18-6205-4755-b825-dbda8bba5d31", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7a7d538c-92c9-4238-bf1b-5ecadff8227a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.786558Z", "modified": "2026-06-02T15:57:32.786558Z", "relationship_type": "indicates", "source_ref": "indicator--d9d71a68-65b3-47b5-ba5c-4dcafeae235c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--80df2845-9f14-48d7-8825-5e2ab52cc39a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.787691Z", "modified": "2026-06-02T15:57:32.787691Z", "relationship_type": "indicates", "source_ref": "indicator--562cb471-8019-492e-ada2-e3f93b5732f5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ce4f35bc-4cef-4218-8b70-00bcc7f4b0a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.788755Z", "modified": "2026-06-02T15:57:32.788755Z", "relationship_type": "indicates", "source_ref": "indicator--94772068-56a7-47c9-a2f3-ff6bb13c6d4b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1eb52fc6-37a6-4a4f-845d-0bdb8f32468c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.789816Z", "modified": "2026-06-02T15:57:32.789816Z", "relationship_type": "indicates", "source_ref": "indicator--ec2551bf-d5c1-46c8-ac96-2397d50aa23d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--23192066-293a-4ba5-a4d0-d1717b789245", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.790867Z", "modified": "2026-06-02T15:57:32.790867Z", "relationship_type": "indicates", "source_ref": "indicator--a682ca0c-f8f0-4300-ade1-c5d5f6d3de9d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--013a8e13-7240-4b4e-b0cb-cda8aac7641d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.791942Z", "modified": "2026-06-02T15:57:32.791942Z", "relationship_type": "indicates", "source_ref": "indicator--a6886ac6-3ab4-497b-9e4c-d297d1ac7fc4", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5ab26726-6c15-4be7-b745-1eb715f4ed61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.792999Z", "modified": "2026-06-02T15:57:32.792999Z", "relationship_type": "indicates", "source_ref": "indicator--47cac493-f598-41b1-b6be-d3b7d6522841", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--618ff64b-e531-4b15-9d13-1e7cd26231d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.794202Z", "modified": "2026-06-02T15:57:32.794202Z", "relationship_type": "indicates", "source_ref": "indicator--9a0819aa-60eb-4655-b0b6-43f196fe1d51", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc542906-bf41-4101-8d89-85f79d271a27", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.795275Z", "modified": "2026-06-02T15:57:32.795275Z", "relationship_type": "indicates", "source_ref": "indicator--2659cdfc-6dc0-478f-9602-d88e63a917a5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d5c88a39-918b-4193-93cb-6aa091d6c4a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.796335Z", "modified": "2026-06-02T15:57:32.796335Z", "relationship_type": "indicates", "source_ref": "indicator--cbc66d2d-cafe-486e-bc7c-a9ef2dd7cfa9", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--abfe6b43-dcb4-4d32-b110-c3abec9c81c7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.797385Z", "modified": "2026-06-02T15:57:32.797385Z", "relationship_type": "indicates", "source_ref": "indicator--8cba291c-c117-4424-a7ac-3aba7ecf901f", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f24e8444-3030-40d9-b1cd-342de8478fbb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.798442Z", "modified": "2026-06-02T15:57:32.798442Z", "relationship_type": "indicates", "source_ref": "indicator--f04780dc-1d33-4161-9107-9090ddcef343", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d0469adf-f057-4be9-9511-48f106a64893", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.799546Z", "modified": "2026-06-02T15:57:32.799546Z", "relationship_type": "indicates", "source_ref": "indicator--7378f86a-63d0-402f-8ca0-d0a3cd1139d4", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8e99d99f-0918-48b9-a97e-a032de7e9bee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.80062Z", "modified": "2026-06-02T15:57:32.80062Z", "relationship_type": "indicates", "source_ref": "indicator--c3a25f46-d9e7-474c-b620-cedf4e226ef3", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--84857a44-85ce-487e-bea6-a6b40427d596", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.801847Z", "modified": "2026-06-02T15:57:32.801847Z", "relationship_type": "indicates", "source_ref": "indicator--c7e886f6-6cd8-4671-a18b-0e5cc77351b1", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--953fd5bb-b4d5-47ce-80d1-3cf2fbb47c22", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.802922Z", "modified": "2026-06-02T15:57:32.802922Z", "relationship_type": "indicates", "source_ref": "indicator--33dd0a8f-37c3-4789-97fa-04033c07e160", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e188d37b-df8a-4d24-91f0-95b940253642", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.803995Z", "modified": "2026-06-02T15:57:32.803995Z", "relationship_type": "indicates", "source_ref": "indicator--b1015265-8bb9-4b55-9ab3-22ce95e3e64c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c0da93bf-b411-4f4b-9817-668ffe299f87", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.805057Z", "modified": "2026-06-02T15:57:32.805057Z", "relationship_type": "indicates", "source_ref": "indicator--2db34fe5-d97c-4188-a35f-c73b78107979", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0be87d6e-534b-4425-b175-2bff45d84cc3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.806113Z", "modified": "2026-06-02T15:57:32.806113Z", "relationship_type": "indicates", "source_ref": "indicator--e4426dc1-54d9-4f8c-99d2-798d4cf307cc", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b57c4e32-f7f2-4b4b-8975-2186f2f066f7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.807173Z", "modified": "2026-06-02T15:57:32.807173Z", "relationship_type": "indicates", "source_ref": "indicator--7c036782-8918-4fbb-871c-0f4f1d27ae54", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--50f3a011-4d5d-4208-8852-12653a342309", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.80824Z", "modified": "2026-06-02T15:57:32.80824Z", "relationship_type": "indicates", "source_ref": "indicator--a5829a9b-ae27-4f26-a301-9ec497d2b2a5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d81ad7bd-ffc2-49fb-b614-9370bb38a176", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.810482Z", "modified": "2026-06-02T15:57:32.810482Z", "relationship_type": "indicates", "source_ref": "indicator--5d65c466-690d-478d-8c2e-bd975c60d750", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dd0eb710-7925-4400-ae7d-da0a752fc7cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.811682Z", "modified": "2026-06-02T15:57:32.811682Z", "relationship_type": "indicates", "source_ref": "indicator--32be4793-3a9d-4440-964c-550d935e7d17", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1d914894-4e9e-41d9-84d1-14de62d65b12", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.812784Z", "modified": "2026-06-02T15:57:32.812784Z", "relationship_type": "indicates", "source_ref": "indicator--f032bde5-72af-401b-b83e-b483d3d55454", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--28237a79-3f1e-4a40-ade9-978a65499bf3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.81387Z", "modified": "2026-06-02T15:57:32.81387Z", "relationship_type": "indicates", "source_ref": "indicator--6d38e5d8-eb4b-4810-bde2-d8dcf5d51246", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--28f06de2-651a-4ef0-aed5-1c51c8716928", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.814951Z", "modified": "2026-06-02T15:57:32.814951Z", "relationship_type": "indicates", "source_ref": "indicator--0121baef-69b0-46fa-aabf-a168aeb690ec", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--34d1f984-b5a4-4add-b99f-33894dbbff41", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.816045Z", "modified": "2026-06-02T15:57:32.816045Z", "relationship_type": "indicates", "source_ref": "indicator--dae3c818-20bd-4e3a-af99-72b737e41c4d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--417c46ec-6f11-400f-bc5c-15022aac15fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.817111Z", "modified": "2026-06-02T15:57:32.817111Z", "relationship_type": "indicates", "source_ref": "indicator--9b23c1c2-85eb-46ba-bfed-c472e9776826", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a8aa697b-4e7c-4306-92cd-89c0c5e95cb0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.818329Z", "modified": "2026-06-02T15:57:32.818329Z", "relationship_type": "indicates", "source_ref": "indicator--0b49e687-216a-40b6-b96b-08d67610a261", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a0681447-67c6-415f-a3a7-0dcb3e120b46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.819426Z", "modified": "2026-06-02T15:57:32.819426Z", "relationship_type": "indicates", "source_ref": "indicator--fb849c1b-1277-4550-b847-78e2516b98a3", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ebd3d9be-a27e-45c2-a01a-1fcd00e53d35", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.82049Z", "modified": "2026-06-02T15:57:32.82049Z", "relationship_type": "indicates", "source_ref": "indicator--c3306632-51f5-42b9-bc19-6d121f926ac5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7c0774ce-fd09-40d1-9aea-9c4eb01caaca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.821547Z", "modified": "2026-06-02T15:57:32.821547Z", "relationship_type": "indicates", "source_ref": "indicator--c91a4212-5606-465f-9cbb-d50f35f9b5cf", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f37aba64-a5b9-4625-a804-6ac41e2bb2d2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.822594Z", "modified": "2026-06-02T15:57:32.822594Z", "relationship_type": "indicates", "source_ref": "indicator--e6555d0a-275c-458c-8bd7-2d4e35efc377", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--22e83d80-a345-4417-8198-87973e851d99", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.823655Z", "modified": "2026-06-02T15:57:32.823655Z", "relationship_type": "indicates", "source_ref": "indicator--8a892dbd-52ba-42fe-a8e4-535cbbaa9a3d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0cea2bee-6cb7-44d4-a6bd-df146ac26f25", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.824742Z", "modified": "2026-06-02T15:57:32.824742Z", "relationship_type": "indicates", "source_ref": "indicator--38178281-a0b2-4bdc-bc2d-7ca6f80b58aa", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a200d28d-f08d-4584-9f5f-a53292e19286", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.825958Z", "modified": "2026-06-02T15:57:32.825958Z", "relationship_type": "indicates", "source_ref": "indicator--bfc991b1-7398-49a3-beae-2d18e56d810c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2c25bcd8-ccc4-44c7-8a52-00bcd03c1f15", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.827047Z", "modified": "2026-06-02T15:57:32.827047Z", "relationship_type": "indicates", "source_ref": "indicator--33e26aaf-1b2a-40b0-9cf9-764aefcc4f81", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--384da09d-0caf-439b-aecf-141336ab298f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.828117Z", "modified": "2026-06-02T15:57:32.828117Z", "relationship_type": "indicates", "source_ref": "indicator--bccd48b7-7f62-41b0-8631-0c6cbe27ec4c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--70ffabc3-ad96-47f3-92c5-7ddb3b719bcb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.829177Z", "modified": "2026-06-02T15:57:32.829177Z", "relationship_type": "indicates", "source_ref": "indicator--57857f1e-b886-4e58-a544-92954dd8759d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--36478a2b-690b-47a7-95d4-f4b6d94ee91b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.830224Z", "modified": "2026-06-02T15:57:32.830224Z", "relationship_type": "indicates", "source_ref": "indicator--1bcd8bc3-68d4-486f-9347-bf7e42540b0c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0da129cc-e68e-4bd9-b2a7-a42d974ea927", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.831291Z", "modified": "2026-06-02T15:57:32.831291Z", "relationship_type": "indicates", "source_ref": "indicator--48912092-eb6d-4d91-b777-e89fc8c4e3d4", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--27080f2a-1edc-4d81-a5a6-17b8710d0a5a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.832345Z", "modified": "2026-06-02T15:57:32.832345Z", "relationship_type": "indicates", "source_ref": "indicator--f1211d10-b88a-4553-b906-b7368158d06f", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0af4b04a-33e8-4320-91e4-01a3369b753e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.83355Z", "modified": "2026-06-02T15:57:32.83355Z", "relationship_type": "indicates", "source_ref": "indicator--6ef11903-3e3d-4ac5-b955-6b5e9b52910c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--76b1c9a4-a92b-4b11-8aa4-e61619a4dd77", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.834617Z", "modified": "2026-06-02T15:57:32.834617Z", "relationship_type": "indicates", "source_ref": "indicator--36183f68-f85e-4839-bbc0-e9937dc89387", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--29288ac1-5536-47b3-889a-e8e7aa5b3e61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.835678Z", "modified": "2026-06-02T15:57:32.835678Z", "relationship_type": "indicates", "source_ref": "indicator--c3833841-c1c1-4213-8285-9d59ad882456", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dade5bfc-5757-4edb-99bf-5b47b0183cd6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.836726Z", "modified": "2026-06-02T15:57:32.836726Z", "relationship_type": "indicates", "source_ref": "indicator--e0944a8b-36d3-46d7-b8c8-097f1e6ee713", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c1c87ce7-e7e9-4f4a-892b-c9481bfcf4ea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.837784Z", "modified": "2026-06-02T15:57:32.837784Z", "relationship_type": "indicates", "source_ref": "indicator--d81eff91-f7a3-42cb-b33b-e1d29dce444e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5b941859-f28a-4a2d-921d-66c9f8cac839", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.838835Z", "modified": "2026-06-02T15:57:32.838835Z", "relationship_type": "indicates", "source_ref": "indicator--36820538-8fc9-4931-ba55-f1d12dd7095d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2502f737-8de0-4c41-bdb2-b6d88526578c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.839899Z", "modified": "2026-06-02T15:57:32.839899Z", "relationship_type": "indicates", "source_ref": "indicator--67ec2977-54ec-48d9-9d4b-2ae284e23f4f", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--57d18c25-1ff7-4b2b-81e9-1d990abb49e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.841121Z", "modified": "2026-06-02T15:57:32.841121Z", "relationship_type": "indicates", "source_ref": "indicator--15f79f6d-af66-461f-add4-cb343a5f1af5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f80990f4-b64c-4b4f-aa4a-53c939ef749a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.84219Z", "modified": "2026-06-02T15:57:32.84219Z", "relationship_type": "indicates", "source_ref": "indicator--31700b78-7746-4c04-99d4-231895643ffd", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5a52dc4e-b340-4b6f-b498-72482adaca2e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.843251Z", "modified": "2026-06-02T15:57:32.843251Z", "relationship_type": "indicates", "source_ref": "indicator--25a6061d-d4ac-46fe-a6d5-60b18772e034", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b587853d-13ed-4ad5-8b0f-d8261e100b02", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.844313Z", "modified": "2026-06-02T15:57:32.844313Z", "relationship_type": "indicates", "source_ref": "indicator--19bc1e30-78a4-4992-87e7-e1eeeea2b5f5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2225ab9f-fe1d-4e7d-955a-d2ed83c1a888", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.845366Z", "modified": "2026-06-02T15:57:32.845366Z", "relationship_type": "indicates", "source_ref": "indicator--1b5351d5-35aa-4a4a-aa90-5d446afb97cc", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dcda053f-20aa-4d1f-8fa8-fe6ae964ca3d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.8475Z", "modified": "2026-06-02T15:57:32.8475Z", "relationship_type": "indicates", "source_ref": "indicator--7b3af59b-5fc3-4b89-bf61-141f491abd34", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bf11ac5b-28cd-4ac1-a75e-960de01f2c53", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.848656Z", "modified": "2026-06-02T15:57:32.848656Z", "relationship_type": "indicates", "source_ref": "indicator--758c6634-10ae-45d4-804e-9068830d2d72", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3f1183c2-baa6-4231-9802-d4d5c8f8a039", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.849961Z", "modified": "2026-06-02T15:57:32.849961Z", "relationship_type": "indicates", "source_ref": "indicator--662d2f1b-f581-4c41-b082-b3f7b18776d9", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--95cf8efa-bbb4-495e-a74b-35d72d7b8041", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.851057Z", "modified": "2026-06-02T15:57:32.851057Z", "relationship_type": "indicates", "source_ref": "indicator--e85357bd-e447-4604-9f4b-e1b47ecca65c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ad7274d0-e826-4ad9-9a1e-bc68a3c5e0eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.852161Z", "modified": "2026-06-02T15:57:32.852161Z", "relationship_type": "indicates", "source_ref": "indicator--573c8bc7-0c5f-4473-b343-285d593c88d6", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b11e76e4-a34b-4c95-a1f4-939d34f982cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.853221Z", "modified": "2026-06-02T15:57:32.853221Z", "relationship_type": "indicates", "source_ref": "indicator--ba1522ab-1b8f-446b-90db-0f77103b375d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--62554399-9fb6-4de9-b6bf-7ff29ded4fc1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.854272Z", "modified": "2026-06-02T15:57:32.854272Z", "relationship_type": "indicates", "source_ref": "indicator--d0dd8b9f-6584-4f67-bce9-4565c7162bc9", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7ed3d99b-1772-41c3-9b16-1e4e817ca6f9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.855339Z", "modified": "2026-06-02T15:57:32.855339Z", "relationship_type": "indicates", "source_ref": "indicator--fabd324e-b701-42ef-809c-edf6f4752ff7", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--402693d7-0978-453f-b530-7d8d4d6ccadb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.856427Z", "modified": "2026-06-02T15:57:32.856427Z", "relationship_type": "indicates", "source_ref": "indicator--b4edb4af-e54a-4d36-b2e6-842e61005f44", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a9bdbb95-9719-4ce0-b0e5-0c9e7d58eb90", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.857657Z", "modified": "2026-06-02T15:57:32.857657Z", "relationship_type": "indicates", "source_ref": "indicator--76a311ef-ddc0-4005-b871-5e3422140a11", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--daf37e6a-9d66-4fc6-95ad-560bc8f0f09c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.858725Z", "modified": "2026-06-02T15:57:32.858725Z", "relationship_type": "indicates", "source_ref": "indicator--b1462ceb-d17b-4d3a-b2f8-3e723ace8991", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--90f3fd4a-f2ef-4092-b213-7184ab8ad805", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.859801Z", "modified": "2026-06-02T15:57:32.859801Z", "relationship_type": "indicates", "source_ref": "indicator--51332037-4f43-4edb-9c92-c87716d82661", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--37fe17bd-0ae3-41a9-9d53-340e6530a616", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.860864Z", "modified": "2026-06-02T15:57:32.860864Z", "relationship_type": "indicates", "source_ref": "indicator--8cb8f392-e6e3-49a1-9443-1b621addcc2d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--06f58b88-558b-4bbc-b13e-26b01bd598db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.861912Z", "modified": "2026-06-02T15:57:32.861912Z", "relationship_type": "indicates", "source_ref": "indicator--985af272-b7b3-4808-8d54-d2cd43d45fa2", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a752db74-f2ce-4b2a-a4e9-b275b8f7bd8c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.862965Z", "modified": "2026-06-02T15:57:32.862965Z", "relationship_type": "indicates", "source_ref": "indicator--f23ef83f-7c8a-4ba2-bcad-f4319a2d6ed3", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--77daa137-39ee-4733-865a-de85b63a5508", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.864036Z", "modified": "2026-06-02T15:57:32.864036Z", "relationship_type": "indicates", "source_ref": "indicator--68392d83-2b08-4e0c-84ec-f7f02071d2e3", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--91d71e04-2da2-4d15-8827-f405030d3e8e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.865244Z", "modified": "2026-06-02T15:57:32.865244Z", "relationship_type": "indicates", "source_ref": "indicator--51641745-8203-4039-b004-6da9e365681c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2e2ec88c-5f36-4149-ba6f-843092f295ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.866309Z", "modified": "2026-06-02T15:57:32.866309Z", "relationship_type": "indicates", "source_ref": "indicator--a6a457dd-8203-46b0-b95a-7811c871d602", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e633d0e9-6965-4aa5-a5e3-59851c052b15", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.86737Z", "modified": "2026-06-02T15:57:32.86737Z", "relationship_type": "indicates", "source_ref": "indicator--e5179aa4-201d-47ed-aa1e-4b6cf6c3696a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d2629b73-0889-40e4-81b7-5a0b352e9f8c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.868421Z", "modified": "2026-06-02T15:57:32.868421Z", "relationship_type": "indicates", "source_ref": "indicator--4293724f-c70f-4cd3-8aff-7ccced06a49e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f318a36d-f7d4-4049-b7a0-b52346317b5b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.869489Z", "modified": "2026-06-02T15:57:32.869489Z", "relationship_type": "indicates", "source_ref": "indicator--ab141320-12d5-4100-ad07-b38144253a67", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7ca60ce4-6754-4574-9de5-0592055b573f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.870545Z", "modified": "2026-06-02T15:57:32.870545Z", "relationship_type": "indicates", "source_ref": "indicator--b5433276-554f-4238-88c7-b3dde27eed90", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a59a79d4-35fc-42ff-af16-a6124634bb5e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.871618Z", "modified": "2026-06-02T15:57:32.871618Z", "relationship_type": "indicates", "source_ref": "indicator--323b6e64-b289-4c37-aca6-a9dc76e54701", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--206e323a-09ac-4765-a559-2d3118a65873", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.87283Z", "modified": "2026-06-02T15:57:32.87283Z", "relationship_type": "indicates", "source_ref": "indicator--2b22f715-fb24-49ed-9dda-cdaf6dc21d0e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4c0b939d-321c-46bf-92c7-468b56dbcd97", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.873893Z", "modified": "2026-06-02T15:57:32.873893Z", "relationship_type": "indicates", "source_ref": "indicator--9eed86d0-ea9e-4787-9e5a-01093eebf44c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cab2182c-89e1-4d30-b577-849275bf77c2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.874942Z", "modified": "2026-06-02T15:57:32.874942Z", "relationship_type": "indicates", "source_ref": "indicator--7034dc38-de1d-4476-803a-e0070b51f8f1", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9916d552-a10a-4d3b-a71b-7027f7b429f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.876027Z", "modified": "2026-06-02T15:57:32.876027Z", "relationship_type": "indicates", "source_ref": "indicator--775c4796-57ce-4a5b-beb6-1b66676acb0e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--70aa8b76-7eb2-4d8b-aec8-19eac73845f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.877079Z", "modified": "2026-06-02T15:57:32.877079Z", "relationship_type": "indicates", "source_ref": "indicator--e51c2ba0-7f21-4881-b0a7-61e216fb7c9f", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3181b24d-0813-453a-a12f-11c373d42342", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.878127Z", "modified": "2026-06-02T15:57:32.878127Z", "relationship_type": "indicates", "source_ref": "indicator--089e0cc8-f2f0-4a60-b4fa-470719a20f95", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0cbd6fab-1cdf-4932-8b74-1cb1ff507e18", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.879182Z", "modified": "2026-06-02T15:57:32.879182Z", "relationship_type": "indicates", "source_ref": "indicator--33a70aa3-7308-4e3d-b436-fec2c6faa73e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4f43a7f3-f3d2-432e-a4db-c21ee8b747bf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.880395Z", "modified": "2026-06-02T15:57:32.880395Z", "relationship_type": "indicates", "source_ref": "indicator--706197d7-6eff-4337-bcdc-ceff595f7c09", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7b227e1a-4e83-4ddb-9e96-4fbca715a3ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.88148Z", "modified": "2026-06-02T15:57:32.88148Z", "relationship_type": "indicates", "source_ref": "indicator--de5b615f-521e-4e48-84d6-f6c419111d46", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b4e9a8ec-345e-4b92-a799-b10ba5f22751", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.882542Z", "modified": "2026-06-02T15:57:32.882542Z", "relationship_type": "indicates", "source_ref": "indicator--e171f5e0-a065-4e5b-b368-e4ae0be6b92d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e648f83c-8116-4ea3-bb52-29861ce24070", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.883612Z", "modified": "2026-06-02T15:57:32.883612Z", "relationship_type": "indicates", "source_ref": "indicator--9b7ffea2-b851-4d6d-9d13-75aab18dd2f9", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--06ebd63a-60d3-4278-8397-ed0d4f006149", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.884669Z", "modified": "2026-06-02T15:57:32.884669Z", "relationship_type": "indicates", "source_ref": "indicator--de3d1a3c-9ac8-4b5c-8f8a-f53cc7d984fb", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--506747d1-1b5a-4764-a7cf-3fc358d9feb3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.885721Z", "modified": "2026-06-02T15:57:32.885721Z", "relationship_type": "indicates", "source_ref": "indicator--622b4c7a-1abf-4143-a68e-eef380f5fed5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eea85ab1-06b1-4fbd-b257-0a5812232888", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.886773Z", "modified": "2026-06-02T15:57:32.886773Z", "relationship_type": "indicates", "source_ref": "indicator--c3d7e580-f1cc-427a-9685-4fa750a6db01", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c0d8dc76-1627-47b8-87a4-f9f617292efd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.888015Z", "modified": "2026-06-02T15:57:32.888015Z", "relationship_type": "indicates", "source_ref": "indicator--29122263-594a-489f-8658-de2674f020dc", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1f0b716f-ac97-44bb-a515-c537bbf3af54", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.889085Z", "modified": "2026-06-02T15:57:32.889085Z", "relationship_type": "indicates", "source_ref": "indicator--42532380-1dd1-4d2c-a85f-66ea3190e813", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7df5ec7a-636a-4c74-9997-60fc2f02784b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.890139Z", "modified": "2026-06-02T15:57:32.890139Z", "relationship_type": "indicates", "source_ref": "indicator--c82b4a76-2ac5-4d98-b6e7-ecad61329df6", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--66e12304-0a18-4d2b-be2c-f2fede9399d2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.891199Z", "modified": "2026-06-02T15:57:32.891199Z", "relationship_type": "indicates", "source_ref": "indicator--6c1197d8-1ded-4f4b-80c3-b8b80316951a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d4bf629f-cd06-4a9d-a841-f5bf6a395f5d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.892259Z", "modified": "2026-06-02T15:57:32.892259Z", "relationship_type": "indicates", "source_ref": "indicator--75ddb114-2ece-40f9-a2fd-543e33b56a42", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--10b8ddc2-f9b3-4ed9-b706-b25d78218905", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.893321Z", "modified": "2026-06-02T15:57:32.893321Z", "relationship_type": "indicates", "source_ref": "indicator--74766d8e-f02d-4d41-87ba-635c6befbc4a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--796cf550-21eb-4d91-9801-e9ff69b27c84", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.894378Z", "modified": "2026-06-02T15:57:32.894378Z", "relationship_type": "indicates", "source_ref": "indicator--7c36d922-3911-49d4-ae96-a9a2a472f07a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--88d8fc9f-818e-43d3-82ed-b5289253fa96", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.895604Z", "modified": "2026-06-02T15:57:32.895604Z", "relationship_type": "indicates", "source_ref": "indicator--15cfab30-30c9-4c4b-93e4-31364c7aed90", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--be117ca9-e4f0-4010-ab3c-6d5cbd602d2b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.896679Z", "modified": "2026-06-02T15:57:32.896679Z", "relationship_type": "indicates", "source_ref": "indicator--6416bf26-6b3f-4234-8e8a-6fef81380a2b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4c7240c9-9779-49ad-9a30-ffd804cf0fa9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.897732Z", "modified": "2026-06-02T15:57:32.897732Z", "relationship_type": "indicates", "source_ref": "indicator--dfd20601-9be7-4e9d-84fe-e400a02e1eea", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c4a30313-56d7-42ec-9152-af3a028a6258", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.898777Z", "modified": "2026-06-02T15:57:32.898777Z", "relationship_type": "indicates", "source_ref": "indicator--3a75aa55-641b-4d24-9140-c20cd4168251", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cf3c923a-1ed6-4ec3-a703-d741eeb78b3b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.899848Z", "modified": "2026-06-02T15:57:32.899848Z", "relationship_type": "indicates", "source_ref": "indicator--e0b98c3c-71e1-44f9-a1c6-1426483d9d05", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5748954f-6c8d-4bb0-a273-d374cf053238", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.900906Z", "modified": "2026-06-02T15:57:32.900906Z", "relationship_type": "indicates", "source_ref": "indicator--82ce5a61-b2d2-456e-ac51-88602ba85142", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--720a807f-3e35-4281-9eab-0b587672edfb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.901953Z", "modified": "2026-06-02T15:57:32.901953Z", "relationship_type": "indicates", "source_ref": "indicator--e964916a-28a6-4a59-b7ed-08f8224e0bb1", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1a5d65ba-8349-4656-8306-927ca27b399c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.90423Z", "modified": "2026-06-02T15:57:32.90423Z", "relationship_type": "indicates", "source_ref": "indicator--1d369592-bde7-435f-a2dd-96b2cc291b46", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3dd22af3-fb51-479f-86cf-81aaa4e38fb0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.905414Z", "modified": "2026-06-02T15:57:32.905414Z", "relationship_type": "indicates", "source_ref": "indicator--562d3262-b442-4ba6-9885-ea3bad8d30fa", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0f5042b2-fd4a-4002-8df9-f50ca52a9df1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.906535Z", "modified": "2026-06-02T15:57:32.906535Z", "relationship_type": "indicates", "source_ref": "indicator--3e580037-4c85-44a2-ae78-d6a8a3df652d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aca15082-6672-475e-9920-9da92bde04f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.90764Z", "modified": "2026-06-02T15:57:32.90764Z", "relationship_type": "indicates", "source_ref": "indicator--1c9072a3-086c-4a22-90fd-72f589d47933", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--840e1845-2b47-41ae-9f43-a0d114db9bd2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.908714Z", "modified": "2026-06-02T15:57:32.908714Z", "relationship_type": "indicates", "source_ref": "indicator--20ea5ab4-c81f-4282-a388-e790aa631f6f", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7b94fad9-6696-4b8e-87f6-6fa8d619cd9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.909792Z", "modified": "2026-06-02T15:57:32.909792Z", "relationship_type": "indicates", "source_ref": "indicator--b49e2d47-04e0-476d-88d3-0e4faf34f9cb", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0a5da7d1-0194-42ec-bef3-9889455bed63", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.910853Z", "modified": "2026-06-02T15:57:32.910853Z", "relationship_type": "indicates", "source_ref": "indicator--4696bf7f-6b41-4d2b-a4ea-c16fc715b464", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4e1f4531-0bad-4927-9bfc-b6049d0d0b0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.912134Z", "modified": "2026-06-02T15:57:32.912134Z", "relationship_type": "indicates", "source_ref": "indicator--8ff5506a-b18e-487a-9a8f-1c232016c1dd", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cfc59048-26df-4bce-9168-a74d5000c6be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.91322Z", "modified": "2026-06-02T15:57:32.91322Z", "relationship_type": "indicates", "source_ref": "indicator--373e4b6f-2620-4d37-96d9-1bb9f38198f1", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--74056d2a-ca87-42b1-a2d1-1392a84cace1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.914281Z", "modified": "2026-06-02T15:57:32.914281Z", "relationship_type": "indicates", "source_ref": "indicator--607ada71-c582-4a9d-96e2-a6716900180b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d2ec36ad-6dfc-4aab-b302-1e43bdcaed8b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.915359Z", "modified": "2026-06-02T15:57:32.915359Z", "relationship_type": "indicates", "source_ref": "indicator--b841b528-8ca5-46e6-a611-9c67add59e43", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ecfb848a-b228-48b6-9908-1976f893c5c2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.916415Z", "modified": "2026-06-02T15:57:32.916415Z", "relationship_type": "indicates", "source_ref": "indicator--91530366-a833-4491-b28c-cf3bce58e2d0", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--de1009dc-a644-422c-8f36-e8673f79ef9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.917462Z", "modified": "2026-06-02T15:57:32.917462Z", "relationship_type": "indicates", "source_ref": "indicator--659e8723-b3d1-4554-afba-3c6b801479ec", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9c75c089-ea28-4585-adb7-be83fcc3411d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.918521Z", "modified": "2026-06-02T15:57:32.918521Z", "relationship_type": "indicates", "source_ref": "indicator--a97e14da-3aa4-466d-8f7f-8480027c97a6", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2579f532-4e09-4da0-a4c2-26212e776c5a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.91974Z", "modified": "2026-06-02T15:57:32.91974Z", "relationship_type": "indicates", "source_ref": "indicator--e29eac15-9311-4539-ac5c-7cf1d067b72b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--271061a0-ea74-489c-b1f2-e99a762bacab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.920813Z", "modified": "2026-06-02T15:57:32.920813Z", "relationship_type": "indicates", "source_ref": "indicator--e49970c9-641b-46cd-b6f9-bf86b30e6391", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f75ca4f5-8c0f-4c59-9f6d-1e6898f016b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.921873Z", "modified": "2026-06-02T15:57:32.921873Z", "relationship_type": "indicates", "source_ref": "indicator--3a576b61-889e-4bb1-90f4-c0fca9251600", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f28e91a2-cafe-40f4-8ab3-58ff233948ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.922921Z", "modified": "2026-06-02T15:57:32.922921Z", "relationship_type": "indicates", "source_ref": "indicator--27599358-361f-4f7f-bdca-0f21078f0079", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f8c3d265-8575-4785-835c-ab7d6a3afa76", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.924002Z", "modified": "2026-06-02T15:57:32.924002Z", "relationship_type": "indicates", "source_ref": "indicator--07910348-066b-4f1d-b497-7a215917da7a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--42042236-b43d-4069-bb2d-efd2542afa2d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.925064Z", "modified": "2026-06-02T15:57:32.925064Z", "relationship_type": "indicates", "source_ref": "indicator--fa7d3b15-d2c4-46a9-992b-983adc6f3e56", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c32520c3-7921-4a4e-ac6e-2d03d9853bb5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.926119Z", "modified": "2026-06-02T15:57:32.926119Z", "relationship_type": "indicates", "source_ref": "indicator--b9858e8b-d0ff-4ce3-a03e-b01f8c4e865f", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e98d4c61-66bc-4877-bae0-387418cb3dd5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.927334Z", "modified": "2026-06-02T15:57:32.927334Z", "relationship_type": "indicates", "source_ref": "indicator--8e013465-b5dd-4cf9-91de-0292066d8435", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--28676ce0-0341-4d37-a2aa-777898f6cfbb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.928406Z", "modified": "2026-06-02T15:57:32.928406Z", "relationship_type": "indicates", "source_ref": "indicator--79a31a4c-4652-4fd9-ab96-41a307eb20ac", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--88bfa666-0e64-4c4f-ae7b-06818bdc3e1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.929457Z", "modified": "2026-06-02T15:57:32.929457Z", "relationship_type": "indicates", "source_ref": "indicator--7d6ec043-896d-4012-b143-b69604ccbf91", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f3c6b7a-7095-4f1f-8c2c-916b6c1ccd68", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.930514Z", "modified": "2026-06-02T15:57:32.930514Z", "relationship_type": "indicates", "source_ref": "indicator--c19a0976-e66d-4df6-a636-e94d7f10039d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e5c2c0f1-a4d0-44dd-b0c9-37bcc927c1a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.931566Z", "modified": "2026-06-02T15:57:32.931566Z", "relationship_type": "indicates", "source_ref": "indicator--dd42878d-9e1f-4c89-99ac-26afa6980ded", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c9ee1f82-6347-40bc-8596-104db6372d80", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.932614Z", "modified": "2026-06-02T15:57:32.932614Z", "relationship_type": "indicates", "source_ref": "indicator--04382ad5-dd2c-4a7a-ba05-879f1c87e169", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9ef71653-b6f6-4a79-bc56-826be67d8d70", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.933669Z", "modified": "2026-06-02T15:57:32.933669Z", "relationship_type": "indicates", "source_ref": "indicator--bbc98abf-cdd2-4ab9-a4fe-9c8efecdb854", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--40996d0b-0831-4df2-91cc-b09629b08da3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.93488Z", "modified": "2026-06-02T15:57:32.93488Z", "relationship_type": "indicates", "source_ref": "indicator--04496a83-a0ff-4545-836c-fb000fe3a9fc", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5ea712c4-87b7-418e-bcdd-cf994183bb0c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.935977Z", "modified": "2026-06-02T15:57:32.935977Z", "relationship_type": "indicates", "source_ref": "indicator--822a4a15-7460-4f10-aa0d-204d8915b02a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6987713c-8be0-4c13-b2de-eae0f798e0e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.937047Z", "modified": "2026-06-02T15:57:32.937047Z", "relationship_type": "indicates", "source_ref": "indicator--10a535ae-9428-4f52-84c2-a53b2b2d9f66", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--24a3e833-ea58-40a6-8094-8e5c09244850", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.9381Z", "modified": "2026-06-02T15:57:32.9381Z", "relationship_type": "indicates", "source_ref": "indicator--f2961f20-f006-4564-a739-dcf547e73119", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--17a90171-12b0-4b06-940d-9251b7d630cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.939522Z", "modified": "2026-06-02T15:57:32.939522Z", "relationship_type": "indicates", "source_ref": "indicator--77eecd68-209c-42f2-910b-df342ff7c8b6", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc47ef8d-65b5-43a4-8754-7cb8d2eab4e8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.940682Z", "modified": "2026-06-02T15:57:32.940682Z", "relationship_type": "indicates", "source_ref": "indicator--c3be3fa6-cad1-40b0-b299-21304b04112d", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9320b249-f662-42a2-8669-b0fa7c2ac665", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.941775Z", "modified": "2026-06-02T15:57:32.941775Z", "relationship_type": "indicates", "source_ref": "indicator--fc4af01a-1afd-4134-93ac-3e879f938416", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c5168cdd-e646-4f60-8b6d-79812fff81a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.943005Z", "modified": "2026-06-02T15:57:32.943005Z", "relationship_type": "indicates", "source_ref": "indicator--a5c90964-5e10-4acc-bd3d-22da089ce437", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--90c48bdd-ed09-42d6-a40a-b59eddde1f83", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.944104Z", "modified": "2026-06-02T15:57:32.944104Z", "relationship_type": "indicates", "source_ref": "indicator--79c2b6d8-88f2-4d2f-99d6-499edb2ebb93", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--207aacdc-7068-4c17-b206-f3d13ce71947", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.945164Z", "modified": "2026-06-02T15:57:32.945164Z", "relationship_type": "indicates", "source_ref": "indicator--5fb478e5-c3a6-4d6b-90e3-525c95f3665e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--22f0d806-99f7-4b86-9fbb-2392684e91e9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.946212Z", "modified": "2026-06-02T15:57:32.946212Z", "relationship_type": "indicates", "source_ref": "indicator--32375995-74b9-4cce-9fb3-26dbebce363c", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1b712ca9-cbc2-4b51-89e6-e2411a54082d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.947503Z", "modified": "2026-06-02T15:57:32.947503Z", "relationship_type": "indicates", "source_ref": "indicator--ff80c6f6-fe07-4c56-9adb-f8a46a659e4b", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--24f81949-0def-4970-aac8-25ffd92317d4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.948618Z", "modified": "2026-06-02T15:57:32.948618Z", "relationship_type": "indicates", "source_ref": "indicator--4116177b-a68e-419e-a6d5-b71ebfdbb098", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--048ebd56-fbbb-4d25-bd05-9b92e0c300d3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.949689Z", "modified": "2026-06-02T15:57:32.949689Z", "relationship_type": "indicates", "source_ref": "indicator--25859f9c-0559-4207-b890-6815e3a7bf54", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--74661cdd-f66f-4481-bb18-0ceacfcf8707", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.950909Z", "modified": "2026-06-02T15:57:32.950909Z", "relationship_type": "indicates", "source_ref": "indicator--627b86ca-217b-4c51-a689-80b0dbcc6626", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9f5a56ed-0ae9-42ae-80c3-d86c1c95fcc7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.952022Z", "modified": "2026-06-02T15:57:32.952022Z", "relationship_type": "indicates", "source_ref": "indicator--2973d248-c767-4e87-a74b-66dbf614cba1", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c29699dc-80b9-46d4-be05-668820a00ffc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.953093Z", "modified": "2026-06-02T15:57:32.953093Z", "relationship_type": "indicates", "source_ref": "indicator--3355c692-09e9-4fc3-8c21-f8465d4067ce", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bd2e973f-e02d-4990-ab9d-109f29673783", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.95415Z", "modified": "2026-06-02T15:57:32.95415Z", "relationship_type": "indicates", "source_ref": "indicator--15a12c72-29fc-449e-b068-6ffb61833153", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0cb4d4f0-5699-48f9-acb8-df22af615ca8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.95522Z", "modified": "2026-06-02T15:57:32.95522Z", "relationship_type": "indicates", "source_ref": "indicator--09aaceaf-d5c5-4a7f-aec1-88a684f3fba2", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1059dfe3-6c34-42bb-9433-a03a4425681d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.956278Z", "modified": "2026-06-02T15:57:32.956278Z", "relationship_type": "indicates", "source_ref": "indicator--bc287f57-a97c-4f2d-b542-6f8ed979cade", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--04223562-a712-4132-8050-72a60500b577", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.957373Z", "modified": "2026-06-02T15:57:32.957373Z", "relationship_type": "indicates", "source_ref": "indicator--b2fce5b5-33b4-4314-8a99-c47d4a838f63", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fe0f5e35-8b22-47ee-ae5f-f09095fe8d54", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.958619Z", "modified": "2026-06-02T15:57:32.958619Z", "relationship_type": "indicates", "source_ref": "indicator--ff02c203-c7c4-4a4a-8bfb-1451abd5fe65", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--df8d3547-beb1-4ed7-b136-047b628d7bb5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.959715Z", "modified": "2026-06-02T15:57:32.959715Z", "relationship_type": "indicates", "source_ref": "indicator--08411408-c12b-480d-a6f0-b992c953a657", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d1c9daa5-b4e3-47a8-aaa3-c6469e3e7447", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.960786Z", "modified": "2026-06-02T15:57:32.960786Z", "relationship_type": "indicates", "source_ref": "indicator--c5ee92fd-30f8-4dae-88c8-6091bba63de8", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--95037cbd-9715-4ba0-a799-84f40cbd4305", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.961838Z", "modified": "2026-06-02T15:57:32.961838Z", "relationship_type": "indicates", "source_ref": "indicator--1c5071fa-7b0f-43df-8b4e-37d16ec163cb", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6d061102-f21f-4f3c-9b3c-f44b49767ae3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.9629Z", "modified": "2026-06-02T15:57:32.9629Z", "relationship_type": "indicates", "source_ref": "indicator--2dd06cd5-5022-40e8-8577-738d0c12d144", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--08f44776-667f-408d-bc0e-5a2fad360f25", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.963979Z", "modified": "2026-06-02T15:57:32.963979Z", "relationship_type": "indicates", "source_ref": "indicator--3640a231-4547-4c8b-8ac0-6f3cd00a9a62", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b7e364b3-7962-453d-a7ad-5ead8aa0e679", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.965046Z", "modified": "2026-06-02T15:57:32.965046Z", "relationship_type": "indicates", "source_ref": "indicator--a9864065-8285-407d-846b-0f464f9b3054", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--113eed20-22f3-4f9c-8c64-59710caf28a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.966235Z", "modified": "2026-06-02T15:57:32.966235Z", "relationship_type": "indicates", "source_ref": "indicator--63e1214e-91b6-4fff-ac9a-d1bdd9fb8b02", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--af374728-586b-4426-8407-2d5867d37ba8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.967279Z", "modified": "2026-06-02T15:57:32.967279Z", "relationship_type": "indicates", "source_ref": "indicator--2107b0a0-96f2-456a-9a75-3e7909d5b45a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--25e5a956-1bb9-46e1-9632-fc3a8e3567c3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.96829Z", "modified": "2026-06-02T15:57:32.96829Z", "relationship_type": "indicates", "source_ref": "indicator--4e9c53ee-755e-4977-a918-5e98ee9709e9", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c13f2d27-8fbf-42e6-aac3-278b3f778dab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.969294Z", "modified": "2026-06-02T15:57:32.969294Z", "relationship_type": "indicates", "source_ref": "indicator--8716310a-53dd-4706-aee1-115ca6cd4266", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f8c47b66-79c7-4ac8-b20d-f52a21d2f4fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.970352Z", "modified": "2026-06-02T15:57:32.970352Z", "relationship_type": "indicates", "source_ref": "indicator--35650938-b07a-489c-9aad-83001d093950", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--426b5706-d72b-4ca5-bd97-1ee4078957d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.971416Z", "modified": "2026-06-02T15:57:32.971416Z", "relationship_type": "indicates", "source_ref": "indicator--9361e072-b89b-4779-80a9-aa0a393be894", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f5c93692-8f84-486f-b25d-eb89296ab4ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.972482Z", "modified": "2026-06-02T15:57:32.972482Z", "relationship_type": "indicates", "source_ref": "indicator--82688b9e-8a07-4e7c-82d9-3c298b9016f5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--980afa4c-6217-4116-a42a-585e6664c2b2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.973686Z", "modified": "2026-06-02T15:57:32.973686Z", "relationship_type": "indicates", "source_ref": "indicator--100b78eb-fd6e-4d72-98f8-8615733c6dbd", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0614c9fe-53ac-40bd-886b-561fdd401622", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.974759Z", "modified": "2026-06-02T15:57:32.974759Z", "relationship_type": "indicates", "source_ref": "indicator--0fe6ac25-40fa-4a2d-9ff9-d44b1fd2fc0e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6a9b8ebb-e0c5-46a2-862a-e98b8b4c235b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.975831Z", "modified": "2026-06-02T15:57:32.975831Z", "relationship_type": "indicates", "source_ref": "indicator--bcb15912-63c4-4167-af8a-877f6046aca5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--579d2dd0-8c1e-41ed-bd6b-e966162523d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.976893Z", "modified": "2026-06-02T15:57:32.976893Z", "relationship_type": "indicates", "source_ref": "indicator--3f9cd545-7d1c-4a76-8566-e68b74b25ac9", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d827bd72-5f12-4b0d-b1b5-82cb2386be7d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.977949Z", "modified": "2026-06-02T15:57:32.977949Z", "relationship_type": "indicates", "source_ref": "indicator--c2c8a6a8-0b53-4369-b5ae-b71800156420", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--adf26d96-4638-401c-84fe-a291a7f5c37b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.979005Z", "modified": "2026-06-02T15:57:32.979005Z", "relationship_type": "indicates", "source_ref": "indicator--8dc78e61-f2bd-4933-a7d7-ec82970eeaec", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eb3c3e08-0097-48ec-8d02-81e7e90ea14f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.980075Z", "modified": "2026-06-02T15:57:32.980075Z", "relationship_type": "indicates", "source_ref": "indicator--83c10554-3e5f-406f-bc2e-18e4318876ae", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6a082b48-3a83-4696-9dc2-9ad27cffd4fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.981284Z", "modified": "2026-06-02T15:57:32.981284Z", "relationship_type": "indicates", "source_ref": "indicator--74f1e838-e354-45d5-8c39-ef2915f373ee", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e59b4450-07b5-4a3e-9d5c-123fc4af00cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.982362Z", "modified": "2026-06-02T15:57:32.982362Z", "relationship_type": "indicates", "source_ref": "indicator--10edb76d-9fb8-40d3-97c5-f776aaf1bd1a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--475a7f1b-4bac-44c0-a882-208cde5e81a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.983455Z", "modified": "2026-06-02T15:57:32.983455Z", "relationship_type": "indicates", "source_ref": "indicator--b269c445-354f-4574-9b63-179d6ec80424", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4517ff38-b83f-47a8-83cb-1e7cf00a3948", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.984561Z", "modified": "2026-06-02T15:57:32.984561Z", "relationship_type": "indicates", "source_ref": "indicator--8013be3b-b48f-4c9e-9379-b39849a34cdd", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cdd4cb11-c224-4b44-9d03-68f781525031", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.985624Z", "modified": "2026-06-02T15:57:32.985624Z", "relationship_type": "indicates", "source_ref": "indicator--bd39f6eb-07c2-442b-a8d9-aaa8b74a5d3e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8c3cbbfe-5487-43a3-9b4f-21c08d1b3ba8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.986677Z", "modified": "2026-06-02T15:57:32.986677Z", "relationship_type": "indicates", "source_ref": "indicator--1006d4c3-0a59-4177-9049-2bd440a6d7d7", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--76af94c2-b8de-44f4-bac3-47d226d4b44a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.987744Z", "modified": "2026-06-02T15:57:32.987744Z", "relationship_type": "indicates", "source_ref": "indicator--1524f93a-cd74-4125-b47a-070b71d60397", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a2892def-cc5a-4491-8168-085695026d4a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.988953Z", "modified": "2026-06-02T15:57:32.988953Z", "relationship_type": "indicates", "source_ref": "indicator--6ad4273d-807c-4221-914b-9ab34681897a", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7d7721bf-fd8e-4e3b-af01-fabd14114a0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.990037Z", "modified": "2026-06-02T15:57:32.990037Z", "relationship_type": "indicates", "source_ref": "indicator--5008fa61-4872-4473-846a-3f75929c4ef3", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ea248a6b-8881-48e1-b1bb-a9ee5bcee10e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.99111Z", "modified": "2026-06-02T15:57:32.99111Z", "relationship_type": "indicates", "source_ref": "indicator--48a10458-885c-42b9-98da-9bd941bd08b0", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1d04b0f0-98d2-4efa-b841-ac99267052fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.992177Z", "modified": "2026-06-02T15:57:32.992177Z", "relationship_type": "indicates", "source_ref": "indicator--597bd74c-6d41-449a-8e09-d353af75cace", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--756d3071-a30c-48e5-a373-7055efb0d38a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.993242Z", "modified": "2026-06-02T15:57:32.993242Z", "relationship_type": "indicates", "source_ref": "indicator--2775d4ea-837b-4a8a-adb5-79bc9268af46", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5548cd80-0b9d-4eb1-82b4-94cd5162aabc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.99429Z", "modified": "2026-06-02T15:57:32.99429Z", "relationship_type": "indicates", "source_ref": "indicator--6c6b3ca6-4cc8-435e-b084-c3545f1ae079", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cf02647b-a673-4da1-ace5-f052929e8a93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.995373Z", "modified": "2026-06-02T15:57:32.995373Z", "relationship_type": "indicates", "source_ref": "indicator--323526dc-bf4e-4125-96f8-862df07d7839", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7617d5a1-6745-4bfe-ac38-3a73164483ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.997628Z", "modified": "2026-06-02T15:57:32.997628Z", "relationship_type": "indicates", "source_ref": "indicator--e47043b0-52f5-47ec-addc-5522f56e1c38", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1d1c4866-949f-4ce5-8866-4b4fc5ad6ea3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.998799Z", "modified": "2026-06-02T15:57:32.998799Z", "relationship_type": "indicates", "source_ref": "indicator--5a69593f-3ec0-4802-bdf9-546dabb2488e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--23ac5f75-01b0-4d4e-9984-665adb983650", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:32.999925Z", "modified": "2026-06-02T15:57:32.999925Z", "relationship_type": "indicates", "source_ref": "indicator--372a3e42-58b6-422a-89d5-8831ea8d9078", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cb2930ab-6891-45ac-896f-e801a1a2daa8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.003263Z", "modified": "2026-06-02T15:57:33.003263Z", "relationship_type": "indicates", "source_ref": "indicator--4d9ad368-a90d-43af-8303-7e4e7cd879a9", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d80ea263-69f0-415d-9e34-c83f07b53232", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.005613Z", "modified": "2026-06-02T15:57:33.005613Z", "relationship_type": "indicates", "source_ref": "indicator--31efa162-85be-4821-aeff-52b6b1d8bc66", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5c9ce30c-4ab8-41a6-ad54-0a6000ba8871", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.008595Z", "modified": "2026-06-02T15:57:33.008595Z", "relationship_type": "indicates", "source_ref": "indicator--318df890-f9ce-40d3-a72f-19c742737b61", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4fab19a0-8a9f-4aef-839b-212f52861e0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.009938Z", "modified": "2026-06-02T15:57:33.009938Z", "relationship_type": "indicates", "source_ref": "indicator--71ee6364-6ff7-48fa-9576-733fdb987933", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d47afefb-8ab7-4a02-aa43-8bbf54f88496", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.013042Z", "modified": "2026-06-02T15:57:33.013042Z", "relationship_type": "indicates", "source_ref": "indicator--2a83ce24-ec79-4996-973e-80dca8b801ed", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--70e61198-bb11-4612-a508-795129bd865c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.014485Z", "modified": "2026-06-02T15:57:33.014485Z", "relationship_type": "indicates", "source_ref": "indicator--fd8e3318-c983-44f3-b887-6bf67d87677e", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4915cefe-aead-4284-861b-65162fd30dc8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.0158Z", "modified": "2026-06-02T15:57:33.0158Z", "relationship_type": "indicates", "source_ref": "indicator--a4927a7d-d467-47c6-bb41-8131f0ebdaff", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--47de2a19-0e3b-4cea-9b1f-f4ecaa3486cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.016971Z", "modified": "2026-06-02T15:57:33.016971Z", "relationship_type": "indicates", "source_ref": "indicator--d50236a3-89a2-45e0-9604-51553eb1cec3", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--43f6bd3c-0318-4656-8483-6dbc57b57330", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.018142Z", "modified": "2026-06-02T15:57:33.018142Z", "relationship_type": "indicates", "source_ref": "indicator--586079ed-fe99-4e4b-94a7-59ce33535626", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--55384a60-8086-472d-bd26-2c603a6be40e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.019277Z", "modified": "2026-06-02T15:57:33.019277Z", "relationship_type": "indicates", "source_ref": "indicator--23a6edbd-f5e9-4f83-be3e-beb7673f48e4", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c928a54f-f153-4cea-b8af-5a129fbac55c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.020719Z", "modified": "2026-06-02T15:57:33.020719Z", "relationship_type": "indicates", "source_ref": "indicator--887809d7-cc24-4257-b90f-3829b294d202", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--87c279a9-f9f4-4a6f-aabc-28e913cdcdf5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.021999Z", "modified": "2026-06-02T15:57:33.021999Z", "relationship_type": "indicates", "source_ref": "indicator--e0f681f2-70dd-4c44-ac7d-3a3938104a05", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7aeeedd2-3da4-4685-aacd-635516b059a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.023093Z", "modified": "2026-06-02T15:57:33.023093Z", "relationship_type": "indicates", "source_ref": "indicator--55c2cd89-72e2-4426-aea2-61f9787ab8ae", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1b14f022-6d62-473f-ad34-a141e524426f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.0242Z", "modified": "2026-06-02T15:57:33.0242Z", "relationship_type": "indicates", "source_ref": "indicator--4d8c2e63-88b6-4dc1-92b4-821f506df54d", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0d2488a7-6c69-41dd-b3a9-cd0963a236cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.025276Z", "modified": "2026-06-02T15:57:33.025276Z", "relationship_type": "indicates", "source_ref": "indicator--c985ca96-a8b1-4935-bcea-075e3a82e376", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1d29e34e-19ad-425f-80d6-98ca56de6e46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.026348Z", "modified": "2026-06-02T15:57:33.026348Z", "relationship_type": "indicates", "source_ref": "indicator--735f296e-efac-4470-bd65-e24e71c75833", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b262dc23-963c-409b-8f54-a9df1d52cf71", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.027446Z", "modified": "2026-06-02T15:57:33.027446Z", "relationship_type": "indicates", "source_ref": "indicator--b3076906-89ae-4e46-bc90-f06ec141a9d3", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--be6b90a2-96e2-4e8b-a1e1-4b446a4b7e48", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.028516Z", "modified": "2026-06-02T15:57:33.028516Z", "relationship_type": "indicates", "source_ref": "indicator--5e7e59a8-08f5-4a9e-bfe0-82898c86a738", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0fe0bc98-9a4a-4b94-923f-112dd720dfad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.02975Z", "modified": "2026-06-02T15:57:33.02975Z", "relationship_type": "indicates", "source_ref": "indicator--86dfb69f-4585-47bd-8ff0-90a268373e61", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--310f95eb-71f0-4f8e-a2cf-a59db21c466d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.030829Z", "modified": "2026-06-02T15:57:33.030829Z", "relationship_type": "indicates", "source_ref": "indicator--1be6d9ed-5aa9-4f6b-a770-69d19046906f", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9b1cf51c-7d1b-4c83-8d2c-e657985166ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.031963Z", "modified": "2026-06-02T15:57:33.031963Z", "relationship_type": "indicates", "source_ref": "indicator--112771f2-3480-477d-8471-37c4757f8ded", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4e741147-0103-48cd-9f42-1eb307e7067d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.033038Z", "modified": "2026-06-02T15:57:33.033038Z", "relationship_type": "indicates", "source_ref": "indicator--ed44068d-2660-40a8-8e8b-527a8e6e2ad2", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7bbd92e6-f80d-402c-ada6-44d59494d5fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.034114Z", "modified": "2026-06-02T15:57:33.034114Z", "relationship_type": "indicates", "source_ref": "indicator--1543c1a7-c50a-47a4-99a7-4f6940fdd7c8", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--195b2346-e36c-4578-a92c-8664596b9303", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.035214Z", "modified": "2026-06-02T15:57:33.035214Z", "relationship_type": "indicates", "source_ref": "indicator--4e0fcf49-06ae-4c41-af1b-07a767f68a00", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3ef3278c-e070-4c95-b0df-dcb765690504", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.036279Z", "modified": "2026-06-02T15:57:33.036279Z", "relationship_type": "indicates", "source_ref": "indicator--ae145d01-7503-4221-9331-54d6e91d73d5", "target_ref": "malware--060b902b-705c-41b4-b41e-c4a416d45118"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e576182d-7320-4f14-bc95-df779707b61e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.037515Z", "modified": "2026-06-02T15:57:33.037515Z", "relationship_type": "indicates", "source_ref": "indicator--f9bfa2af-c326-445a-865d-84c8ffe7d601", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--940fc3d1-2fc2-4704-9d4e-9612e0cee0c9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.038598Z", "modified": "2026-06-02T15:57:33.038598Z", "relationship_type": "indicates", "source_ref": "indicator--739b0bdb-f0ef-4eec-812b-9ae7448db7f8", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7b0651ab-7530-49b1-aaeb-4c913a7a72d4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.039697Z", "modified": "2026-06-02T15:57:33.039697Z", "relationship_type": "indicates", "source_ref": "indicator--fc179766-1a3b-4754-8de5-aa34afaf2afa", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a8e50473-9b1a-4218-9b50-7da1a20fa3c9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.040776Z", "modified": "2026-06-02T15:57:33.040776Z", "relationship_type": "indicates", "source_ref": "indicator--8ae02bbf-1f66-4031-b1a5-4b5d7b861b89", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--25c2739e-c846-4dce-af8f-c853fc9952a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.041844Z", "modified": "2026-06-02T15:57:33.041844Z", "relationship_type": "indicates", "source_ref": "indicator--d06dc9b9-b1af-49cc-99f4-494667ebb883", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7ac9a937-1edd-4105-99ec-775bd14e7f1d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.042904Z", "modified": "2026-06-02T15:57:33.042904Z", "relationship_type": "indicates", "source_ref": "indicator--fc1813ae-ec38-43fe-8584-5b6f30732308", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cf5fee96-7f03-4c8b-bce3-d3cefc2279a4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.043982Z", "modified": "2026-06-02T15:57:33.043982Z", "relationship_type": "indicates", "source_ref": "indicator--6dc6f03c-1401-4a7e-85dc-bc5dca08b563", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--91770797-d022-4c50-8f48-c937b35cb721", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.045214Z", "modified": "2026-06-02T15:57:33.045214Z", "relationship_type": "indicates", "source_ref": "indicator--94857a50-498e-4edb-9ba3-8c0a577e13ac", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1adb382c-9067-4396-a725-a17b6a4ad0a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.046292Z", "modified": "2026-06-02T15:57:33.046292Z", "relationship_type": "indicates", "source_ref": "indicator--051e8d44-f205-44e9-bf25-99c9e4045ef2", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--12abfae0-42e4-4b65-8989-da810e8caba2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.047387Z", "modified": "2026-06-02T15:57:33.047387Z", "relationship_type": "indicates", "source_ref": "indicator--60800edb-d4b6-4726-905d-743dc82b2b4e", "target_ref": "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a44c3a79-f16c-450f-a34e-4c253c721cc2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.048744Z", "modified": "2026-06-02T15:57:33.048744Z", "relationship_type": "indicates", "source_ref": "indicator--878562f9-fff2-4e70-bcee-f7ad0453af68", "target_ref": "malware--a75be05d-cd3c-4fe3-97f4-67ab6695b01b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1b1bab3a-8028-45ec-a592-a82c21bc921d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.050138Z", "modified": "2026-06-02T15:57:33.050138Z", "relationship_type": "indicates", "source_ref": "indicator--75dd18fb-e6c0-4575-8c4b-0a46188e359d", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1e39e9d9-55c0-4dd1-9ba1-47fbcc015bdd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.051226Z", "modified": "2026-06-02T15:57:33.051226Z", "relationship_type": "indicates", "source_ref": "indicator--17683287-7097-4098-9d97-4f333bb1995c", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5f86f786-5314-455b-87fc-8bfed2c65150", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.052315Z", "modified": "2026-06-02T15:57:33.052315Z", "relationship_type": "indicates", "source_ref": "indicator--b7b57d08-b201-41b9-b8f5-c9eb5a58adde", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--08bc2603-f7ca-49b7-890d-ac5f307dce3c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.053557Z", "modified": "2026-06-02T15:57:33.053557Z", "relationship_type": "indicates", "source_ref": "indicator--deb4922c-63e4-414a-9adf-5e857aa88f53", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--618ada4c-5e3d-4809-9c05-eaf82f52478d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.054637Z", "modified": "2026-06-02T15:57:33.054637Z", "relationship_type": "indicates", "source_ref": "indicator--95b7cd5c-6afe-40cf-b59a-5dd64e279216", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f114dbe5-cfde-4f76-99d6-2a86e33b32a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.055727Z", "modified": "2026-06-02T15:57:33.055727Z", "relationship_type": "indicates", "source_ref": "indicator--fa96dc4a-bf3b-41d9-8032-98df0f3bcded", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e201579e-32b9-431e-a063-62763f8f81d8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.056795Z", "modified": "2026-06-02T15:57:33.056795Z", "relationship_type": "indicates", "source_ref": "indicator--33f0ef8e-4f63-485d-a476-f6d6e96cd9a4", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--02e7a8fe-3a36-420a-91ef-52a519d89ab6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.057865Z", "modified": "2026-06-02T15:57:33.057865Z", "relationship_type": "indicates", "source_ref": "indicator--4755df6f-bd5b-429f-8d5b-187599bc18ee", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dfec0882-f258-4c59-9f27-a7d65322e3a3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.059016Z", "modified": "2026-06-02T15:57:33.059016Z", "relationship_type": "indicates", "source_ref": "indicator--00a8452e-914a-434a-9c4d-ba41875333e6", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8b328f28-97b5-4941-95f6-967b456f3a95", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.060106Z", "modified": "2026-06-02T15:57:33.060106Z", "relationship_type": "indicates", "source_ref": "indicator--e442748b-5bc5-4a1a-883b-04bcc24db382", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c9b18ebc-5448-4368-88a2-bc04671fb4e8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.061343Z", "modified": "2026-06-02T15:57:33.061343Z", "relationship_type": "indicates", "source_ref": "indicator--5290d893-c884-40f5-9cef-8d7a84e8fd9b", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--91864bfa-a3ae-4dad-b4f3-54120757316c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.062428Z", "modified": "2026-06-02T15:57:33.062428Z", "relationship_type": "indicates", "source_ref": "indicator--586d8d15-ef94-4d9c-a27f-b87bcb79126e", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--98143eb2-2770-4bce-b081-75d3e1a198f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.063512Z", "modified": "2026-06-02T15:57:33.063512Z", "relationship_type": "indicates", "source_ref": "indicator--ff38a3ec-7777-458c-a61d-a4dea2e64276", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--150a4648-79f7-4cd5-acb4-ab59ddb805ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.064583Z", "modified": "2026-06-02T15:57:33.064583Z", "relationship_type": "indicates", "source_ref": "indicator--7d59bc6d-1837-4af8-aa72-e9b2f2017e51", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--38f32c81-510c-45f6-b186-0e7138767809", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.065672Z", "modified": "2026-06-02T15:57:33.065672Z", "relationship_type": "indicates", "source_ref": "indicator--ba92a02e-4f6d-4714-a61c-c6fb55543ca4", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--baaf981e-9a18-4213-a3d2-00197d198df8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.066747Z", "modified": "2026-06-02T15:57:33.066747Z", "relationship_type": "indicates", "source_ref": "indicator--74083117-433b-482d-b591-7836ca89c83c", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bfd902f7-a0e8-4fd1-8eeb-1921a830f73e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.067823Z", "modified": "2026-06-02T15:57:33.067823Z", "relationship_type": "indicates", "source_ref": "indicator--0245e4b4-cf93-41c3-aefe-e7cc7bceeb7e", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--edcff748-0b02-4575-b0f2-68e8188fad5e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.069052Z", "modified": "2026-06-02T15:57:33.069052Z", "relationship_type": "indicates", "source_ref": "indicator--fe1db30f-65b6-483f-9689-e3b32b7a8450", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--649f0f1e-2f28-4cf0-af4e-c95892f27336", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.070133Z", "modified": "2026-06-02T15:57:33.070133Z", "relationship_type": "indicates", "source_ref": "indicator--db83f681-a3ad-44f5-97f4-6684fadae255", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7f89d20d-eb7a-45b6-a44a-588b3aab1331", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.071221Z", "modified": "2026-06-02T15:57:33.071221Z", "relationship_type": "indicates", "source_ref": "indicator--748f027c-9fe0-42c1-8c60-0f574cfdb640", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d7fe9b8b-02de-4f9b-bdf4-a1c5b7504af7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.072288Z", "modified": "2026-06-02T15:57:33.072288Z", "relationship_type": "indicates", "source_ref": "indicator--3fcb1903-0b31-4237-8955-75dfb670c3c5", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dd828718-44cb-4c60-97c7-7a8d11872a84", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.073363Z", "modified": "2026-06-02T15:57:33.073363Z", "relationship_type": "indicates", "source_ref": "indicator--1c77c37a-56cd-4ad0-91b4-654001df2eae", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a514d924-1ccd-4c7d-9879-7fbbe596076a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.07442Z", "modified": "2026-06-02T15:57:33.07442Z", "relationship_type": "indicates", "source_ref": "indicator--3ccfb7b5-2f9f-49fe-ad8d-9968908814c0", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a2f2753f-3123-4f38-bfed-9ef4ef29a8f9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.07549Z", "modified": "2026-06-02T15:57:33.07549Z", "relationship_type": "indicates", "source_ref": "indicator--69bac206-2292-49cd-885f-b341fee30430", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8c6ad4f8-cb79-4c63-afac-1efa9e879d7f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.076721Z", "modified": "2026-06-02T15:57:33.076721Z", "relationship_type": "indicates", "source_ref": "indicator--48311fed-8aa2-42fd-8e92-886fea218ae2", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--63cbf723-364c-4351-bd9c-59563df16f4d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.077806Z", "modified": "2026-06-02T15:57:33.077806Z", "relationship_type": "indicates", "source_ref": "indicator--cfbf0a2c-965b-4f4c-b235-8a2373867e13", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bb73d66a-1fff-4952-a94e-73986075b277", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.078873Z", "modified": "2026-06-02T15:57:33.078873Z", "relationship_type": "indicates", "source_ref": "indicator--61a8debb-c147-4087-9ae4-18676c3ade06", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--49e65727-8bfa-4d50-a68c-264a24dbd4b6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.07996Z", "modified": "2026-06-02T15:57:33.07996Z", "relationship_type": "indicates", "source_ref": "indicator--1534c45a-6678-41df-8497-fb6304c95eb9", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--be32dc2e-58d4-4670-b0e0-b1c013f0db67", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.081021Z", "modified": "2026-06-02T15:57:33.081021Z", "relationship_type": "indicates", "source_ref": "indicator--c5797bf6-62f0-4428-b90d-fbc1c38ffca2", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0583094e-5786-4017-be74-d114e29b3463", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.082091Z", "modified": "2026-06-02T15:57:33.082091Z", "relationship_type": "indicates", "source_ref": "indicator--ee6e278c-3a16-473b-86c6-6b580bfec189", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0a7f4dbe-bbe6-4a00-aa5a-6fb55927a3b4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.083179Z", "modified": "2026-06-02T15:57:33.083179Z", "relationship_type": "indicates", "source_ref": "indicator--e9efb553-6b9c-4474-891b-b7fdf8caec69", "target_ref": "malware--ca65381a-a1b4-47a9-8038-d42907522589"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b7c2b8f2-6809-4e18-89a9-eae950a09361", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.084756Z", "modified": "2026-06-02T15:57:33.084756Z", "relationship_type": "indicates", "source_ref": "indicator--81b3c9be-892b-4f83-83c4-fad2171dbaa8", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--92213a2e-1890-4ba8-b186-023aeb1175f4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.085839Z", "modified": "2026-06-02T15:57:33.085839Z", "relationship_type": "indicates", "source_ref": "indicator--ca305c75-5e64-44f7-9bbc-1b114b363349", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--272b8f46-b331-4451-8d4b-ca4ab81952e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.086922Z", "modified": "2026-06-02T15:57:33.086922Z", "relationship_type": "indicates", "source_ref": "indicator--7189d6e3-4de2-4859-8391-a58141a2d2aa", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f394f6b2-2e6f-4eef-acdb-62c3e3f537fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.088013Z", "modified": "2026-06-02T15:57:33.088013Z", "relationship_type": "indicates", "source_ref": "indicator--94d617b9-b5e1-46e8-90a2-ed3c97dce822", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0b3c27fb-755d-4013-99f9-254b8eedf4e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.089087Z", "modified": "2026-06-02T15:57:33.089087Z", "relationship_type": "indicates", "source_ref": "indicator--5a8db330-19a4-4032-a339-fcdc4bffba3e", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e5939875-2cf3-4202-bd1e-57152e34140d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.09016Z", "modified": "2026-06-02T15:57:33.09016Z", "relationship_type": "indicates", "source_ref": "indicator--bce388f6-797a-425a-ab37-1516cd7f0061", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e9b2de37-14fa-4768-8179-5aad78fba157", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.091246Z", "modified": "2026-06-02T15:57:33.091246Z", "relationship_type": "indicates", "source_ref": "indicator--d6454a0a-8494-4ff3-a61c-94eec0297560", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eaddf5e6-6e6d-4d58-8d62-01013411d394", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.09248Z", "modified": "2026-06-02T15:57:33.09248Z", "relationship_type": "indicates", "source_ref": "indicator--d6bbefbf-fdc6-4289-8abf-7e32f5dfef24", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7a9c76df-a6d0-45de-b575-91769c51bf4f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.093559Z", "modified": "2026-06-02T15:57:33.093559Z", "relationship_type": "indicates", "source_ref": "indicator--ab1f6ce8-746d-49a3-b995-3a4b90f683d6", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4181ffba-6cb2-4f3b-8038-fc7148b42a29", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.094632Z", "modified": "2026-06-02T15:57:33.094632Z", "relationship_type": "indicates", "source_ref": "indicator--c3470118-acc3-4335-9d54-beb8902fa0c4", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ac734417-264c-4f8b-b961-22f15ebc5703", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.095722Z", "modified": "2026-06-02T15:57:33.095722Z", "relationship_type": "indicates", "source_ref": "indicator--777d3bc1-1294-4333-bc13-a9eaa37dd78c", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--66cb6504-1da3-4855-9901-edf6a7238692", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.096785Z", "modified": "2026-06-02T15:57:33.096785Z", "relationship_type": "indicates", "source_ref": "indicator--c2b60fae-82c7-44a0-8e55-cf280e7987e4", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0176707a-93c6-47b8-bc3f-f97d4b608f43", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.097849Z", "modified": "2026-06-02T15:57:33.097849Z", "relationship_type": "indicates", "source_ref": "indicator--ccf0e201-41ab-426f-8bf1-ac0bb6e83ad0", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7656d2dd-4bd4-4261-80fe-50f65f8f8ff3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.098907Z", "modified": "2026-06-02T15:57:33.098907Z", "relationship_type": "indicates", "source_ref": "indicator--997ec7f6-38c3-4889-a6ec-8a2a36043d06", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cfe53b9e-680a-478a-9144-667a7c72dffd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.101086Z", "modified": "2026-06-02T15:57:33.101086Z", "relationship_type": "indicates", "source_ref": "indicator--07f38758-05b1-4f36-bf4a-3ac763a4b2a7", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fa04df63-e3c9-4ed4-99a0-a55b308d90e9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.102225Z", "modified": "2026-06-02T15:57:33.102225Z", "relationship_type": "indicates", "source_ref": "indicator--024f4103-5dff-4a52-980e-2a970d2d4102", "target_ref": "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ec456cbe-9e5c-40ff-9743-a664fc84fbc9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.103662Z", "modified": "2026-06-02T15:57:33.103662Z", "relationship_type": "indicates", "source_ref": "indicator--70df1617-9dbb-46d6-957c-d2e3f4d97aec", "target_ref": "malware--e7e4a457-8c36-4541-b068-29e0b2a67c38"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9027d242-3305-4418-b01f-4ceffe88c850", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.104768Z", "modified": "2026-06-02T15:57:33.104768Z", "relationship_type": "indicates", "source_ref": "indicator--de51f723-1a05-40de-9e55-8589de5e1885", "target_ref": "malware--e7e4a457-8c36-4541-b068-29e0b2a67c38"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--05bc161e-5555-431e-a39b-68aa64ffaaee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.10618Z", "modified": "2026-06-02T15:57:33.10618Z", "relationship_type": "indicates", "source_ref": "indicator--a57744f9-4530-4b46-9537-904fe7cf4571", "target_ref": "malware--9c431e34-bd5c-4385-a893-98dfe373cf1c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f5960a54-a22b-4c65-a161-8c7feb9b600b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.107266Z", "modified": "2026-06-02T15:57:33.107266Z", "relationship_type": "indicates", "source_ref": "indicator--c995991d-a58a-4826-bfd1-6ed7ed90e7c1", "target_ref": "malware--9c431e34-bd5c-4385-a893-98dfe373cf1c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--398a09d0-4d73-424d-af5d-797f77192962", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.108805Z", "modified": "2026-06-02T15:57:33.108805Z", "relationship_type": "indicates", "source_ref": "indicator--920d5783-5e98-4b72-9471-58e5c84353d2", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fb872b5b-bee0-4633-b20c-9a616d3b6741", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.109892Z", "modified": "2026-06-02T15:57:33.109892Z", "relationship_type": "indicates", "source_ref": "indicator--dc8c7416-707f-4213-8f9a-a0aaa3267abd", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e8519b53-44bd-4927-b9c6-3266572243fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.110966Z", "modified": "2026-06-02T15:57:33.110966Z", "relationship_type": "indicates", "source_ref": "indicator--fc5c960b-2ff9-454f-8ead-a35022d1cf06", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d66af478-98fe-45d0-acfe-3e6ddd12bd54", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.112047Z", "modified": "2026-06-02T15:57:33.112047Z", "relationship_type": "indicates", "source_ref": "indicator--0eeb89ef-d7d8-4bfb-b319-ebc7326e4e35", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9fd25444-8309-495f-882f-8b22dcf601f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.113108Z", "modified": "2026-06-02T15:57:33.113108Z", "relationship_type": "indicates", "source_ref": "indicator--38079cdc-fa95-4b43-86d8-01e078206c01", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aa028bf6-5bd7-49af-aa37-10ebadebebd0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.114185Z", "modified": "2026-06-02T15:57:33.114185Z", "relationship_type": "indicates", "source_ref": "indicator--7178ce6a-fb97-4ac0-8469-1ee63f10240b", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f15c7965-fb49-4248-8cd2-200756fe93d4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.115258Z", "modified": "2026-06-02T15:57:33.115258Z", "relationship_type": "indicates", "source_ref": "indicator--84da376f-51d8-438e-81f4-ed956d138ad9", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bebbcc28-3815-4191-b802-36888d45e55e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.1165Z", "modified": "2026-06-02T15:57:33.1165Z", "relationship_type": "indicates", "source_ref": "indicator--f7faee18-bc3f-4f87-8585-00da9ce42e4c", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3182f322-c078-47c9-946d-adaba729c13c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.117574Z", "modified": "2026-06-02T15:57:33.117574Z", "relationship_type": "indicates", "source_ref": "indicator--3feeb4ae-13ae-45aa-b713-6c3d6ac46549", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4e210d9f-8ec2-46d3-ad61-bea6fccb3482", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.118649Z", "modified": "2026-06-02T15:57:33.118649Z", "relationship_type": "indicates", "source_ref": "indicator--5a844f7e-413c-4577-9af3-7b6c8941a43f", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c1c02398-3434-4849-a4c0-9f2fab961c20", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.119738Z", "modified": "2026-06-02T15:57:33.119738Z", "relationship_type": "indicates", "source_ref": "indicator--294d0d45-c326-49ed-8849-d0791b83f44b", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0e59cc4e-d1f4-430d-acea-08bb54c86df1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.120807Z", "modified": "2026-06-02T15:57:33.120807Z", "relationship_type": "indicates", "source_ref": "indicator--500e6c41-f1a3-48b0-b962-0ca24bccd970", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e80ed666-cdf5-4dab-bdcd-a7947db841b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.121873Z", "modified": "2026-06-02T15:57:33.121873Z", "relationship_type": "indicates", "source_ref": "indicator--cb9d467a-df3a-4bf2-b93a-840648b7566a", "target_ref": "malware--499903e6-888d-4d8d-9549-8c43f6753805"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--401906cc-533f-4c29-926c-63996efdd974", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.123267Z", "modified": "2026-06-02T15:57:33.123267Z", "relationship_type": "indicates", "source_ref": "indicator--53459526-ffc2-4a9d-80ec-6f9407019110", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9985043d-67e1-44cf-8e76-fa2cf2f52ab9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.124497Z", "modified": "2026-06-02T15:57:33.124497Z", "relationship_type": "indicates", "source_ref": "indicator--43335706-b1a0-4b5a-8a33-53179f7a6b4d", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f17bb5e7-fd85-4b71-ad1b-74cf278991c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.125579Z", "modified": "2026-06-02T15:57:33.125579Z", "relationship_type": "indicates", "source_ref": "indicator--1c905ab4-7a8e-4653-8ebe-34d31f04b64e", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f3314d31-198d-4da9-9b5e-5bd40e7f7dc1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.126643Z", "modified": "2026-06-02T15:57:33.126643Z", "relationship_type": "indicates", "source_ref": "indicator--b86c4d3c-4eae-461f-8953-da504c342127", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--86051319-3958-4ebc-abfa-472c0367d9dc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.12772Z", "modified": "2026-06-02T15:57:33.12772Z", "relationship_type": "indicates", "source_ref": "indicator--8e1406a5-0d5c-490c-9b87-13c7243c878c", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--07328df5-29e6-42fd-bb6e-ec802654ad5d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.128794Z", "modified": "2026-06-02T15:57:33.128794Z", "relationship_type": "indicates", "source_ref": "indicator--198846f1-8cad-463e-841e-29d10365aaf3", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6dd418f4-591f-4ee9-bd6c-9d87e5c6b189", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.129868Z", "modified": "2026-06-02T15:57:33.129868Z", "relationship_type": "indicates", "source_ref": "indicator--a3b5302b-7fac-4a6d-9c79-539232d65ead", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6579b6bf-7835-4670-9bde-31738d190c2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.130939Z", "modified": "2026-06-02T15:57:33.130939Z", "relationship_type": "indicates", "source_ref": "indicator--73f35947-3759-4fb8-870a-d65717953d35", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b19e107c-db40-4796-ba28-1480f1e2f81e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.132185Z", "modified": "2026-06-02T15:57:33.132185Z", "relationship_type": "indicates", "source_ref": "indicator--f4208fc3-1d90-459a-9e08-abe74c31d8f5", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5ca08100-30d1-4e47-bd86-b4c74493b1b4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.133265Z", "modified": "2026-06-02T15:57:33.133265Z", "relationship_type": "indicates", "source_ref": "indicator--3604e7c1-af93-46a5-84bb-4621339caa18", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b41cc550-e618-4c65-8683-306760f5cfef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.134327Z", "modified": "2026-06-02T15:57:33.134327Z", "relationship_type": "indicates", "source_ref": "indicator--7228b62e-7c31-472d-b8d2-6499c7e3b9ca", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e03d037d-aba6-45b4-ad5c-9d46362141fe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.135403Z", "modified": "2026-06-02T15:57:33.135403Z", "relationship_type": "indicates", "source_ref": "indicator--0ec732fd-f301-4413-9709-f52fac7f958d", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dd2be071-1078-42ef-a57b-9aa6a05714ba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.136489Z", "modified": "2026-06-02T15:57:33.136489Z", "relationship_type": "indicates", "source_ref": "indicator--59cbe1eb-34da-4c2b-a377-6da3beae7e3f", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8e260f61-77db-4b60-8fa0-667f5db3be6b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.137561Z", "modified": "2026-06-02T15:57:33.137561Z", "relationship_type": "indicates", "source_ref": "indicator--763abcc1-724d-42dd-aa0c-67e435644dc9", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4cbb3744-df9b-48c7-9654-7869aed2696e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.138621Z", "modified": "2026-06-02T15:57:33.138621Z", "relationship_type": "indicates", "source_ref": "indicator--a6f9aa96-6406-405e-b128-b803b0c75667", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--38291072-5ed8-4229-ad6f-85713ad8b8a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.139846Z", "modified": "2026-06-02T15:57:33.139846Z", "relationship_type": "indicates", "source_ref": "indicator--c4bf8899-2e22-49d9-baa0-fd75bca3b1ca", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2b0350fe-6d88-4a90-b74f-f4aeb175e6b6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.140922Z", "modified": "2026-06-02T15:57:33.140922Z", "relationship_type": "indicates", "source_ref": "indicator--4aee246a-129c-47a5-ac8f-6b00f6e2a0a5", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--714cd0df-56d0-4afc-bba2-f8499b0fdeb5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.141986Z", "modified": "2026-06-02T15:57:33.141986Z", "relationship_type": "indicates", "source_ref": "indicator--e63468c4-ba1c-468a-9165-551b653076b2", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a15e9533-cca1-48d8-a92d-f528d79b1840", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.143055Z", "modified": "2026-06-02T15:57:33.143055Z", "relationship_type": "indicates", "source_ref": "indicator--9d1cea78-01e6-4c8a-afbf-a9ed31787c26", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--37c6b7b0-d138-4254-8abf-057f3355acec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.144147Z", "modified": "2026-06-02T15:57:33.144147Z", "relationship_type": "indicates", "source_ref": "indicator--f8096137-aeda-4ff9-a2ab-d2713fce4e8d", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d3ccb6b9-7ffe-4c3c-aff6-a08622bfe8fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.145238Z", "modified": "2026-06-02T15:57:33.145238Z", "relationship_type": "indicates", "source_ref": "indicator--264920b8-2e73-4089-9ea5-b1ad1899a83f", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3bbaaefb-f1bd-44fa-9aa1-c956b104bb7f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.146305Z", "modified": "2026-06-02T15:57:33.146305Z", "relationship_type": "indicates", "source_ref": "indicator--cc17581e-8703-462d-85d3-3c6ae9e90deb", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3473e907-c15c-4c1f-8c09-f2cd3bbbc5de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.147549Z", "modified": "2026-06-02T15:57:33.147549Z", "relationship_type": "indicates", "source_ref": "indicator--453a2383-5a28-42bb-9833-823498a101f8", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--adadd1d1-d9f4-47f4-9bff-6dc7601dfc03", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.148655Z", "modified": "2026-06-02T15:57:33.148655Z", "relationship_type": "indicates", "source_ref": "indicator--6bca3ddd-15a8-4626-9807-38da66a2eacb", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc4e5209-f3b2-44ec-9097-30c6f08d4206", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.149745Z", "modified": "2026-06-02T15:57:33.149745Z", "relationship_type": "indicates", "source_ref": "indicator--0f562194-efb0-42ff-9992-ba81500d4d2c", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b836752d-2fbb-4686-afd0-34bdda0359ab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.150811Z", "modified": "2026-06-02T15:57:33.150811Z", "relationship_type": "indicates", "source_ref": "indicator--62239dd1-3d78-44eb-a6b9-c3b399d587b7", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2ac97ae3-961f-41f8-99f7-7530e47f213f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.151895Z", "modified": "2026-06-02T15:57:33.151895Z", "relationship_type": "indicates", "source_ref": "indicator--21702f41-9ae9-48b2-9343-2ff5c6c546a4", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--653a9514-af5e-4d5e-83c7-cc2d25b6934a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.152963Z", "modified": "2026-06-02T15:57:33.152963Z", "relationship_type": "indicates", "source_ref": "indicator--eb4624f8-565c-41d1-b6ef-acc57369ffe6", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a1af0e44-4767-4570-bd12-ead3e919168f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.154035Z", "modified": "2026-06-02T15:57:33.154035Z", "relationship_type": "indicates", "source_ref": "indicator--2c956414-b095-4d8f-8fc7-affda194918d", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aaf7fb17-4b5b-4b93-9889-3315b970183f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.155285Z", "modified": "2026-06-02T15:57:33.155285Z", "relationship_type": "indicates", "source_ref": "indicator--26cea547-0039-4ae6-9f1a-af8c58c05f7c", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--001ca5a6-f1da-4172-8ced-c22e035dad26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.156384Z", "modified": "2026-06-02T15:57:33.156384Z", "relationship_type": "indicates", "source_ref": "indicator--03514afd-ecf2-40a5-ba91-8bc35d22429d", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5f4aa784-6abe-4a84-858a-c788f482ea7d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.157458Z", "modified": "2026-06-02T15:57:33.157458Z", "relationship_type": "indicates", "source_ref": "indicator--8f33cc47-abf9-4dfb-9a8d-10305b0b5cb7", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--64800318-19fc-4c0f-aac3-2fafc7bcd046", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.158518Z", "modified": "2026-06-02T15:57:33.158518Z", "relationship_type": "indicates", "source_ref": "indicator--4ce25360-793f-4745-b0e3-25f52b67c198", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--72c6c85a-8e78-4f7a-b69a-6a80c2815404", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.1596Z", "modified": "2026-06-02T15:57:33.1596Z", "relationship_type": "indicates", "source_ref": "indicator--158581bb-2523-4209-8796-35327319fba0", "target_ref": "malware--c9d73e8d-b061-4303-a54e-ff06577d5303"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--efba64aa-e8c6-431e-b19f-d7a09dc6dbc3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.160994Z", "modified": "2026-06-02T15:57:33.160994Z", "relationship_type": "indicates", "source_ref": "indicator--a1461920-12a8-4bea-b1e5-36edde7cf97a", "target_ref": "malware--311e3b9a-a699-4e99-92bd-0315ae109b2d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--53a1862c-3c56-4145-84eb-f2d8a7dc5dc6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.162063Z", "modified": "2026-06-02T15:57:33.162063Z", "relationship_type": "indicates", "source_ref": "indicator--b8b80649-e635-4b73-a94e-77a10b508a34", "target_ref": "malware--311e3b9a-a699-4e99-92bd-0315ae109b2d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--011f0f74-e31c-48d7-92f1-83a6459f2d1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.163297Z", "modified": "2026-06-02T15:57:33.163297Z", "relationship_type": "indicates", "source_ref": "indicator--be26cfd1-9532-4489-bd9b-679905d618de", "target_ref": "malware--311e3b9a-a699-4e99-92bd-0315ae109b2d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bbf655ec-dd86-45e7-ac6e-a831151adc16", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.164434Z", "modified": "2026-06-02T15:57:33.164434Z", "relationship_type": "indicates", "source_ref": "indicator--bc0e4fbe-5254-482f-8cca-9227180787f2", "target_ref": "malware--311e3b9a-a699-4e99-92bd-0315ae109b2d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8a565fb0-7ba5-433d-933b-54e8d96a77e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.165873Z", "modified": "2026-06-02T15:57:33.165873Z", "relationship_type": "indicates", "source_ref": "indicator--83c4b7e4-cf83-4b59-bbd5-e1a0678f7436", "target_ref": "malware--4f20ea30-34d4-409e-a474-20b75c276fa4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b9f9d880-4f25-478c-b6ac-0b6ee4520a30", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.167233Z", "modified": "2026-06-02T15:57:33.167233Z", "relationship_type": "indicates", "source_ref": "indicator--430a2978-591d-4218-8505-566bc2fe198b", "target_ref": "malware--256c8f86-0f4e-450f-a1dc-c2bec1e289bf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e24c78d1-e0ce-49f5-806f-d6f7053b2c24", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.168281Z", "modified": "2026-06-02T15:57:33.168281Z", "relationship_type": "indicates", "source_ref": "indicator--d5a0b712-e923-4fe9-b78b-776140d550a8", "target_ref": "malware--256c8f86-0f4e-450f-a1dc-c2bec1e289bf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4a434557-d037-4018-936f-cf837b841338", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.169648Z", "modified": "2026-06-02T15:57:33.169648Z", "relationship_type": "indicates", "source_ref": "indicator--aa083ea6-cfce-4f0b-9a1e-b57019b7a352", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--76fd1d8e-dd13-4456-adde-a897fe834c10", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.170716Z", "modified": "2026-06-02T15:57:33.170716Z", "relationship_type": "indicates", "source_ref": "indicator--5bb4a51b-7cb6-402f-a8a7-ee7f6f4f0b7b", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5ccd2437-28ff-49c7-9cab-ccdeb0f29cc9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.171972Z", "modified": "2026-06-02T15:57:33.171972Z", "relationship_type": "indicates", "source_ref": "indicator--1b8318a9-af9d-4f77-a70d-c6aa2ca81ca6", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--92a3adc7-0d7c-4a45-8301-e32bed2bb1dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.173048Z", "modified": "2026-06-02T15:57:33.173048Z", "relationship_type": "indicates", "source_ref": "indicator--53aa139c-f2c1-4921-af38-1b7f9e112dd1", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3208dfec-1e6f-4b6d-ac60-d7bba2685de2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.174125Z", "modified": "2026-06-02T15:57:33.174125Z", "relationship_type": "indicates", "source_ref": "indicator--f1bd4345-20f2-446f-8d00-9c5d361be46a", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9f698d07-f295-4f00-b38d-920a32ae17c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.175204Z", "modified": "2026-06-02T15:57:33.175204Z", "relationship_type": "indicates", "source_ref": "indicator--c969d056-8cff-4c79-bed3-90fa5c19ba13", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5e181600-50d0-4d5f-aa67-0fcaae02894b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.176275Z", "modified": "2026-06-02T15:57:33.176275Z", "relationship_type": "indicates", "source_ref": "indicator--763cad50-4807-4786-8fa8-389da06a1e97", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--db659e90-c27f-499f-b656-b16c47f56a2f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.177337Z", "modified": "2026-06-02T15:57:33.177337Z", "relationship_type": "indicates", "source_ref": "indicator--6164c9a8-c28b-48c2-8966-630a01f0a544", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8fbef56b-ffbe-4232-aa84-c7cadb21bb21", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.178544Z", "modified": "2026-06-02T15:57:33.178544Z", "relationship_type": "indicates", "source_ref": "indicator--cb4925ae-5369-4e9b-9823-d030fa53804b", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--46d5f200-cce0-47a5-9a5b-bab01f6d24f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.179644Z", "modified": "2026-06-02T15:57:33.179644Z", "relationship_type": "indicates", "source_ref": "indicator--59db5f8a-7e2d-446b-91a3-ffa9c47468f9", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0acc9043-2642-4762-add7-0d5885e53157", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.180719Z", "modified": "2026-06-02T15:57:33.180719Z", "relationship_type": "indicates", "source_ref": "indicator--7ccdae40-173b-46a7-a25f-a602b5ad4a77", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fb9e6282-dd37-46a7-bbc2-4370cf8377b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.181794Z", "modified": "2026-06-02T15:57:33.181794Z", "relationship_type": "indicates", "source_ref": "indicator--e5aa7ea3-2f24-457a-a86b-7f0ce815e075", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a7b0cf7a-0072-44af-b5a5-afba3c1aaafd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.182867Z", "modified": "2026-06-02T15:57:33.182867Z", "relationship_type": "indicates", "source_ref": "indicator--49e1c55e-3783-4a0d-95b2-941103ad81c8", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d712000e-8e5a-4d16-80ac-9344edbaccef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.183973Z", "modified": "2026-06-02T15:57:33.183973Z", "relationship_type": "indicates", "source_ref": "indicator--b8e55bea-17bf-4932-98c7-903bdc1e5723", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--14a92e49-87f0-44c4-ba78-65b62b18b58d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.185056Z", "modified": "2026-06-02T15:57:33.185056Z", "relationship_type": "indicates", "source_ref": "indicator--9dc2feca-0605-40c6-8f4a-8403c6ac0a81", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2a4fea30-2ab2-4d0c-95f9-316b22011303", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.186289Z", "modified": "2026-06-02T15:57:33.186289Z", "relationship_type": "indicates", "source_ref": "indicator--58ecb03e-ae8e-4c77-8ed2-db20f3b93489", "target_ref": "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9c932393-6314-444b-bdb7-1cca2004a9e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.187679Z", "modified": "2026-06-02T15:57:33.187679Z", "relationship_type": "indicates", "source_ref": "indicator--de7eaf37-0789-429c-87bf-3f5f3746e448", "target_ref": "malware--033f848f-700e-4c4f-af76-e802eaf69b5e"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cd4da6d9-cd20-4e98-a3c5-4c91f869cec7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.18875Z", "modified": "2026-06-02T15:57:33.18875Z", "relationship_type": "indicates", "source_ref": "indicator--a4adf3f7-822f-4cfe-8241-1c9b9ac4e23d", "target_ref": "malware--033f848f-700e-4c4f-af76-e802eaf69b5e"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1655a120-7b4a-4e4a-b4e8-7bbe6f6261d8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.189814Z", "modified": "2026-06-02T15:57:33.189814Z", "relationship_type": "indicates", "source_ref": "indicator--142db0d8-7f7a-4071-a81b-e2049fde844c", "target_ref": "malware--033f848f-700e-4c4f-af76-e802eaf69b5e"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7f486797-7987-4ff4-877a-cc1b08e59e50", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.191195Z", "modified": "2026-06-02T15:57:33.191195Z", "relationship_type": "indicates", "source_ref": "indicator--0b288537-6c87-4228-b210-037d1a57bf40", "target_ref": "malware--08233d9f-925d-4150-8de5-5117a0118a00"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eb31fdcf-1823-4f32-9c95-61cebd8cd12d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.192262Z", "modified": "2026-06-02T15:57:33.192262Z", "relationship_type": "indicates", "source_ref": "indicator--dfbd31ca-bf9f-43ea-b51d-b65329a2b27a", "target_ref": "malware--08233d9f-925d-4150-8de5-5117a0118a00"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d7bb5684-525e-4de0-b008-a60b89639eff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.193351Z", "modified": "2026-06-02T15:57:33.193351Z", "relationship_type": "indicates", "source_ref": "indicator--f1382133-87ba-4aa6-adcf-3a2e64a04651", "target_ref": "malware--08233d9f-925d-4150-8de5-5117a0118a00"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7a16b8fb-bdc8-4a71-a60c-601ff5bc7a5d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.195794Z", "modified": "2026-06-02T15:57:33.195794Z", "relationship_type": "indicates", "source_ref": "indicator--d30d3db9-cd32-402d-9366-9230551208bc", "target_ref": "malware--08233d9f-925d-4150-8de5-5117a0118a00"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b4499dbd-ff38-4cf7-9106-cb127b0b1809", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.19734Z", "modified": "2026-06-02T15:57:33.19734Z", "relationship_type": "indicates", "source_ref": "indicator--3f02b850-5556-441d-b813-253caa5e06fe", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--930b1264-2f6c-4dbf-89a9-6c006d13d364", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.198501Z", "modified": "2026-06-02T15:57:33.198501Z", "relationship_type": "indicates", "source_ref": "indicator--07bfe55f-ceb2-4c71-9eb1-263f0fd0a5ac", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9bb6a42e-517e-45d7-b159-c72c9a028907", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.199646Z", "modified": "2026-06-02T15:57:33.199646Z", "relationship_type": "indicates", "source_ref": "indicator--8e8d0fa8-a906-4d9f-9660-27164eac55df", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--83707d3c-a27c-43ce-b94c-17785195bca1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.200754Z", "modified": "2026-06-02T15:57:33.200754Z", "relationship_type": "indicates", "source_ref": "indicator--9ab19e93-d810-4c07-8155-ad56da2a4bbf", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7f79eb4d-1948-4ad1-af18-8f3103e50339", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.201846Z", "modified": "2026-06-02T15:57:33.201846Z", "relationship_type": "indicates", "source_ref": "indicator--ecc910e1-101c-4c9e-84ac-71a1e3054bea", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2790f771-4329-4ba4-9fce-21ea939e93c7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.20293Z", "modified": "2026-06-02T15:57:33.20293Z", "relationship_type": "indicates", "source_ref": "indicator--77eeab27-277e-4a27-92a0-09cec350f4a7", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4d54f10a-d124-41cd-ae89-4e4fbffaa80b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.204224Z", "modified": "2026-06-02T15:57:33.204224Z", "relationship_type": "indicates", "source_ref": "indicator--a17dbfa7-1362-4b4c-a7d5-46ac688d05f1", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--839d4e5e-ce04-4595-a24a-a18d7fdb30e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.205317Z", "modified": "2026-06-02T15:57:33.205317Z", "relationship_type": "indicates", "source_ref": "indicator--3ccf5067-42e7-498f-8d40-f1f0fa0ba594", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bc2c2211-7600-4125-8023-faea78cdc2e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.206396Z", "modified": "2026-06-02T15:57:33.206396Z", "relationship_type": "indicates", "source_ref": "indicator--fa7f6e08-3deb-4333-ad6a-bd5e272d0879", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8d92e076-4189-4d15-be91-79f7dcdcb52b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.207487Z", "modified": "2026-06-02T15:57:33.207487Z", "relationship_type": "indicates", "source_ref": "indicator--d3d72f80-7c9a-4f54-9251-5359f5892307", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--baed6a13-8f2f-43c8-b6e5-66e2b876e912", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.208588Z", "modified": "2026-06-02T15:57:33.208588Z", "relationship_type": "indicates", "source_ref": "indicator--64c0de04-23fe-4ced-998d-82e3a19f7ea7", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c01f37cf-99d8-47f1-8c7f-be453f214b5d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.209659Z", "modified": "2026-06-02T15:57:33.209659Z", "relationship_type": "indicates", "source_ref": "indicator--ba6c51cd-09f4-4073-86c8-455b7e198dcf", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3387ec2b-70ba-460f-8b64-0549be221304", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.210893Z", "modified": "2026-06-02T15:57:33.210893Z", "relationship_type": "indicates", "source_ref": "indicator--cc1e365e-d51c-4c41-ba09-1798e680af60", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ddb6754c-4c76-4923-ba71-6451039a418f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.212001Z", "modified": "2026-06-02T15:57:33.212001Z", "relationship_type": "indicates", "source_ref": "indicator--f2bcbeec-6970-4209-ba3b-f52df02cc0c4", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e77cd55b-e18c-4349-bed1-3c85b99dd47c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.213077Z", "modified": "2026-06-02T15:57:33.213077Z", "relationship_type": "indicates", "source_ref": "indicator--aec18a9b-ff6d-45c2-ace5-90cb4fe83c9c", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5cb92ee4-a349-4dc4-a874-1725bf322c0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.214148Z", "modified": "2026-06-02T15:57:33.214148Z", "relationship_type": "indicates", "source_ref": "indicator--bc860fc8-3a4e-4004-954f-5d26a9c9a7b9", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1845247f-6355-4715-ac22-2459c7529292", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.215244Z", "modified": "2026-06-02T15:57:33.215244Z", "relationship_type": "indicates", "source_ref": "indicator--d297e239-90ec-41a8-9a06-d436ce5effee", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3a6d3919-1f45-4b99-89f6-60961f79fe45", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.216321Z", "modified": "2026-06-02T15:57:33.216321Z", "relationship_type": "indicates", "source_ref": "indicator--20cf2285-3421-4274-a2df-d72c6f21132f", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--20c238d1-ab5f-4922-8c72-e50f1884ab61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.217401Z", "modified": "2026-06-02T15:57:33.217401Z", "relationship_type": "indicates", "source_ref": "indicator--959abcbd-690d-42ec-876c-bf2154f1c2ba", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--20645816-3a34-4415-8a72-a1576b3bf8e5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.218633Z", "modified": "2026-06-02T15:57:33.218633Z", "relationship_type": "indicates", "source_ref": "indicator--2a4212c6-bdeb-4c85-bb95-425422dfd62c", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--91f5bc66-2cc1-4a5f-a63c-f5a2315a81e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.219741Z", "modified": "2026-06-02T15:57:33.219741Z", "relationship_type": "indicates", "source_ref": "indicator--4d3a78d7-f6b6-4c33-9e6b-4d8c1fa47120", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ff7dbd75-0685-4501-a409-1dae846c4579", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.220814Z", "modified": "2026-06-02T15:57:33.220814Z", "relationship_type": "indicates", "source_ref": "indicator--b2cf1308-e100-41c0-833a-195487547475", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d83c4aa9-f268-4d19-b1ad-7131b141ecd2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.2219Z", "modified": "2026-06-02T15:57:33.2219Z", "relationship_type": "indicates", "source_ref": "indicator--1bba3f78-7aa9-42e2-a051-47d7ab6eda89", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eecc7c1f-74c9-44e6-a4f0-246d5aba7644", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.222968Z", "modified": "2026-06-02T15:57:33.222968Z", "relationship_type": "indicates", "source_ref": "indicator--d62757c7-e6ef-464d-b9ba-8929630d03ab", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--35d1a862-e3ea-4f12-acd5-59d8fdceda49", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.224053Z", "modified": "2026-06-02T15:57:33.224053Z", "relationship_type": "indicates", "source_ref": "indicator--826f441d-c04d-4ba4-8db5-190d7f425af4", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b03b51c2-3833-4bcc-b12c-69b9653c2fd8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.225129Z", "modified": "2026-06-02T15:57:33.225129Z", "relationship_type": "indicates", "source_ref": "indicator--d673ae74-5eb6-4ba1-9a4f-cc329f936559", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1b72dd78-e687-4687-badf-427b9eb9c5f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.226403Z", "modified": "2026-06-02T15:57:33.226403Z", "relationship_type": "indicates", "source_ref": "indicator--593227a8-fb67-4a08-9aa2-e62abc93db1a", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5d04a9e5-5d66-490a-843c-a010b41eac9e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.227512Z", "modified": "2026-06-02T15:57:33.227512Z", "relationship_type": "indicates", "source_ref": "indicator--5c7362cb-d9f8-48e6-8703-7be3a6437d9e", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d53ec462-d8ba-4f56-9ff9-81e5327cf094", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.228616Z", "modified": "2026-06-02T15:57:33.228616Z", "relationship_type": "indicates", "source_ref": "indicator--5cb5f05f-1bed-4634-9c42-529074697602", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ff398409-0b6e-4f72-9d22-a7e7c906edea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.229688Z", "modified": "2026-06-02T15:57:33.229688Z", "relationship_type": "indicates", "source_ref": "indicator--c1fdd69f-57fe-479c-9853-c2df1e18d178", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1e63925b-04e3-4e81-9fca-c1435227e705", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.230757Z", "modified": "2026-06-02T15:57:33.230757Z", "relationship_type": "indicates", "source_ref": "indicator--46204182-eb0f-4a5b-ad64-7d2018390dba", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8c8caa6b-01d2-4c32-95f2-59f07b2c4f73", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.231843Z", "modified": "2026-06-02T15:57:33.231843Z", "relationship_type": "indicates", "source_ref": "indicator--6155919b-f30d-4b1f-ac68-33be8d291b6a", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e0c46af2-2cd7-4a65-8c90-6ea31692610f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.232919Z", "modified": "2026-06-02T15:57:33.232919Z", "relationship_type": "indicates", "source_ref": "indicator--5dd8301a-6ebd-42ba-8d02-8634496141db", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0e0e3a07-1e22-443d-aaeb-a5993654847b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.234155Z", "modified": "2026-06-02T15:57:33.234155Z", "relationship_type": "indicates", "source_ref": "indicator--204d5116-edf2-4f5d-841f-8098d6a40eec", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0e85b39d-06ab-41f2-931a-5f5c68cbdd89", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.235251Z", "modified": "2026-06-02T15:57:33.235251Z", "relationship_type": "indicates", "source_ref": "indicator--fbfad77d-1656-4c66-802b-de2672c81c58", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c6f907f8-a29a-4d47-bafa-7f4eaf41f8e7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.236339Z", "modified": "2026-06-02T15:57:33.236339Z", "relationship_type": "indicates", "source_ref": "indicator--389fa7db-c88e-4a66-876c-2acad3edde7a", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a8873d07-5ddd-4a2f-8cde-ac682b192b2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.237416Z", "modified": "2026-06-02T15:57:33.237416Z", "relationship_type": "indicates", "source_ref": "indicator--1107c84b-ad05-4037-8a5b-d214206db789", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6d289256-2339-49e6-b2a9-aaf4033cab0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.238483Z", "modified": "2026-06-02T15:57:33.238483Z", "relationship_type": "indicates", "source_ref": "indicator--c4f52709-1a8f-4f11-8f49-3d87df53e517", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--569ee7bf-f3c1-49f9-aa00-9706f12e365c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.239563Z", "modified": "2026-06-02T15:57:33.239563Z", "relationship_type": "indicates", "source_ref": "indicator--b8a35385-2d20-40d3-b7a7-3b1048e9fe89", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--492884b0-5395-45d3-b066-99a0921bf643", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.240634Z", "modified": "2026-06-02T15:57:33.240634Z", "relationship_type": "indicates", "source_ref": "indicator--d1fb77f4-fbc2-4f99-bdb9-6bcea82a834b", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f88a9846-0c58-44e3-aed7-a4209a749326", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.241855Z", "modified": "2026-06-02T15:57:33.241855Z", "relationship_type": "indicates", "source_ref": "indicator--c76eec43-2d6d-43b1-a975-b9ac1de28068", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ee8d025f-600c-4b42-9d52-8f420ca3762f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.242935Z", "modified": "2026-06-02T15:57:33.242935Z", "relationship_type": "indicates", "source_ref": "indicator--c696aa1a-3f17-4535-9b64-a8f78e06aee3", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--be1a15ea-af82-43ce-9f26-0dfc907535fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.244014Z", "modified": "2026-06-02T15:57:33.244014Z", "relationship_type": "indicates", "source_ref": "indicator--08a4346c-fd31-4aa5-95e5-9a70fb86b4f3", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8e94f3ba-b92d-4c2c-a5ff-e23b09233948", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.245081Z", "modified": "2026-06-02T15:57:33.245081Z", "relationship_type": "indicates", "source_ref": "indicator--ca7aadc2-b544-4925-bb67-d8e7e4ddb4f3", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7dbf1238-2252-4d1a-be54-63393da7e96e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.246158Z", "modified": "2026-06-02T15:57:33.246158Z", "relationship_type": "indicates", "source_ref": "indicator--efe7ba1d-63d7-47e4-bc78-9c3ae7d025ae", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9e4a3c3c-59ec-4f23-9c02-431b2d426a21", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.247241Z", "modified": "2026-06-02T15:57:33.247241Z", "relationship_type": "indicates", "source_ref": "indicator--5e69d3e2-23df-45b5-a818-87b0eef37ddf", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a008749f-619e-42c9-aa97-fa9935977b64", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.248343Z", "modified": "2026-06-02T15:57:33.248343Z", "relationship_type": "indicates", "source_ref": "indicator--da702c53-602f-4667-b7ab-36af03429b91", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--661f9b07-188b-43e0-a9a5-7508fbbd43bc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.249581Z", "modified": "2026-06-02T15:57:33.249581Z", "relationship_type": "indicates", "source_ref": "indicator--47116902-1366-4540-b519-61df37895683", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bf7b6df1-041e-49fd-8d43-3d8cc87d1039", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.250669Z", "modified": "2026-06-02T15:57:33.250669Z", "relationship_type": "indicates", "source_ref": "indicator--b0f6d330-6a6b-41b2-bdef-aa31a12bdcda", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f375e5a-3b65-498d-96bf-03ae7fa77f72", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.251757Z", "modified": "2026-06-02T15:57:33.251757Z", "relationship_type": "indicates", "source_ref": "indicator--fda040ad-6f15-43e1-b22e-0aa194c1ff75", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7c9db0ae-8eba-4f14-9b2c-14c74d77bfd8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.252843Z", "modified": "2026-06-02T15:57:33.252843Z", "relationship_type": "indicates", "source_ref": "indicator--d84bb83e-44d3-4d07-adbc-1b0206ecf470", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cbd16dbf-cdb7-4ec7-a760-9a960e7e33df", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.253912Z", "modified": "2026-06-02T15:57:33.253912Z", "relationship_type": "indicates", "source_ref": "indicator--146ede5f-d955-4e2c-ae86-77741fadedb1", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fc50c280-c164-4f78-9ef5-b551dc21df21", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.254974Z", "modified": "2026-06-02T15:57:33.254974Z", "relationship_type": "indicates", "source_ref": "indicator--1e5b7829-d888-42f2-8e1d-115ff0004d60", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--75f2bccb-3df2-46f8-b8fe-6340da83a4dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.256058Z", "modified": "2026-06-02T15:57:33.256058Z", "relationship_type": "indicates", "source_ref": "indicator--6a9a561b-dcf9-4ff4-93bf-909aeca09204", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--055372e2-4b78-41a7-a2d6-1f2ba0e32495", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.257284Z", "modified": "2026-06-02T15:57:33.257284Z", "relationship_type": "indicates", "source_ref": "indicator--dc23bcd5-f977-4ec7-9945-9eb10188fe0a", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c2e059fa-a091-4c1d-ad63-2ec2db18f95f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.258398Z", "modified": "2026-06-02T15:57:33.258398Z", "relationship_type": "indicates", "source_ref": "indicator--ffa15484-0d27-46ce-aeec-4db3a050c578", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--88dcde49-4680-4b42-a65c-4ccdefa829c1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.259523Z", "modified": "2026-06-02T15:57:33.259523Z", "relationship_type": "indicates", "source_ref": "indicator--f3491631-bafb-481a-baab-d7bc368ea1b0", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--763753a4-1c49-4eec-8e1c-00ac46a5dab2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.260599Z", "modified": "2026-06-02T15:57:33.260599Z", "relationship_type": "indicates", "source_ref": "indicator--5cd50b77-7f0e-4a9a-b8ae-ac4b03d88568", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a36f776c-406b-4610-bf99-393c1479e2ec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.261676Z", "modified": "2026-06-02T15:57:33.261676Z", "relationship_type": "indicates", "source_ref": "indicator--eecb382b-7451-4200-9378-90d08ca56b6c", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--35c7ee1f-cbdc-43bb-8b1f-805db6102ae3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.262741Z", "modified": "2026-06-02T15:57:33.262741Z", "relationship_type": "indicates", "source_ref": "indicator--9507b556-4faa-421f-b3a0-31b7953ec956", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e0e6089d-bd4d-4839-9c30-ecc67f3def53", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.263827Z", "modified": "2026-06-02T15:57:33.263827Z", "relationship_type": "indicates", "source_ref": "indicator--1500af58-784a-45f5-a1ea-16c79fd0e9c4", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1ef6196c-5f3f-4257-b15e-a08c3b26d5bc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.265051Z", "modified": "2026-06-02T15:57:33.265051Z", "relationship_type": "indicates", "source_ref": "indicator--8d44817e-67af-462d-9b2f-92859dc5f5ea", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f04736b-d209-4742-86e3-f036637788e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.26613Z", "modified": "2026-06-02T15:57:33.26613Z", "relationship_type": "indicates", "source_ref": "indicator--294a90a3-0f1f-47ee-8a64-9019d57b26b1", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b17e5520-1c34-414b-ae0c-77a9e89085c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.267209Z", "modified": "2026-06-02T15:57:33.267209Z", "relationship_type": "indicates", "source_ref": "indicator--153e469b-c310-4334-adbb-7f78f39a4e00", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ba0f4aa3-490d-42f3-8066-63dc51cfa515", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.268281Z", "modified": "2026-06-02T15:57:33.268281Z", "relationship_type": "indicates", "source_ref": "indicator--5f41b96d-d2e9-4e7a-a7da-be952ebf9f57", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--641d812f-ac95-4e4d-866a-90b2e428befe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.269349Z", "modified": "2026-06-02T15:57:33.269349Z", "relationship_type": "indicates", "source_ref": "indicator--8cf21c9c-f8bc-4ebe-9469-621ec51417cd", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aaa3e60b-00ef-4b95-a407-8e5af6f98658", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.27042Z", "modified": "2026-06-02T15:57:33.27042Z", "relationship_type": "indicates", "source_ref": "indicator--9dbb2858-854d-489a-8b61-937b92b4d5db", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--68547101-2da0-48b5-b677-17242bd9b51f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.271507Z", "modified": "2026-06-02T15:57:33.271507Z", "relationship_type": "indicates", "source_ref": "indicator--aea46f38-7e74-4acc-909e-e1f9c674a5af", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ff0af8c4-7fef-448e-9bf1-db1047980e22", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.272739Z", "modified": "2026-06-02T15:57:33.272739Z", "relationship_type": "indicates", "source_ref": "indicator--6005211e-0997-4de0-a648-136e607bacc0", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ab4d3ba6-9442-40f3-b4d6-0e40c64d438b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.273819Z", "modified": "2026-06-02T15:57:33.273819Z", "relationship_type": "indicates", "source_ref": "indicator--11e54716-bdec-4b9a-9b07-4753670731c3", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e2ec83ff-0c4f-4dd9-95ce-f6b4c6b01763", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.274886Z", "modified": "2026-06-02T15:57:33.274886Z", "relationship_type": "indicates", "source_ref": "indicator--8b87aff9-46f8-434b-8f0d-39869e80aeb7", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2ef5aa0a-afed-4c00-9278-c81acde2b8e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.275985Z", "modified": "2026-06-02T15:57:33.275985Z", "relationship_type": "indicates", "source_ref": "indicator--d16b75ff-89f0-4721-8412-becd8ea4c6a8", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c432999a-1c1a-4978-902f-5c89654be61c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.277056Z", "modified": "2026-06-02T15:57:33.277056Z", "relationship_type": "indicates", "source_ref": "indicator--ff3a78cb-33eb-416b-954b-cf495ec6f9d4", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3daefe0d-a86d-4c80-9231-2ca6b58d474f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.278129Z", "modified": "2026-06-02T15:57:33.278129Z", "relationship_type": "indicates", "source_ref": "indicator--b2b7de67-2525-4567-a819-58448765b91e", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--43bf5448-37c7-4b12-945a-5e2ed67abb1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.279206Z", "modified": "2026-06-02T15:57:33.279206Z", "relationship_type": "indicates", "source_ref": "indicator--f76fa54f-629d-4d17-8d2e-c514ad1be722", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3c7ba5f2-f11c-4e3e-84e4-1bee39308742", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.28043Z", "modified": "2026-06-02T15:57:33.28043Z", "relationship_type": "indicates", "source_ref": "indicator--d48c3fb2-d400-4353-bfc8-46baaa2ed859", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1c589551-511a-4635-9c30-50f0e88fea30", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.281535Z", "modified": "2026-06-02T15:57:33.281535Z", "relationship_type": "indicates", "source_ref": "indicator--3ffec4c4-99eb-4f48-b15a-12e19a6174a8", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e70d6ef3-aef4-4086-b56e-6b1dc19f22e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.282613Z", "modified": "2026-06-02T15:57:33.282613Z", "relationship_type": "indicates", "source_ref": "indicator--5efd44df-a035-4cda-8b90-3c8e5556dbed", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ff2d9a24-2cde-4cef-91ab-435139ff3d33", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.283706Z", "modified": "2026-06-02T15:57:33.283706Z", "relationship_type": "indicates", "source_ref": "indicator--8327f4b1-701f-4f73-8952-b593e88aac46", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc1fe550-f8bb-4603-9a05-fb6d4b4ff2e9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.2848Z", "modified": "2026-06-02T15:57:33.2848Z", "relationship_type": "indicates", "source_ref": "indicator--cacd13ef-c183-4d4f-9fc1-05e914a6857e", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d8959eb8-e0a1-4708-9574-c92d35d22177", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.285869Z", "modified": "2026-06-02T15:57:33.285869Z", "relationship_type": "indicates", "source_ref": "indicator--bfdc035b-33e5-40e3-ad78-0ba8b2593832", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4e8da83f-3ab9-45f6-b30d-a4a8820cfb5d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.286944Z", "modified": "2026-06-02T15:57:33.286944Z", "relationship_type": "indicates", "source_ref": "indicator--06deb98e-e286-4592-bf39-c545b49951ed", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9ff2bbfd-9591-4c73-8b80-6e7c111d91a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.289221Z", "modified": "2026-06-02T15:57:33.289221Z", "relationship_type": "indicates", "source_ref": "indicator--0cc193c5-f6a8-4b1c-9dd9-d908fae38eee", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef147b7f-086d-4050-a9d7-c7b690c8c215", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.29039Z", "modified": "2026-06-02T15:57:33.29039Z", "relationship_type": "indicates", "source_ref": "indicator--df7bd3eb-a43f-4f12-b58e-ce9d3a99727d", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7cc0b87a-5a7f-45cd-98f0-de2d50fb317c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.291518Z", "modified": "2026-06-02T15:57:33.291518Z", "relationship_type": "indicates", "source_ref": "indicator--ba2ab8f3-6542-41e8-8470-a69d75c6607a", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--62ac3675-74f9-4a9b-9f9d-30da3963562f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.292632Z", "modified": "2026-06-02T15:57:33.292632Z", "relationship_type": "indicates", "source_ref": "indicator--76a2751d-1736-45df-847a-70e63e47766a", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d8f7f6a9-e230-43b3-9883-0a4120b35d92", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.293732Z", "modified": "2026-06-02T15:57:33.293732Z", "relationship_type": "indicates", "source_ref": "indicator--a696f52e-530e-4cce-84be-56119c735b45", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8c186ba6-66ae-488c-b218-dcf568653805", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.294822Z", "modified": "2026-06-02T15:57:33.294822Z", "relationship_type": "indicates", "source_ref": "indicator--6eafa64d-cf96-46e7-9b2d-c6695e6cfc4a", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ee5df312-0b61-4c14-90d1-832199678ba9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.295919Z", "modified": "2026-06-02T15:57:33.295919Z", "relationship_type": "indicates", "source_ref": "indicator--51f6cf00-9f74-4998-859e-d358cc1b676a", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3cd05688-c502-4fd1-b571-db11a7d0408a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.297168Z", "modified": "2026-06-02T15:57:33.297168Z", "relationship_type": "indicates", "source_ref": "indicator--affa46e6-e106-4413-817d-5db443088f24", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--78432ac4-9743-4d8b-a544-63ccf21de616", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.298259Z", "modified": "2026-06-02T15:57:33.298259Z", "relationship_type": "indicates", "source_ref": "indicator--3ed88852-06ed-41b9-ad59-26ba9486547e", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7b293bc2-1bbf-4928-9e0f-b596dc71ad96", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.29935Z", "modified": "2026-06-02T15:57:33.29935Z", "relationship_type": "indicates", "source_ref": "indicator--9ca8e5c0-6d4d-45cd-b834-759df3fd9a33", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c8b6c9a5-424b-4565-954a-1f16cc699826", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.300426Z", "modified": "2026-06-02T15:57:33.300426Z", "relationship_type": "indicates", "source_ref": "indicator--4ace8957-d045-4358-9e1b-447553d5ada4", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8a3b5474-9f75-41f9-8454-22a12740c03b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.301505Z", "modified": "2026-06-02T15:57:33.301505Z", "relationship_type": "indicates", "source_ref": "indicator--0275d688-4300-43df-b2cd-8dd59572e21e", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ab66772f-485c-40c3-8ee3-65126942cc69", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.302568Z", "modified": "2026-06-02T15:57:33.302568Z", "relationship_type": "indicates", "source_ref": "indicator--05778730-5ec1-4ced-90de-bff76f8e2b58", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5af322db-b7bf-4406-bd83-ef8d26d4178c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.303664Z", "modified": "2026-06-02T15:57:33.303664Z", "relationship_type": "indicates", "source_ref": "indicator--050da53a-67c1-4283-b189-ec6d7fb3d238", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a31f5b87-3629-4487-adb2-6e2068de89aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.304912Z", "modified": "2026-06-02T15:57:33.304912Z", "relationship_type": "indicates", "source_ref": "indicator--4cb026f6-f7f7-4b2a-b552-a48ffce295b1", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9f10f4bb-5d4b-4397-b930-6f8c47e58c26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.306007Z", "modified": "2026-06-02T15:57:33.306007Z", "relationship_type": "indicates", "source_ref": "indicator--a7877e9f-109b-44d8-91fe-b2165be33936", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--36b0da3c-b8bb-4ed3-af05-106e78fa41c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.307078Z", "modified": "2026-06-02T15:57:33.307078Z", "relationship_type": "indicates", "source_ref": "indicator--29e6776b-9da6-496b-a7ac-624f9406f334", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--560495d7-b1d0-478e-82f1-db2407162961", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.308174Z", "modified": "2026-06-02T15:57:33.308174Z", "relationship_type": "indicates", "source_ref": "indicator--2f23dbbc-6cdd-4dd6-a9b7-921a08fca5fa", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3fa1e34d-70a4-4414-baed-6f578cbc6dc2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.309254Z", "modified": "2026-06-02T15:57:33.309254Z", "relationship_type": "indicates", "source_ref": "indicator--8cf0d119-baba-4db0-a5de-a985a1d27d62", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cd36a5b6-4797-4457-82a1-42a734115314", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.310332Z", "modified": "2026-06-02T15:57:33.310332Z", "relationship_type": "indicates", "source_ref": "indicator--3ad5c901-b2e2-4ab5-9e64-fe945caf8db4", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2998e373-f193-4f2a-932c-05d625f59384", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.311415Z", "modified": "2026-06-02T15:57:33.311415Z", "relationship_type": "indicates", "source_ref": "indicator--06ed6b3e-3797-4869-aad0-2bdce03cc8fb", "target_ref": "malware--af7f4cf8-351b-419a-b693-c30cebdb73de"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e499246d-5da8-4fec-98d2-b96e034049c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.312938Z", "modified": "2026-06-02T15:57:33.312938Z", "relationship_type": "indicates", "source_ref": "indicator--af5fc7ee-ccca-4c8a-af8e-a2a33b82174c", "target_ref": "malware--1f15d1df-83bb-40fc-886f-481572848476"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7ad4d3ed-32cd-46d0-b6b3-594d01543bb8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.314025Z", "modified": "2026-06-02T15:57:33.314025Z", "relationship_type": "indicates", "source_ref": "indicator--400d8470-ddcc-4f51-90f1-1f59ec28d37b", "target_ref": "malware--1f15d1df-83bb-40fc-886f-481572848476"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8b0ad798-c914-4e78-a75f-bc2deb11c9a3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.315098Z", "modified": "2026-06-02T15:57:33.315098Z", "relationship_type": "indicates", "source_ref": "indicator--973fd72c-8c0c-40ae-acbb-1d3880aca2b3", "target_ref": "malware--1f15d1df-83bb-40fc-886f-481572848476"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8e2a12cc-14f6-43ab-a9b2-4a53fe5ec83a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.316195Z", "modified": "2026-06-02T15:57:33.316195Z", "relationship_type": "indicates", "source_ref": "indicator--b65b7c35-1860-44e3-baca-3f332ba570d9", "target_ref": "malware--1f15d1df-83bb-40fc-886f-481572848476"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aa028f57-9a24-466b-904d-5da0e9cf2e39", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.317669Z", "modified": "2026-06-02T15:57:33.317669Z", "relationship_type": "indicates", "source_ref": "indicator--514cda70-58db-4496-8021-046a4dd67b9d", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--99333926-f11a-4350-b762-7b27618765a3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.318803Z", "modified": "2026-06-02T15:57:33.318803Z", "relationship_type": "indicates", "source_ref": "indicator--6bf0ca41-0818-4c6c-a67a-873444e7f490", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e95da2f6-4dad-4d90-ac84-c7878d9fba1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.31995Z", "modified": "2026-06-02T15:57:33.31995Z", "relationship_type": "indicates", "source_ref": "indicator--d7f30b57-bd3b-4b37-9c8a-5107d4cd460e", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eec55010-499a-4fb8-852b-01f4e7236ed9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.321208Z", "modified": "2026-06-02T15:57:33.321208Z", "relationship_type": "indicates", "source_ref": "indicator--02a579e2-c810-41e2-9e4c-db3a6148bb09", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8d72026b-8add-46e4-9465-3d9572ae5462", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.322296Z", "modified": "2026-06-02T15:57:33.322296Z", "relationship_type": "indicates", "source_ref": "indicator--d4db404e-3cc7-4687-9b87-270ea8ad4ec1", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a235cb9c-b1ae-4a31-80a5-edf1eb480d49", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.323395Z", "modified": "2026-06-02T15:57:33.323395Z", "relationship_type": "indicates", "source_ref": "indicator--edb85e6e-6570-4c66-9aaf-1af2d3135b8d", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--45f4a409-e347-4794-8853-68bcfd9c0848", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.324499Z", "modified": "2026-06-02T15:57:33.324499Z", "relationship_type": "indicates", "source_ref": "indicator--cdad2ab8-87a3-4711-9685-e4dadd069266", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--17d8c49c-1c1b-4b28-a2de-76c2b3e2e896", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.325592Z", "modified": "2026-06-02T15:57:33.325592Z", "relationship_type": "indicates", "source_ref": "indicator--9f292259-c54e-4a8c-97d0-fb4ac8a77ec2", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7b70b2b1-058a-42f2-b914-033335ee3fa9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.326665Z", "modified": "2026-06-02T15:57:33.326665Z", "relationship_type": "indicates", "source_ref": "indicator--b183d4f9-5698-406b-8cfd-794ea0279c02", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3d2eca5e-bcae-415b-ac1c-0cd74833b952", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.327756Z", "modified": "2026-06-02T15:57:33.327756Z", "relationship_type": "indicates", "source_ref": "indicator--d48d9a92-4639-44e0-8b68-338d121f78ab", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--11218c45-4f07-41c2-a572-b6341eba0be7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.329162Z", "modified": "2026-06-02T15:57:33.329162Z", "relationship_type": "indicates", "source_ref": "indicator--85819067-6eda-47b5-9928-d939f71f3172", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dd9a5b13-1b2e-4b4c-89b7-c5d7cce6df56", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.3303Z", "modified": "2026-06-02T15:57:33.3303Z", "relationship_type": "indicates", "source_ref": "indicator--d883343c-2979-478a-8b2f-86effe3aac76", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d399553f-bfe5-4d1b-9740-cfcb6c48f7df", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.331456Z", "modified": "2026-06-02T15:57:33.331456Z", "relationship_type": "indicates", "source_ref": "indicator--1e31b88f-2f8e-4159-a19d-359b3c7b5c62", "target_ref": "malware--7ec6ead0-df30-4c4c-9627-068538985824"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8d9ace1a-6bb3-4418-a0ea-c352e31108a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.332895Z", "modified": "2026-06-02T15:57:33.332895Z", "relationship_type": "indicates", "source_ref": "indicator--737c1906-44e2-49cc-93ad-aa963c1ddbbf", "target_ref": "malware--51692bc1-8bf5-4bda-89c2-471e2f6f5ff2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef86188d-acaf-4c66-a085-dd5feffb6441", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.334011Z", "modified": "2026-06-02T15:57:33.334011Z", "relationship_type": "indicates", "source_ref": "indicator--7fe62066-ff4a-4e68-be36-fc789589a676", "target_ref": "malware--51692bc1-8bf5-4bda-89c2-471e2f6f5ff2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--51299664-d410-4695-a81d-5c1876f65ad3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.335094Z", "modified": "2026-06-02T15:57:33.335094Z", "relationship_type": "indicates", "source_ref": "indicator--4b9e8eed-e161-4e74-9292-955803a5c03b", "target_ref": "malware--51692bc1-8bf5-4bda-89c2-471e2f6f5ff2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6c70b74f-7f7a-4607-8ca5-7638648b0289", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.336291Z", "modified": "2026-06-02T15:57:33.336291Z", "relationship_type": "indicates", "source_ref": "indicator--34fffc26-f1d6-4fd2-94de-3f3793f4a11d", "target_ref": "malware--51692bc1-8bf5-4bda-89c2-471e2f6f5ff2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8f170794-306b-4a1b-9bc8-d295c6467c46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.337668Z", "modified": "2026-06-02T15:57:33.337668Z", "relationship_type": "indicates", "source_ref": "indicator--2898aff4-f31a-42b7-a4d6-ad79b96ed56f", "target_ref": "malware--51692bc1-8bf5-4bda-89c2-471e2f6f5ff2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0f4f8c50-0ae2-4a1f-9a24-4e83fa956913", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.339119Z", "modified": "2026-06-02T15:57:33.339119Z", "relationship_type": "indicates", "source_ref": "indicator--7d1abd0d-c8de-445c-a21c-7aefc5c194ca", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8eb76e0d-6cfe-4695-9557-cbc3d53611a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.340214Z", "modified": "2026-06-02T15:57:33.340214Z", "relationship_type": "indicates", "source_ref": "indicator--7ec50f1a-24e2-4a7d-b6ba-dc280f6338ba", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--39d2c786-167a-419f-9a7c-bb06dfbe00dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.341291Z", "modified": "2026-06-02T15:57:33.341291Z", "relationship_type": "indicates", "source_ref": "indicator--c2bc1832-5459-41e1-a868-3447710a0e31", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e1a8d546-0612-42bb-afab-c76ceceb61e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.342364Z", "modified": "2026-06-02T15:57:33.342364Z", "relationship_type": "indicates", "source_ref": "indicator--a84d751d-c1b2-4a49-af48-f6f95f976942", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5c180a62-729a-4cea-89c1-34cf2c4e08e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.343452Z", "modified": "2026-06-02T15:57:33.343452Z", "relationship_type": "indicates", "source_ref": "indicator--cf72b901-962e-48f9-933e-191d90efe005", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--114e6fea-e33b-4a6b-b69e-632a5c2e8055", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.34453Z", "modified": "2026-06-02T15:57:33.34453Z", "relationship_type": "indicates", "source_ref": "indicator--6f2d260f-d333-4965-ad86-3bf84758db26", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3f5a0810-5fa5-4abb-93e9-3549a73bb447", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.345769Z", "modified": "2026-06-02T15:57:33.345769Z", "relationship_type": "indicates", "source_ref": "indicator--c5833aa3-3f8b-473a-b8ea-17c7f113f1a1", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--711cc622-d472-4211-9f67-18d0ce09091a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.346842Z", "modified": "2026-06-02T15:57:33.346842Z", "relationship_type": "indicates", "source_ref": "indicator--81b2ce67-3965-42b5-bb0e-51eea4f72aff", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--17befcad-cc87-4f3d-a4d9-97760291dbdd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.34793Z", "modified": "2026-06-02T15:57:33.34793Z", "relationship_type": "indicates", "source_ref": "indicator--cd72ced0-5e44-43c9-88aa-eb10ab9cdba8", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--62785fb6-b44c-416a-8164-300b08841d26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.349025Z", "modified": "2026-06-02T15:57:33.349025Z", "relationship_type": "indicates", "source_ref": "indicator--47df91e0-ae6a-485b-9ae7-c6c15d668767", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4c4760d2-9aee-449c-b62b-267812500305", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.350115Z", "modified": "2026-06-02T15:57:33.350115Z", "relationship_type": "indicates", "source_ref": "indicator--691e27c0-87ae-46db-940e-6c397cb88551", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--985cb01e-e338-40f2-a73f-8fb653ce55d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.3512Z", "modified": "2026-06-02T15:57:33.3512Z", "relationship_type": "indicates", "source_ref": "indicator--ba69f945-8760-4a17-8912-abed24d1a35e", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--be5bf08a-bfb8-48dc-810a-445b56edc8ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.352432Z", "modified": "2026-06-02T15:57:33.352432Z", "relationship_type": "indicates", "source_ref": "indicator--50ad775c-d8bc-443c-897c-f535e99da7ad", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ce4f5dba-ceff-4fcc-9752-81d16f7b46ea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.353518Z", "modified": "2026-06-02T15:57:33.353518Z", "relationship_type": "indicates", "source_ref": "indicator--29e8f16f-84d3-4283-b604-b806a998de05", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--65b69d93-4c1e-4e52-b025-ab66edb65240", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.354589Z", "modified": "2026-06-02T15:57:33.354589Z", "relationship_type": "indicates", "source_ref": "indicator--6d570513-f9eb-4265-a127-6a7144b8aebe", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e7cc6970-ca2d-463a-90b7-13b6945ad681", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.355677Z", "modified": "2026-06-02T15:57:33.355677Z", "relationship_type": "indicates", "source_ref": "indicator--152619df-f583-44d3-8af5-5974bdaa6df8", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8eef67e2-6ecf-4d5d-a9ca-3d164c2764fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.356774Z", "modified": "2026-06-02T15:57:33.356774Z", "relationship_type": "indicates", "source_ref": "indicator--32e1448c-1c8a-49a5-9fa5-63dba88c19c1", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4c72c4eb-0965-4f76-9bea-cfaf415f33f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.357858Z", "modified": "2026-06-02T15:57:33.357858Z", "relationship_type": "indicates", "source_ref": "indicator--da606670-146e-4c5a-bcad-efcffed26074", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0481a7f9-23f0-4d39-936d-38c4d86ea176", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.358925Z", "modified": "2026-06-02T15:57:33.358925Z", "relationship_type": "indicates", "source_ref": "indicator--25c94285-4e54-4d9f-9eef-ce8f72a39af5", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--06106db4-738a-497c-96c1-c04e84c67075", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.360171Z", "modified": "2026-06-02T15:57:33.360171Z", "relationship_type": "indicates", "source_ref": "indicator--990c8545-0279-422d-be42-167762d3c6c8", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--73d8fe18-9ec1-4d0a-be43-cb6315ec9285", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.361256Z", "modified": "2026-06-02T15:57:33.361256Z", "relationship_type": "indicates", "source_ref": "indicator--8ec3a094-cc7d-48a8-822e-5613eb711ab6", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3755d8f2-8018-4cff-a8ef-01b89b1c7ec5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.362331Z", "modified": "2026-06-02T15:57:33.362331Z", "relationship_type": "indicates", "source_ref": "indicator--33a5f86c-9bf3-4aba-a666-397659416b33", "target_ref": "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--450184be-1066-44ae-ac64-2d85fc220799", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.36373Z", "modified": "2026-06-02T15:57:33.36373Z", "relationship_type": "indicates", "source_ref": "indicator--454fafba-63d2-4725-8c1d-3f59e3566385", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c1f54572-c602-42c3-86fe-412128bd113a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.364805Z", "modified": "2026-06-02T15:57:33.364805Z", "relationship_type": "indicates", "source_ref": "indicator--6982037b-7d60-45f0-9e1c-3701aa372077", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cd082c97-50f6-416a-a05e-a27ac0562ef0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.36588Z", "modified": "2026-06-02T15:57:33.36588Z", "relationship_type": "indicates", "source_ref": "indicator--4b646361-1eb3-4f83-930a-fc88c831d608", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--216eeff9-fc7c-4862-9564-280a9aaf0bca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.366958Z", "modified": "2026-06-02T15:57:33.366958Z", "relationship_type": "indicates", "source_ref": "indicator--b564e5bf-5aff-40f1-a903-24d2ab04355b", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f1c4faa2-d995-4adb-bd47-05e6b7735aba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.368221Z", "modified": "2026-06-02T15:57:33.368221Z", "relationship_type": "indicates", "source_ref": "indicator--f7b0828d-de34-415f-a021-e1fde9dbbd47", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bceae17d-cfac-4d37-9c68-15d506d2ad31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.369309Z", "modified": "2026-06-02T15:57:33.369309Z", "relationship_type": "indicates", "source_ref": "indicator--3d503d16-6c46-400c-9cea-975fbf0f36cc", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--94e9fc58-034b-492f-8bdb-1f050a493554", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.370393Z", "modified": "2026-06-02T15:57:33.370393Z", "relationship_type": "indicates", "source_ref": "indicator--29589c15-b94b-4c4d-ad29-d0a06c9b4bad", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1ee05e82-f05f-444a-996a-547d14d9d843", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.371487Z", "modified": "2026-06-02T15:57:33.371487Z", "relationship_type": "indicates", "source_ref": "indicator--309bdf8b-0b1e-4a63-b78a-4d045b0bf3a7", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b05bf316-6863-460d-829d-c9a30bfc2109", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.372566Z", "modified": "2026-06-02T15:57:33.372566Z", "relationship_type": "indicates", "source_ref": "indicator--0fe0bfe3-3c5b-43a1-9c92-a1882c731671", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4cdb4bc6-b4df-4ca0-ab36-cd34cdcc1cc4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.373667Z", "modified": "2026-06-02T15:57:33.373667Z", "relationship_type": "indicates", "source_ref": "indicator--3de3b769-15ab-42d8-a6e3-33173ce57edb", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--51ca70f8-65a5-4ca1-823c-949aa4979467", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.374773Z", "modified": "2026-06-02T15:57:33.374773Z", "relationship_type": "indicates", "source_ref": "indicator--b37a7aa5-b1ac-4059-9325-a47b19761119", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3bf57043-7959-4ed1-98d4-6b7f94c8a35a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.376021Z", "modified": "2026-06-02T15:57:33.376021Z", "relationship_type": "indicates", "source_ref": "indicator--263d07e7-1477-4cf9-83ea-433af63ac9a4", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--77100d9a-4f01-4877-9cf3-12c4ee915f4d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.377102Z", "modified": "2026-06-02T15:57:33.377102Z", "relationship_type": "indicates", "source_ref": "indicator--45bf62da-3a0b-48c3-9ec2-d913842f7e2d", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7e4ba806-cd9d-4f86-9667-4a869b22d44b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.378173Z", "modified": "2026-06-02T15:57:33.378173Z", "relationship_type": "indicates", "source_ref": "indicator--6908d8a5-6b6c-442f-bd7d-f87d20940ff3", "target_ref": "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d7b5d1e2-7816-45f7-a133-f33f9e898083", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.379566Z", "modified": "2026-06-02T15:57:33.379566Z", "relationship_type": "indicates", "source_ref": "indicator--b9f3e2ce-3171-4e7e-a775-7f8b474ba20d", "target_ref": "malware--98837265-0f98-4152-bb0a-fec841286748"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--75868281-a816-4c0a-815d-bbdfaaa3071e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.380646Z", "modified": "2026-06-02T15:57:33.380646Z", "relationship_type": "indicates", "source_ref": "indicator--e5776629-7a48-4db5-abcb-f865c940b3af", "target_ref": "malware--98837265-0f98-4152-bb0a-fec841286748"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4a33fbf8-23a6-4242-9890-6b354b4026c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.38172Z", "modified": "2026-06-02T15:57:33.38172Z", "relationship_type": "indicates", "source_ref": "indicator--07d89ae4-edae-471e-a37d-aaf501968bba", "target_ref": "malware--98837265-0f98-4152-bb0a-fec841286748"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--87ea1b17-da52-4fac-9507-4f265de2d815", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.382791Z", "modified": "2026-06-02T15:57:33.382791Z", "relationship_type": "indicates", "source_ref": "indicator--b283f3ca-5a4a-40f5-a933-58130c2afcf2", "target_ref": "malware--98837265-0f98-4152-bb0a-fec841286748"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--37827265-c838-4fc3-bf2d-159494318320", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.385109Z", "modified": "2026-06-02T15:57:33.385109Z", "relationship_type": "indicates", "source_ref": "indicator--e3acfd62-2650-4112-a7d7-02ed84b73e39", "target_ref": "malware--98837265-0f98-4152-bb0a-fec841286748"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3a224858-5904-4982-b840-aab8b2ffb371", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.386287Z", "modified": "2026-06-02T15:57:33.386287Z", "relationship_type": "indicates", "source_ref": "indicator--9ca7da2e-f4eb-44c3-a224-e86403aae3ef", "target_ref": "malware--98837265-0f98-4152-bb0a-fec841286748"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b3af5a5c-8298-4f22-9989-dbb2873ce323", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.387463Z", "modified": "2026-06-02T15:57:33.387463Z", "relationship_type": "indicates", "source_ref": "indicator--ce207983-a3b0-493e-bd8a-f1217200cf6f", "target_ref": "malware--98837265-0f98-4152-bb0a-fec841286748"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--10d594b3-66e9-4b4a-8ecf-194925b0869a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.388572Z", "modified": "2026-06-02T15:57:33.388572Z", "relationship_type": "indicates", "source_ref": "indicator--eda1ceba-543a-46e7-8ebf-67a43f30cbbf", "target_ref": "malware--98837265-0f98-4152-bb0a-fec841286748"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--27cd7bf1-f991-4983-8362-186134576e30", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.38966Z", "modified": "2026-06-02T15:57:33.38966Z", "relationship_type": "indicates", "source_ref": "indicator--f15548b5-43d4-4071-9625-138425b054a9", "target_ref": "malware--98837265-0f98-4152-bb0a-fec841286748"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--835eac7f-0372-4924-a751-522e0471e209", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.390742Z", "modified": "2026-06-02T15:57:33.390742Z", "relationship_type": "indicates", "source_ref": "indicator--729a500e-59f9-400f-9fd3-261c1912f1af", "target_ref": "malware--98837265-0f98-4152-bb0a-fec841286748"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--461f4c14-629b-4882-bb9a-d5d0dbfbc8c2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.391833Z", "modified": "2026-06-02T15:57:33.391833Z", "relationship_type": "indicates", "source_ref": "indicator--96eec20f-8d64-4c76-8251-21a50d9c8a1a", "target_ref": "malware--98837265-0f98-4152-bb0a-fec841286748"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8de991e3-2da2-425d-94db-64c29ea70382", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.393395Z", "modified": "2026-06-02T15:57:33.393395Z", "relationship_type": "indicates", "source_ref": "indicator--75efad43-6b70-42b4-a2bd-9afb60da37de", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b05daba0-7ad0-46a8-bc4c-7457d38b0477", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.394478Z", "modified": "2026-06-02T15:57:33.394478Z", "relationship_type": "indicates", "source_ref": "indicator--22893554-746a-40f9-b140-d34106bd09b3", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eba44935-4a66-40fd-9e06-30b50b5c33e8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.395594Z", "modified": "2026-06-02T15:57:33.395594Z", "relationship_type": "indicates", "source_ref": "indicator--182ce899-e448-4493-a174-eb335f9951d7", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fc75b882-13b6-4b8e-aa28-647ed89b3ebc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.396675Z", "modified": "2026-06-02T15:57:33.396675Z", "relationship_type": "indicates", "source_ref": "indicator--de09ee80-19ad-4bb1-9e94-a06970d62439", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a15fe21f-dd20-4672-93d0-44bb672a975a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.397747Z", "modified": "2026-06-02T15:57:33.397747Z", "relationship_type": "indicates", "source_ref": "indicator--1b5df231-1853-4561-95be-50cd74f8cc62", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d31dcf3b-24f5-44b2-9049-58685a6f666f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.398827Z", "modified": "2026-06-02T15:57:33.398827Z", "relationship_type": "indicates", "source_ref": "indicator--9f08a9e2-41ef-4ba6-a065-b361cce55efb", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a5357931-8d3d-4218-bab8-87afc7ca9159", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.399923Z", "modified": "2026-06-02T15:57:33.399923Z", "relationship_type": "indicates", "source_ref": "indicator--d668b1a2-1aaa-43f1-8b89-4a31808fe2cc", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--85a86926-4867-4e66-9010-192f280ccc48", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.402103Z", "modified": "2026-06-02T15:57:33.402103Z", "relationship_type": "indicates", "source_ref": "indicator--a574313b-5523-4623-ab66-13bcfaa50ba0", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e7e2b640-d9c9-4eef-9099-2832dcb1dc6e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.404794Z", "modified": "2026-06-02T15:57:33.404794Z", "relationship_type": "indicates", "source_ref": "indicator--1ee8159e-e9b4-4823-8ad2-1f2b6065681a", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a9fc7093-e402-4699-a0d4-8fa719c9bc45", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.406163Z", "modified": "2026-06-02T15:57:33.406163Z", "relationship_type": "indicates", "source_ref": "indicator--6edbd14e-a0f6-42ea-a741-6f7cdfaed3f3", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--17b25f9d-0311-4202-b633-1fdc67964bfe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.407444Z", "modified": "2026-06-02T15:57:33.407444Z", "relationship_type": "indicates", "source_ref": "indicator--18329c33-8e11-4a5b-9509-3faff12dd373", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--943cf922-ba42-49b4-a808-93c566645a1b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.408635Z", "modified": "2026-06-02T15:57:33.408635Z", "relationship_type": "indicates", "source_ref": "indicator--402afad3-3391-4847-bfbc-4f90fd522bdc", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1afb08e1-d0cf-4c33-901e-0c24521f2c16", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.409785Z", "modified": "2026-06-02T15:57:33.409785Z", "relationship_type": "indicates", "source_ref": "indicator--115362c6-25ac-4858-bf7c-431536a98403", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5b371b58-12d9-42ab-8987-ad7d35819c0c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.41091Z", "modified": "2026-06-02T15:57:33.41091Z", "relationship_type": "indicates", "source_ref": "indicator--d78981eb-eaf3-4e4c-80ad-7b70eaa9aaf9", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8fcb92c9-4819-48eb-95b6-a20c5254b1ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.412227Z", "modified": "2026-06-02T15:57:33.412227Z", "relationship_type": "indicates", "source_ref": "indicator--c2b6aed7-6804-4c84-97a4-a12b5e5da7fd", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3efc1391-a185-48c9-957f-a81e6f1fc354", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.413325Z", "modified": "2026-06-02T15:57:33.413325Z", "relationship_type": "indicates", "source_ref": "indicator--9069cb40-1400-4cf2-9bfa-76cfa01b9aec", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1d6822a7-7cef-47f6-9051-82dae9902890", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.414419Z", "modified": "2026-06-02T15:57:33.414419Z", "relationship_type": "indicates", "source_ref": "indicator--ada291ea-31c1-487e-b7bb-cace28b8c0ed", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--36a3e6cb-989b-43f3-bd43-d15473d2b331", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.415524Z", "modified": "2026-06-02T15:57:33.415524Z", "relationship_type": "indicates", "source_ref": "indicator--9c0b7e97-55df-476b-a6b7-1a750cb54426", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f75c84f4-12cb-4601-8f17-c14327e9bdba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.416619Z", "modified": "2026-06-02T15:57:33.416619Z", "relationship_type": "indicates", "source_ref": "indicator--f75c0acc-4278-49a5-a0fb-1a5bb8864f1a", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e542cea2-6445-46ca-93ff-ce44f86c6948", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.4177Z", "modified": "2026-06-02T15:57:33.4177Z", "relationship_type": "indicates", "source_ref": "indicator--47c2c410-63c9-487c-b078-475dee7f5401", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5e4e308f-ab55-4ae3-9185-ddc0150f3b63", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.418785Z", "modified": "2026-06-02T15:57:33.418785Z", "relationship_type": "indicates", "source_ref": "indicator--137b48c1-c877-4f95-9a5f-cb919d479448", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--07560729-0f04-4261-b07c-4faaaa6e9aaa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.420065Z", "modified": "2026-06-02T15:57:33.420065Z", "relationship_type": "indicates", "source_ref": "indicator--dede0167-c7ff-4ae4-9893-ee1f5d019c3c", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--804461c1-6dcd-4b60-888f-43c9d5ca5361", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.421161Z", "modified": "2026-06-02T15:57:33.421161Z", "relationship_type": "indicates", "source_ref": "indicator--b01cdada-e01b-4965-891c-4ea6cacfc626", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--60fcc483-e88b-464e-aa70-fb0cb5b9016f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.422241Z", "modified": "2026-06-02T15:57:33.422241Z", "relationship_type": "indicates", "source_ref": "indicator--4847da32-6341-4fe5-9d69-f51f850c1d29", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--022aa70a-6627-4a7e-8ddd-d8142aa709e7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.423329Z", "modified": "2026-06-02T15:57:33.423329Z", "relationship_type": "indicates", "source_ref": "indicator--d59bda03-7cd6-4f2a-bccf-3f022c022e20", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5c4b70a5-408e-4b83-a3d0-fe6d3534d800", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.424406Z", "modified": "2026-06-02T15:57:33.424406Z", "relationship_type": "indicates", "source_ref": "indicator--c41b7f49-93f2-426d-b71b-f27e395c081e", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7396cdfe-14bb-46e4-bfaa-137ce95bb490", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.425483Z", "modified": "2026-06-02T15:57:33.425483Z", "relationship_type": "indicates", "source_ref": "indicator--7a0cecf1-cab3-4469-8ee5-15466998a857", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--20bee001-799c-4ed8-8860-3ed8f89a9a45", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.426561Z", "modified": "2026-06-02T15:57:33.426561Z", "relationship_type": "indicates", "source_ref": "indicator--d9ae177f-4442-4adf-be15-af2fb50cd0d7", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dd3eb4f1-cae7-41e7-808f-a7b695ad5cf3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.427819Z", "modified": "2026-06-02T15:57:33.427819Z", "relationship_type": "indicates", "source_ref": "indicator--0c288a9b-43ad-4f30-b915-8dd057647fa2", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f98e4709-4d4e-4ee4-81ee-cb567910e875", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.428903Z", "modified": "2026-06-02T15:57:33.428903Z", "relationship_type": "indicates", "source_ref": "indicator--aa313154-5f62-41d9-b1a3-6097fc0ede3c", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c23dbd98-ceb8-4c0e-b170-65b00612d39a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.429988Z", "modified": "2026-06-02T15:57:33.429988Z", "relationship_type": "indicates", "source_ref": "indicator--344e4685-2b84-4d8d-8153-8c0d8cdc90cc", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--52b2fede-bc58-4dd3-8cba-bf6a3d7b6073", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.431133Z", "modified": "2026-06-02T15:57:33.431133Z", "relationship_type": "indicates", "source_ref": "indicator--231e0366-65fe-4ecf-9543-833554c2d3ab", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--654a715c-1594-4488-a3fd-7b8c7d39dd0d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.432231Z", "modified": "2026-06-02T15:57:33.432231Z", "relationship_type": "indicates", "source_ref": "indicator--c46e62a7-3e43-4b39-9f16-60d476bdaaa0", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c4fae698-934f-48a5-bd3d-f5a228396197", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.433323Z", "modified": "2026-06-02T15:57:33.433323Z", "relationship_type": "indicates", "source_ref": "indicator--c5793bc3-b939-4483-8226-86fa9782b324", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b839ad11-b7b9-4798-9f1e-fd80d4c40bc9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.434392Z", "modified": "2026-06-02T15:57:33.434392Z", "relationship_type": "indicates", "source_ref": "indicator--535c5de1-e4f2-4dce-8052-7770627d9b8e", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1828742d-409c-4e93-96b6-92bf6d3ef3a4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.435649Z", "modified": "2026-06-02T15:57:33.435649Z", "relationship_type": "indicates", "source_ref": "indicator--6aeca9f9-8b7b-452a-8e41-ac2a8f32d7b5", "target_ref": "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--323fbdbd-1a86-4abb-b0f1-3aae6d95e8a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.437028Z", "modified": "2026-06-02T15:57:33.437028Z", "relationship_type": "indicates", "source_ref": "indicator--95f88ea9-2d65-46dd-b66f-eca6225e4347", "target_ref": "malware--15211aa2-69b0-4854-a89f-1a70cb5cf1fd"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4872070c-977f-400a-b15b-19d0d63daff8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.438399Z", "modified": "2026-06-02T15:57:33.438399Z", "relationship_type": "indicates", "source_ref": "indicator--4a5fbb04-151c-4476-960f-17ce121e6017", "target_ref": "malware--1a75a2e3-6683-48ab-932f-ca091c82b6c6"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e58ccecf-bb87-4980-858a-eba35124dfda", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.439512Z", "modified": "2026-06-02T15:57:33.439512Z", "relationship_type": "indicates", "source_ref": "indicator--36c5c124-021d-405f-9b3d-495c2525f505", "target_ref": "malware--1a75a2e3-6683-48ab-932f-ca091c82b6c6"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e4364386-481e-440f-9456-edffd8f8a716", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.441485Z", "modified": "2026-06-02T15:57:33.441485Z", "relationship_type": "indicates", "source_ref": "indicator--f8e34347-547d-427e-b243-08f666b43e32", "target_ref": "malware--1a75a2e3-6683-48ab-932f-ca091c82b6c6"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f487aa71-8c11-403a-928a-aaadf176d38b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.442969Z", "modified": "2026-06-02T15:57:33.442969Z", "relationship_type": "indicates", "source_ref": "indicator--608ebb34-8b14-43e2-b9fd-680c308500ce", "target_ref": "malware--dc9ea46b-b274-4038-99fd-c61319e96162"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f3b44bb9-71b0-4add-bc4c-271cc4672196", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.444296Z", "modified": "2026-06-02T15:57:33.444296Z", "relationship_type": "indicates", "source_ref": "indicator--1ea3a474-54db-45cc-9c26-36f1a47969ed", "target_ref": "malware--dc9ea46b-b274-4038-99fd-c61319e96162"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--052b1ba9-1473-41f4-8836-4661115e5934", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.445415Z", "modified": "2026-06-02T15:57:33.445415Z", "relationship_type": "indicates", "source_ref": "indicator--81ba5a2e-7e61-41cf-ba1c-af45e81ba726", "target_ref": "malware--dc9ea46b-b274-4038-99fd-c61319e96162"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7ac86398-a993-49c3-9f00-987a38da6c8f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.446501Z", "modified": "2026-06-02T15:57:33.446501Z", "relationship_type": "indicates", "source_ref": "indicator--b5ec2c10-1844-4234-9487-5a1b0e108104", "target_ref": "malware--dc9ea46b-b274-4038-99fd-c61319e96162"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9a58773c-a24b-46f2-a493-edaa93450235", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.447608Z", "modified": "2026-06-02T15:57:33.447608Z", "relationship_type": "indicates", "source_ref": "indicator--77a80772-48dd-4f81-b058-a405dbde2900", "target_ref": "malware--dc9ea46b-b274-4038-99fd-c61319e96162"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--50cfa2e3-43c8-4586-8405-7dd1a19d6b18", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.448697Z", "modified": "2026-06-02T15:57:33.448697Z", "relationship_type": "indicates", "source_ref": "indicator--18d1ac69-085e-4f7b-aa97-95c4a3d813aa", "target_ref": "malware--dc9ea46b-b274-4038-99fd-c61319e96162"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e975fbc1-f569-4e2a-8b70-76651f2ec0bb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.449788Z", "modified": "2026-06-02T15:57:33.449788Z", "relationship_type": "indicates", "source_ref": "indicator--55c69568-c9ac-4468-b7cb-8c9e2d0da820", "target_ref": "malware--dc9ea46b-b274-4038-99fd-c61319e96162"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2db6a00d-4153-4e73-a2d8-9a81528b9990", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.450871Z", "modified": "2026-06-02T15:57:33.450871Z", "relationship_type": "indicates", "source_ref": "indicator--03e8d00d-0ff4-4174-b23a-4c18754232e1", "target_ref": "malware--dc9ea46b-b274-4038-99fd-c61319e96162"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e597a7b0-afed-4387-893b-53fe17bf7aec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.452447Z", "modified": "2026-06-02T15:57:33.452447Z", "relationship_type": "indicates", "source_ref": "indicator--294f2bc0-ebb2-43d2-94d1-4eeb6133d73b", "target_ref": "malware--e276c33d-8078-4c1a-a70f-570644328914"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8fed8c0e-097e-4c71-85a9-0f4fd867b287", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.45353Z", "modified": "2026-06-02T15:57:33.45353Z", "relationship_type": "indicates", "source_ref": "indicator--aaca950f-9024-4df7-bfbd-73d687ce45a2", "target_ref": "malware--e276c33d-8078-4c1a-a70f-570644328914"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2a565af7-d8fa-4b1e-bec4-aefcfadd5b32", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.454631Z", "modified": "2026-06-02T15:57:33.454631Z", "relationship_type": "indicates", "source_ref": "indicator--427de524-877f-4bd9-b85b-2058000c7ca0", "target_ref": "malware--e276c33d-8078-4c1a-a70f-570644328914"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8d1a4e98-fff2-4859-ac1f-264e5ce1c94a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.455984Z", "modified": "2026-06-02T15:57:33.455984Z", "relationship_type": "indicates", "source_ref": "indicator--de1365bb-9578-4943-98f2-8c20e326ae8a", "target_ref": "malware--38103490-5fc4-4c54-96df-f98dd6bbf562"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d6741c64-0642-43e9-bc2c-59e36e9154fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.45701Z", "modified": "2026-06-02T15:57:33.45701Z", "relationship_type": "indicates", "source_ref": "indicator--a3cbc5ea-e75e-4617-878f-a28933d870f6", "target_ref": "malware--38103490-5fc4-4c54-96df-f98dd6bbf562"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b34704ab-764a-424f-9e45-8b68c0e65d57", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.458029Z", "modified": "2026-06-02T15:57:33.458029Z", "relationship_type": "indicates", "source_ref": "indicator--2b277a61-d5a3-4ab0-83fc-3320b4883ac6", "target_ref": "malware--38103490-5fc4-4c54-96df-f98dd6bbf562"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--28294a0e-1a39-432b-a75f-52eb924e1474", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.459045Z", "modified": "2026-06-02T15:57:33.459045Z", "relationship_type": "indicates", "source_ref": "indicator--5a2d07b4-a2b8-474a-8579-444e6bd5816f", "target_ref": "malware--38103490-5fc4-4c54-96df-f98dd6bbf562"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b2c72a72-64bb-40f8-9006-7b2467a5f5e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.460228Z", "modified": "2026-06-02T15:57:33.460228Z", "relationship_type": "indicates", "source_ref": "indicator--6a8510aa-cff6-41ce-b18e-7a6efcd67bc4", "target_ref": "malware--38103490-5fc4-4c54-96df-f98dd6bbf562"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--97f3ce7d-6681-4c34-bad4-d7a184076575", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.46125Z", "modified": "2026-06-02T15:57:33.46125Z", "relationship_type": "indicates", "source_ref": "indicator--c55c23cc-90e6-4139-b539-c56d804bd4a6", "target_ref": "malware--38103490-5fc4-4c54-96df-f98dd6bbf562"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--89cd47a1-6664-4972-942c-4f179f788e27", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.462263Z", "modified": "2026-06-02T15:57:33.462263Z", "relationship_type": "indicates", "source_ref": "indicator--a3fd7a6a-ef30-4c00-9e42-5b0b2a666278", "target_ref": "malware--38103490-5fc4-4c54-96df-f98dd6bbf562"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--693a84fc-d17d-46f2-86d8-3176dd88fe46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.463298Z", "modified": "2026-06-02T15:57:33.463298Z", "relationship_type": "indicates", "source_ref": "indicator--926c9c28-bdb1-44b3-a43c-b2171a552656", "target_ref": "malware--38103490-5fc4-4c54-96df-f98dd6bbf562"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9b630cac-1bd5-4a49-96c9-ada7a5ed839d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.464315Z", "modified": "2026-06-02T15:57:33.464315Z", "relationship_type": "indicates", "source_ref": "indicator--1bf3807c-834c-4e17-8a61-5cf2ecb3e993", "target_ref": "malware--38103490-5fc4-4c54-96df-f98dd6bbf562"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--42334386-f08b-4eef-9dcd-f206de9293bb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.465321Z", "modified": "2026-06-02T15:57:33.465321Z", "relationship_type": "indicates", "source_ref": "indicator--f700bfe7-6c8f-4919-9c76-68d37da774f2", "target_ref": "malware--38103490-5fc4-4c54-96df-f98dd6bbf562"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e145bb13-2734-4e7c-b7e5-4f21e05eb048", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.466644Z", "modified": "2026-06-02T15:57:33.466644Z", "relationship_type": "indicates", "source_ref": "indicator--7f4384b1-1e2f-41b3-befb-86aa4e060697", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--37ac6ae9-5331-4c4f-99f5-ce5718172edb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.467848Z", "modified": "2026-06-02T15:57:33.467848Z", "relationship_type": "indicates", "source_ref": "indicator--8a72a1d8-6498-4358-88e2-e969d02598f8", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aa048954-f521-4c50-a155-d6d17305d361", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.468957Z", "modified": "2026-06-02T15:57:33.468957Z", "relationship_type": "indicates", "source_ref": "indicator--ea5a76cd-c01e-4f8b-ade2-ad3ebb1b1ee6", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f4f5527f-230c-4270-a18a-4745e751df8d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.470046Z", "modified": "2026-06-02T15:57:33.470046Z", "relationship_type": "indicates", "source_ref": "indicator--0606c075-dc7a-498c-a15d-a151b8b3b7a1", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b45d31eb-76e5-4f79-af9d-357577c48623", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.471156Z", "modified": "2026-06-02T15:57:33.471156Z", "relationship_type": "indicates", "source_ref": "indicator--f2594480-b9e0-4137-847e-9346b32c30d8", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--22f9bb82-02ea-4355-a887-f98fffc512a0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.472259Z", "modified": "2026-06-02T15:57:33.472259Z", "relationship_type": "indicates", "source_ref": "indicator--2f63c747-b591-446f-a128-9c3d05d3c6a6", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--75f2b13f-fc55-4539-8cee-fc714782f1fe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.473357Z", "modified": "2026-06-02T15:57:33.473357Z", "relationship_type": "indicates", "source_ref": "indicator--b93cf189-132f-4618-b26e-c5d5d161134b", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--47f2e6a5-d0dc-451f-a4e5-41e21f647e20", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.474428Z", "modified": "2026-06-02T15:57:33.474428Z", "relationship_type": "indicates", "source_ref": "indicator--06fb5913-f3b1-439a-b040-05226634e23c", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--455ba546-a8bc-4bc2-8b18-6e937e817226", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.475707Z", "modified": "2026-06-02T15:57:33.475707Z", "relationship_type": "indicates", "source_ref": "indicator--caa693e5-a7f5-4c89-b796-93b810f7778e", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a7c238b2-034c-431f-9c9c-4553e01b4114", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.476792Z", "modified": "2026-06-02T15:57:33.476792Z", "relationship_type": "indicates", "source_ref": "indicator--8a45d31a-c773-4e37-96b0-3a364bdf9a04", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e8f0d0ff-7e4e-4b2e-b3d3-99bd5a413d71", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.478099Z", "modified": "2026-06-02T15:57:33.478099Z", "relationship_type": "indicates", "source_ref": "indicator--126207e7-08d6-4fa7-82a8-25554c83ee66", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9fa38136-c8b6-4b29-8dc1-8538b1e2de72", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.479373Z", "modified": "2026-06-02T15:57:33.479373Z", "relationship_type": "indicates", "source_ref": "indicator--c8232e58-6cfe-4491-85ec-ed29cd4677c1", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--50b5e60e-8fec-4836-8be3-1a82eaca7739", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.480581Z", "modified": "2026-06-02T15:57:33.480581Z", "relationship_type": "indicates", "source_ref": "indicator--c025e9b0-075b-4a7a-b1af-b66f46f2552f", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ba6a39b9-dcff-4bb1-8368-bc91a31daef4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.481789Z", "modified": "2026-06-02T15:57:33.481789Z", "relationship_type": "indicates", "source_ref": "indicator--1d5bd2ff-2849-4a88-8d13-8b018e74aa69", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d366e8c3-09c2-4900-9ab4-d6bbe6721c03", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.482941Z", "modified": "2026-06-02T15:57:33.482941Z", "relationship_type": "indicates", "source_ref": "indicator--de7a4f99-8f38-4a5d-b607-dc23a72d37b2", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--94547420-951f-4799-9dc4-0358e0270c49", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.485342Z", "modified": "2026-06-02T15:57:33.485342Z", "relationship_type": "indicates", "source_ref": "indicator--cab6e992-da3a-47d9-a2a3-530837710db4", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--16f894b6-faa6-4bec-93a5-5e933a50e554", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.48649Z", "modified": "2026-06-02T15:57:33.48649Z", "relationship_type": "indicates", "source_ref": "indicator--86586dbb-b850-481c-a8dc-be7f0afc022a", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--033e21b4-7663-448e-a21c-3864c43c2c32", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.487586Z", "modified": "2026-06-02T15:57:33.487586Z", "relationship_type": "indicates", "source_ref": "indicator--2695fd3c-7db3-4214-97ce-d557b867eebb", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8b88d5c7-4ac1-410b-9630-b117f619a2a4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.488656Z", "modified": "2026-06-02T15:57:33.488656Z", "relationship_type": "indicates", "source_ref": "indicator--3c47d985-f438-4aed-a7fc-0fbe3730cd63", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a09fca7e-4666-4d30-9cf0-fe32f9da9216", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.489695Z", "modified": "2026-06-02T15:57:33.489695Z", "relationship_type": "indicates", "source_ref": "indicator--34bbd01d-08df-453f-833f-79d445780b15", "target_ref": "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--951029b7-c4b2-479d-8e6d-75851553083a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.490976Z", "modified": "2026-06-02T15:57:33.490976Z", "relationship_type": "indicates", "source_ref": "indicator--010a16be-926e-4131-a3fb-3405ecd74051", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9dbef554-a369-4cb5-838f-1d5ac1f82197", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.492289Z", "modified": "2026-06-02T15:57:33.492289Z", "relationship_type": "indicates", "source_ref": "indicator--bfe586a3-9677-4705-9aa2-f9f19a0218a1", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6c3235f0-fe23-4b7b-a548-7b4a115ec95d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.493439Z", "modified": "2026-06-02T15:57:33.493439Z", "relationship_type": "indicates", "source_ref": "indicator--5993042a-58df-432a-a9ca-b4342da36fbd", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--64786b77-a9d0-49a0-ac4f-745f64888937", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.494463Z", "modified": "2026-06-02T15:57:33.494463Z", "relationship_type": "indicates", "source_ref": "indicator--e05afefc-4bab-4538-becd-b6525540a3c6", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4969f727-c75e-400b-9498-a0746f848136", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.495471Z", "modified": "2026-06-02T15:57:33.495471Z", "relationship_type": "indicates", "source_ref": "indicator--28b181d4-d388-4f30-8f72-df22c92f4e42", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--12c00dca-e002-4599-839b-15c213192b7b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.496509Z", "modified": "2026-06-02T15:57:33.496509Z", "relationship_type": "indicates", "source_ref": "indicator--e2058e6c-7b58-4d12-a585-29473c8af671", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--88c3cda4-c600-451e-bca1-081367e53771", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.497502Z", "modified": "2026-06-02T15:57:33.497502Z", "relationship_type": "indicates", "source_ref": "indicator--3744cb2f-6deb-4283-9125-114001255f56", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--56051929-5c00-4b47-929f-538dc31b7763", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.498485Z", "modified": "2026-06-02T15:57:33.498485Z", "relationship_type": "indicates", "source_ref": "indicator--69c341c0-f1fb-4aaa-ae3f-61eb2b90d1ad", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--79fba917-6665-43f0-a8f4-896c5e187063", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.4995Z", "modified": "2026-06-02T15:57:33.4995Z", "relationship_type": "indicates", "source_ref": "indicator--b86cae8b-d2f0-46cb-8ebe-1d2ca7b5713b", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eb2ea3c8-91cd-4e8e-844e-f5c332838b55", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.50064Z", "modified": "2026-06-02T15:57:33.50064Z", "relationship_type": "indicates", "source_ref": "indicator--9a2226c4-e58d-4c8b-a7b4-80ef9552150e", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3376db16-c06c-4b6f-89a6-9d3698bc7f34", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.501637Z", "modified": "2026-06-02T15:57:33.501637Z", "relationship_type": "indicates", "source_ref": "indicator--b6940108-ea22-4195-8e6a-3f222ab81af1", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--76cb8570-e6ac-4b90-a9bc-6edb2253cfe6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.502623Z", "modified": "2026-06-02T15:57:33.502623Z", "relationship_type": "indicates", "source_ref": "indicator--23a0f3a5-cf04-4c0b-b4eb-61937b42ed31", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ceb36c38-05d1-4d8b-81ab-670d35c96b9a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.503628Z", "modified": "2026-06-02T15:57:33.503628Z", "relationship_type": "indicates", "source_ref": "indicator--0b3550bb-c859-4f8d-9764-040ea7607b35", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d8626b68-1180-47de-af65-7468fd38d4fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.504617Z", "modified": "2026-06-02T15:57:33.504617Z", "relationship_type": "indicates", "source_ref": "indicator--1c3d6ae1-f4f4-4a78-b16d-a8b5375ea855", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--298f2f9e-ee3e-4df4-9a29-8db12727dbec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.505604Z", "modified": "2026-06-02T15:57:33.505604Z", "relationship_type": "indicates", "source_ref": "indicator--09c53286-9ae8-4bc3-b7fb-905f6b56f655", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d86ae158-fd8c-4671-a95b-0891e9accb48", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.50659Z", "modified": "2026-06-02T15:57:33.50659Z", "relationship_type": "indicates", "source_ref": "indicator--f2d03283-5b41-42a4-924a-e73054ac819c", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9b0e425d-030b-4630-b0e8-a01ace87bfc3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.507733Z", "modified": "2026-06-02T15:57:33.507733Z", "relationship_type": "indicates", "source_ref": "indicator--683531be-db8c-4cbb-8b21-d423c0db5e3f", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--779b0272-8f05-4001-b194-91ace7961e09", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.508727Z", "modified": "2026-06-02T15:57:33.508727Z", "relationship_type": "indicates", "source_ref": "indicator--7ceeae85-9a8c-4fb4-9f7e-24218e07e1b0", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d8801411-89ac-4313-b5c1-50b2111061eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.509747Z", "modified": "2026-06-02T15:57:33.509747Z", "relationship_type": "indicates", "source_ref": "indicator--edeec493-cee6-449c-961c-987b69243d61", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--152919fe-14fb-4a90-b668-123326a9107d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.510739Z", "modified": "2026-06-02T15:57:33.510739Z", "relationship_type": "indicates", "source_ref": "indicator--07073ea9-9ec6-4b93-9329-006526bf922e", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--95f2d4c5-255c-4b28-9c86-a9c013af0420", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.511736Z", "modified": "2026-06-02T15:57:33.511736Z", "relationship_type": "indicates", "source_ref": "indicator--1e9da284-93fb-44b5-8469-9ccde716ac0a", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8777909c-b0e3-4aa7-8919-b4abe044583a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.512724Z", "modified": "2026-06-02T15:57:33.512724Z", "relationship_type": "indicates", "source_ref": "indicator--bfb7b7af-a683-44ca-9856-a45c3e894966", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2b9f5886-ca65-493c-9e67-2556f364feb5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.513702Z", "modified": "2026-06-02T15:57:33.513702Z", "relationship_type": "indicates", "source_ref": "indicator--60c8aaab-3333-4641-86ef-39e20b2dbd1f", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--60ca5ff2-6366-444c-a2f0-d1e40ef6316a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.514822Z", "modified": "2026-06-02T15:57:33.514822Z", "relationship_type": "indicates", "source_ref": "indicator--df7f1a88-9811-4651-bdde-7a41022a1f51", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2cae5bbe-e453-485d-8cfe-ed833c2b6bf3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.515854Z", "modified": "2026-06-02T15:57:33.515854Z", "relationship_type": "indicates", "source_ref": "indicator--18558e14-a366-41d8-914d-fcebd5ae6579", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--668ac46f-afa3-48a0-aa5a-a46d2258c5d8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.516839Z", "modified": "2026-06-02T15:57:33.516839Z", "relationship_type": "indicates", "source_ref": "indicator--64678ff7-cadb-4caf-997e-13adc00bbeef", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0bbf735d-edce-4f95-809e-420711ef9eef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.517819Z", "modified": "2026-06-02T15:57:33.517819Z", "relationship_type": "indicates", "source_ref": "indicator--737dbf85-90d6-4195-b745-ad3df50d97ea", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--28dbe701-5c88-4de3-b7b5-9ac13dadd0fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.518803Z", "modified": "2026-06-02T15:57:33.518803Z", "relationship_type": "indicates", "source_ref": "indicator--d5c0002d-09a8-47eb-ad2d-cbfaab76a4ec", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6b838f43-ec0f-4a11-9861-557592f6f070", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.519805Z", "modified": "2026-06-02T15:57:33.519805Z", "relationship_type": "indicates", "source_ref": "indicator--f75e18ae-7b30-44cc-a840-6b6037976419", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4e2affb6-aa61-49f3-b74c-6431bcd93f65", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.520776Z", "modified": "2026-06-02T15:57:33.520776Z", "relationship_type": "indicates", "source_ref": "indicator--6f77391f-e83f-4f8b-853f-38d623d162ed", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c931a871-f5c0-43c6-a3fe-00ed9ec5eacb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.521908Z", "modified": "2026-06-02T15:57:33.521908Z", "relationship_type": "indicates", "source_ref": "indicator--01a54ecc-eac2-4c1f-bea8-2c8726b9e0cf", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2387fed4-5131-45e0-b682-cfc24367fbd5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.522909Z", "modified": "2026-06-02T15:57:33.522909Z", "relationship_type": "indicates", "source_ref": "indicator--b97f982e-7b0c-497d-9cb8-7fa1ce5585a1", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--115eb85e-34dc-4f44-affe-15daf7f33659", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.523902Z", "modified": "2026-06-02T15:57:33.523902Z", "relationship_type": "indicates", "source_ref": "indicator--c2ae6257-4105-499a-8ba0-d85a0cecf1ac", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--90f6d0ec-734c-477e-b973-9ae1dfe68b71", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.524882Z", "modified": "2026-06-02T15:57:33.524882Z", "relationship_type": "indicates", "source_ref": "indicator--520c7b37-187b-4930-8c80-1b0b81c9ddf8", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eaa6b3c3-5752-4460-a31c-8b2df6290a67", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.525867Z", "modified": "2026-06-02T15:57:33.525867Z", "relationship_type": "indicates", "source_ref": "indicator--c2d48095-bfb5-4038-b944-eea64528e9cb", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--52c4fda4-97dc-4a7f-ae27-d74e6062ff04", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.526847Z", "modified": "2026-06-02T15:57:33.526847Z", "relationship_type": "indicates", "source_ref": "indicator--9adf2b6f-07c2-40f3-bf7f-13c76bf49eaa", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--48df0940-907a-4d06-a40d-f53ad21fe76d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.527855Z", "modified": "2026-06-02T15:57:33.527855Z", "relationship_type": "indicates", "source_ref": "indicator--e4c12d15-70bd-4ecc-ab1c-e06702e313a8", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b02e2594-3280-47f9-9e9c-e17f27bd1d6f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.528985Z", "modified": "2026-06-02T15:57:33.528985Z", "relationship_type": "indicates", "source_ref": "indicator--9530567b-fdff-4d19-bc90-45253a8a8383", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--30f7f9c5-97db-48d9-85f4-c8e291702242", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.529978Z", "modified": "2026-06-02T15:57:33.529978Z", "relationship_type": "indicates", "source_ref": "indicator--de969165-8009-4435-9153-18fb53564be8", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d0855a44-f15f-4b4e-836e-a731efbe3947", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.530948Z", "modified": "2026-06-02T15:57:33.530948Z", "relationship_type": "indicates", "source_ref": "indicator--e6631cd1-a692-4277-b32f-b8a235451c85", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--da2d6a8d-4c41-49cf-aa12-1fccbaeb4d8c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.531938Z", "modified": "2026-06-02T15:57:33.531938Z", "relationship_type": "indicates", "source_ref": "indicator--4ec375cc-6598-4ac2-a73f-785a7d945a9b", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--404efbb5-289a-4a2a-a186-4a2d7a6cf340", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.532925Z", "modified": "2026-06-02T15:57:33.532925Z", "relationship_type": "indicates", "source_ref": "indicator--04368310-f9c0-43c0-bfd2-1b5a7b9c8d41", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e88e364c-9696-48ac-be59-e523718fc2b4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.533904Z", "modified": "2026-06-02T15:57:33.533904Z", "relationship_type": "indicates", "source_ref": "indicator--4c016db0-4257-4c5f-ae29-97283c201b6a", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--497c9708-f95b-482b-a002-939277ded228", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.534883Z", "modified": "2026-06-02T15:57:33.534883Z", "relationship_type": "indicates", "source_ref": "indicator--4fb65878-74d0-4958-9920-0da13a655d4e", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--87dfe98a-0ba8-4f79-bcfa-31bab4cb0edd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.536026Z", "modified": "2026-06-02T15:57:33.536026Z", "relationship_type": "indicates", "source_ref": "indicator--ace2e2a1-9867-40a1-8879-5f80ee30cf24", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--006fdbbe-9627-401d-941f-580589942b56", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.537031Z", "modified": "2026-06-02T15:57:33.537031Z", "relationship_type": "indicates", "source_ref": "indicator--414b4b34-171f-4997-b82f-10d7c10e8d09", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--47d60c80-793e-4672-90db-def18ab414ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.538022Z", "modified": "2026-06-02T15:57:33.538022Z", "relationship_type": "indicates", "source_ref": "indicator--2222ff05-9957-4029-a79c-ffca2c2ebe8f", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--db620233-55a5-465b-8805-26390071538f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.539016Z", "modified": "2026-06-02T15:57:33.539016Z", "relationship_type": "indicates", "source_ref": "indicator--64c5956b-0f92-4f90-9d16-75b15ecb8bda", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c9b493a7-8189-4e2d-85cb-f33b95b9d7ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.540029Z", "modified": "2026-06-02T15:57:33.540029Z", "relationship_type": "indicates", "source_ref": "indicator--3a915861-75cc-4d88-801c-19d691cafb1e", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7dd1088e-2f15-41a8-ba29-8c65cc208a2b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.541003Z", "modified": "2026-06-02T15:57:33.541003Z", "relationship_type": "indicates", "source_ref": "indicator--695fadeb-0f1f-4cfa-a720-32c2fef0531a", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a4f7cd90-8f10-483b-b481-b84a001257b9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.541986Z", "modified": "2026-06-02T15:57:33.541986Z", "relationship_type": "indicates", "source_ref": "indicator--6c0c7c24-9f7c-4e2f-8920-e2d29cc23aa8", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b09db867-2f12-40f7-8915-e4a2fa48ad3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.543113Z", "modified": "2026-06-02T15:57:33.543113Z", "relationship_type": "indicates", "source_ref": "indicator--68f4fc77-b415-41a7-93f6-e480328c1c7f", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3bf35f62-ce18-4b79-af87-a42aea663eb6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.544112Z", "modified": "2026-06-02T15:57:33.544112Z", "relationship_type": "indicates", "source_ref": "indicator--83c220e2-089d-40d8-b14f-e33e5a1e2066", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d745ff61-8c84-4fa0-825f-ad4c7178bd19", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.54509Z", "modified": "2026-06-02T15:57:33.54509Z", "relationship_type": "indicates", "source_ref": "indicator--34a0530d-b1c6-49fc-9dac-65b36a5259bd", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--04f0f5a4-fe90-4cae-9d59-685875272922", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.546078Z", "modified": "2026-06-02T15:57:33.546078Z", "relationship_type": "indicates", "source_ref": "indicator--f496ce72-b93d-45a0-b2f4-762b4bec41b4", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b9814aa3-8fea-410c-aeac-533812153985", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.547063Z", "modified": "2026-06-02T15:57:33.547063Z", "relationship_type": "indicates", "source_ref": "indicator--e32a7594-7152-4d07-9db9-e801c95d3ec3", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1fbdb7ab-9034-4b34-966e-586b5da6a312", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.54806Z", "modified": "2026-06-02T15:57:33.54806Z", "relationship_type": "indicates", "source_ref": "indicator--acdf458f-419d-4fe0-9723-93a89588fab1", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6844762f-16e8-447e-a93e-08517894732c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.549087Z", "modified": "2026-06-02T15:57:33.549087Z", "relationship_type": "indicates", "source_ref": "indicator--2f53bfd3-747f-4027-b005-af175641cfcb", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e0595275-0a72-46a3-b902-6910ee20b9d0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.550482Z", "modified": "2026-06-02T15:57:33.550482Z", "relationship_type": "indicates", "source_ref": "indicator--06c203df-64a6-45a3-999d-ed4e4915d6ac", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f7eb2884-f763-418a-bbb5-73617784f4c1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.551606Z", "modified": "2026-06-02T15:57:33.551606Z", "relationship_type": "indicates", "source_ref": "indicator--13b47900-eddb-407d-9d53-ce31a075cee2", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d498f838-eccb-468f-9593-372a351631d8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.552662Z", "modified": "2026-06-02T15:57:33.552662Z", "relationship_type": "indicates", "source_ref": "indicator--aae0da71-922d-4fbf-8cb1-7dba30e78feb", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8cadba6c-912e-4dcc-9f1e-da6efe7d19dc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.553686Z", "modified": "2026-06-02T15:57:33.553686Z", "relationship_type": "indicates", "source_ref": "indicator--7680bd93-f94a-45e8-908f-cd0f1e5b3e1a", "target_ref": "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4e17fdac-7bd4-4aa6-a2da-8bb2c5d6d10b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.554682Z", "modified": "2026-06-02T15:57:33.554682Z", "relationship_type": "indicates", "source_ref": "indicator--5dd1a0ec-a28f-404d-ab08-f5b0112bebaa", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--80917567-6a81-477e-9618-be117343d3fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.555681Z", "modified": "2026-06-02T15:57:33.555681Z", "relationship_type": "indicates", "source_ref": "indicator--0db5c5dd-c7d2-4fa2-9b5d-6a0ead77d050", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6b560ea3-415a-4621-9d01-d9b15f18615f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.556669Z", "modified": "2026-06-02T15:57:33.556669Z", "relationship_type": "indicates", "source_ref": "indicator--533a3bb6-7f3c-4e57-b71e-fc207d8307d8", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6fc2d507-ee78-4e2a-bc1c-a995eddfa96f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.557824Z", "modified": "2026-06-02T15:57:33.557824Z", "relationship_type": "indicates", "source_ref": "indicator--cdc91774-48c7-4d0c-9882-8d58d3fcc2a8", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--db90843b-166d-4bef-ae8d-c06f18455b0f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.558828Z", "modified": "2026-06-02T15:57:33.558828Z", "relationship_type": "indicates", "source_ref": "indicator--52375095-4eb7-4657-9e0d-0ddb5ad3e2be", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cfe89239-0bdc-401b-bbb4-874797ba18ab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.559837Z", "modified": "2026-06-02T15:57:33.559837Z", "relationship_type": "indicates", "source_ref": "indicator--c65a90c9-2e53-4c35-ab9f-dbac3ba154ed", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f4141c25-fe62-42c8-ae79-eaecd88370dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.560814Z", "modified": "2026-06-02T15:57:33.560814Z", "relationship_type": "indicates", "source_ref": "indicator--df782a1b-a969-4ff9-ba65-03e92074b714", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1e00914a-b136-4588-b35f-7192fc4d802e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.561794Z", "modified": "2026-06-02T15:57:33.561794Z", "relationship_type": "indicates", "source_ref": "indicator--9f243204-ca5a-4ef7-bbc1-23aafffc99cd", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e5451fe6-0609-44a1-b215-b8a536cefb85", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.562772Z", "modified": "2026-06-02T15:57:33.562772Z", "relationship_type": "indicates", "source_ref": "indicator--77176776-4305-4b2e-9349-5d0fa9ad2e93", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bf97fbf4-d7d6-4bb4-8416-81ca876ded97", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.563761Z", "modified": "2026-06-02T15:57:33.563761Z", "relationship_type": "indicates", "source_ref": "indicator--fd55d147-e8b4-43ab-bcb0-903338ed7452", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8fee0fc5-5af8-4b7e-8153-85ac490d4f6d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.564979Z", "modified": "2026-06-02T15:57:33.564979Z", "relationship_type": "indicates", "source_ref": "indicator--09302f6d-dcc0-46fc-a295-0ea5deafbbef", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6ba68ff5-f44c-4e84-999a-da1fc92d917c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.565974Z", "modified": "2026-06-02T15:57:33.565974Z", "relationship_type": "indicates", "source_ref": "indicator--a0b356ae-4b77-49b3-9b99-6d063e2ba66e", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--83561584-8984-41a2-b5af-fa0b32b019f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.566954Z", "modified": "2026-06-02T15:57:33.566954Z", "relationship_type": "indicates", "source_ref": "indicator--a127b65e-b645-418e-9f1b-08cecc4229c5", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--90bd3afe-11b7-4774-adaa-e69c21a325a0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.567947Z", "modified": "2026-06-02T15:57:33.567947Z", "relationship_type": "indicates", "source_ref": "indicator--229aa6fb-f11e-42cc-a694-2e791edec6a8", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b5ac208f-4cef-42d1-9787-7907597060f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.568923Z", "modified": "2026-06-02T15:57:33.568923Z", "relationship_type": "indicates", "source_ref": "indicator--44a32e90-6554-4031-bedc-29373712ce32", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--35883d75-452a-458b-9707-24a2d51d2569", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.569894Z", "modified": "2026-06-02T15:57:33.569894Z", "relationship_type": "indicates", "source_ref": "indicator--4207f424-a4f9-48c8-b238-df3fb10fec63", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bc243c84-781c-4e9f-a844-02e3bbf6cf71", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.570882Z", "modified": "2026-06-02T15:57:33.570882Z", "relationship_type": "indicates", "source_ref": "indicator--1aea5d56-eeb9-4769-96c0-44ea96f238d4", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9e4852b7-bab3-4681-9d0d-7fc5e15800c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.572894Z", "modified": "2026-06-02T15:57:33.572894Z", "relationship_type": "indicates", "source_ref": "indicator--72988324-c6cd-42ae-8733-ed8a73680275", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a1b7bdca-992b-4eab-960f-8e934dd5ddfc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.573965Z", "modified": "2026-06-02T15:57:33.573965Z", "relationship_type": "indicates", "source_ref": "indicator--df2b5353-5cfb-48b0-a7a8-fa4dcb4db303", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--301e7790-9cc6-4fd8-898f-8d594e41c1f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.574976Z", "modified": "2026-06-02T15:57:33.574976Z", "relationship_type": "indicates", "source_ref": "indicator--cf9f5926-fe69-4088-aa21-c40ba072767c", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ce35b06e-4e61-4e27-b913-2b0b4afe2adc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.576Z", "modified": "2026-06-02T15:57:33.576Z", "relationship_type": "indicates", "source_ref": "indicator--db6dd6e6-998f-4b77-a79a-96175fc61c8c", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--654c358e-46fe-45a0-aa0e-43679bce7263", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.57699Z", "modified": "2026-06-02T15:57:33.57699Z", "relationship_type": "indicates", "source_ref": "indicator--17ffef65-63e7-4e53-9c9e-229fe45b1edb", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--23bd90a3-109b-4a0b-b30a-d960e237b3fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.57798Z", "modified": "2026-06-02T15:57:33.57798Z", "relationship_type": "indicates", "source_ref": "indicator--45d390e1-12c1-4e04-aa59-9ec5e8c6c9bc", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e5f9839b-61dc-4830-8941-98b03db2c537", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.578953Z", "modified": "2026-06-02T15:57:33.578953Z", "relationship_type": "indicates", "source_ref": "indicator--8f61ef98-119c-4ee4-b237-6b34fc2e0d7b", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ec1acb22-33dc-4dd7-bbfd-ad7d29ae29ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.580096Z", "modified": "2026-06-02T15:57:33.580096Z", "relationship_type": "indicates", "source_ref": "indicator--a2c52b19-843d-4809-b327-df3457091190", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d46f9e8c-c4b0-4be4-9e0f-2292ec725771", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.581084Z", "modified": "2026-06-02T15:57:33.581084Z", "relationship_type": "indicates", "source_ref": "indicator--cffc02f7-fcaa-417b-90ec-076a4328d949", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--317571ca-1037-40d9-a67d-1c0a2f84f98b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.582066Z", "modified": "2026-06-02T15:57:33.582066Z", "relationship_type": "indicates", "source_ref": "indicator--27d63bdf-8f53-414e-ade3-530628bb4063", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--32cfcebb-a653-438a-be2a-862c33adb038", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.583042Z", "modified": "2026-06-02T15:57:33.583042Z", "relationship_type": "indicates", "source_ref": "indicator--1c092bd9-e870-4f06-82f8-8e813a29f7db", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e0190b79-bb92-4ffe-8d71-707f2564e941", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.584043Z", "modified": "2026-06-02T15:57:33.584043Z", "relationship_type": "indicates", "source_ref": "indicator--d574fbca-799d-429e-868e-d72c174ebe7d", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fb8a145c-9111-4e58-b06f-ea415552e5e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.585088Z", "modified": "2026-06-02T15:57:33.585088Z", "relationship_type": "indicates", "source_ref": "indicator--b426daf5-06bc-4426-a89e-9e95e0554d5d", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9dbda286-5647-4c07-8476-d13aec558084", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.586079Z", "modified": "2026-06-02T15:57:33.586079Z", "relationship_type": "indicates", "source_ref": "indicator--6eed1b5e-51da-41b2-8f90-4ab8252222b2", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--552c5ce6-823b-4bc5-aac9-11f9a0fc8f86", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.58721Z", "modified": "2026-06-02T15:57:33.58721Z", "relationship_type": "indicates", "source_ref": "indicator--9cca5a73-e4fd-4517-822a-3f4fdf35c5b1", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6525b4a4-36f1-4f20-91db-b800f6c7e7b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.588204Z", "modified": "2026-06-02T15:57:33.588204Z", "relationship_type": "indicates", "source_ref": "indicator--1742c6bb-9f6a-4ea1-9d97-065fd6993db6", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--df53fc3e-b80f-4427-ae2c-5151c0bdb342", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.589194Z", "modified": "2026-06-02T15:57:33.589194Z", "relationship_type": "indicates", "source_ref": "indicator--4c67218f-95a2-41e1-86a5-f739f9bc9211", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6fdb5d83-4ddc-4110-8628-73d63d4c67b5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.590169Z", "modified": "2026-06-02T15:57:33.590169Z", "relationship_type": "indicates", "source_ref": "indicator--62c89f36-a391-4849-936a-aa1e73913ee9", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2863245c-609c-4260-affa-6d24265fed92", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.591146Z", "modified": "2026-06-02T15:57:33.591146Z", "relationship_type": "indicates", "source_ref": "indicator--e9d58ee9-6b9e-4af4-a168-6dad70585b4e", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0e93de45-6e60-4b14-832c-5f4ac10c33f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.592117Z", "modified": "2026-06-02T15:57:33.592117Z", "relationship_type": "indicates", "source_ref": "indicator--5665bb7e-98b9-4fd3-9ea2-dc45551a25a0", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--700a6c79-04f3-4dde-88e3-a62747cd8340", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.593098Z", "modified": "2026-06-02T15:57:33.593098Z", "relationship_type": "indicates", "source_ref": "indicator--cdc2961e-d5a2-4079-95fb-d3c96c437570", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d6293430-a94c-4df8-bc9d-7170f09418cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.594268Z", "modified": "2026-06-02T15:57:33.594268Z", "relationship_type": "indicates", "source_ref": "indicator--fe2af9e2-ff30-41bf-a77c-d8f2e77cf24d", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9acec536-e7c7-44d5-ac2c-9671d724e02a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.595277Z", "modified": "2026-06-02T15:57:33.595277Z", "relationship_type": "indicates", "source_ref": "indicator--ecf5696d-ad0b-4f0c-8bdb-e77faa99aa99", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8d6d79bb-77fb-4418-9f07-1393b10ea2d4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.596264Z", "modified": "2026-06-02T15:57:33.596264Z", "relationship_type": "indicates", "source_ref": "indicator--c409e8d7-6971-49f5-b1fd-a77c6600b67e", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cbe8fd5d-0a2e-4393-8643-3fa23b7c3cb2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.597272Z", "modified": "2026-06-02T15:57:33.597272Z", "relationship_type": "indicates", "source_ref": "indicator--1aa84837-3a08-4fe1-b233-9cbf4f1aed65", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e2e1947e-ab38-4b87-bc33-ed879b1a888d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.598245Z", "modified": "2026-06-02T15:57:33.598245Z", "relationship_type": "indicates", "source_ref": "indicator--e2fd6216-cd41-4768-be36-f71a9ff0fc14", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--033d8260-b542-4a4a-9fe4-30048c2b746d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.599249Z", "modified": "2026-06-02T15:57:33.599249Z", "relationship_type": "indicates", "source_ref": "indicator--8ef751ea-9ab5-4e3c-89ce-77bd9319d418", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c21728d4-117f-410c-8a50-8739bf4b3960", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.600226Z", "modified": "2026-06-02T15:57:33.600226Z", "relationship_type": "indicates", "source_ref": "indicator--fc9ff78e-2287-49a0-965d-0a7db8aab524", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--053827d8-55e4-4099-badc-b298a1e9bf91", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.601348Z", "modified": "2026-06-02T15:57:33.601348Z", "relationship_type": "indicates", "source_ref": "indicator--ac81a339-9d78-469a-9d75-a93e2cef6df6", "target_ref": "malware--932f69b6-3705-4b66-8d2c-d641ed54972b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bf55a44f-b6c9-434a-9a61-d5afe6542256", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.602635Z", "modified": "2026-06-02T15:57:33.602635Z", "relationship_type": "indicates", "source_ref": "indicator--94e03a56-ef79-41be-bafa-4cc5cadc131e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d6249af3-2b2d-4cb4-acd8-2415130dd2a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.603622Z", "modified": "2026-06-02T15:57:33.603622Z", "relationship_type": "indicates", "source_ref": "indicator--bd422575-3fef-4f7a-82df-61c27a66a492", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8e1f303f-7198-45c5-9449-b44d7d6e275a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.604597Z", "modified": "2026-06-02T15:57:33.604597Z", "relationship_type": "indicates", "source_ref": "indicator--d6c9228c-6754-411b-996e-2a5bd3510efb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f2e416ac-11d9-4bff-ab24-d3e40d37fd26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.605568Z", "modified": "2026-06-02T15:57:33.605568Z", "relationship_type": "indicates", "source_ref": "indicator--7b67ecd2-e5e5-4343-b6eb-aa91922cf2b9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--046aed0c-101d-4e27-ab89-5d9e8f8a9250", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.606843Z", "modified": "2026-06-02T15:57:33.606843Z", "relationship_type": "indicates", "source_ref": "indicator--2c1608cc-7b02-432b-ba6c-f56d99a719f6", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--949c0b68-61cd-446b-9b85-843fed09ce98", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.607846Z", "modified": "2026-06-02T15:57:33.607846Z", "relationship_type": "indicates", "source_ref": "indicator--b4fb2899-9913-4973-9513-b2290e35b5b2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9ac617f2-14a7-44c2-abda-d9aeafe48acc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.608968Z", "modified": "2026-06-02T15:57:33.608968Z", "relationship_type": "indicates", "source_ref": "indicator--5eaecbcd-fac6-4142-81d7-2c531b1a99be", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--41fd988d-b47c-4961-b143-d85c75088ec5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.609952Z", "modified": "2026-06-02T15:57:33.609952Z", "relationship_type": "indicates", "source_ref": "indicator--547fa920-684b-4f92-969b-7c182720d67c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5d1d025a-5a0b-440c-89ca-18cd6f8fd8a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.610936Z", "modified": "2026-06-02T15:57:33.610936Z", "relationship_type": "indicates", "source_ref": "indicator--3f65d1e8-0b55-49ec-8842-f1ba66c689b7", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--540099d5-ee99-4d03-9e41-708d16e6d370", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.611938Z", "modified": "2026-06-02T15:57:33.611938Z", "relationship_type": "indicates", "source_ref": "indicator--f60ae476-1982-414a-a9ba-b7dec498c97a", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--112d9193-5515-4253-8900-2e30462697bb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.612925Z", "modified": "2026-06-02T15:57:33.612925Z", "relationship_type": "indicates", "source_ref": "indicator--4a4f508a-0cf3-43ac-9747-4509bad64d2c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b4a264ff-808e-4523-ba88-7dd027ee931f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.613904Z", "modified": "2026-06-02T15:57:33.613904Z", "relationship_type": "indicates", "source_ref": "indicator--392ed533-9832-4f2a-bce6-05de25c1514b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--395dc8eb-5196-4699-82dc-f0f611e95042", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.614881Z", "modified": "2026-06-02T15:57:33.614881Z", "relationship_type": "indicates", "source_ref": "indicator--3caa54e8-92a2-4ce7-974d-ecdbfe95a0f1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6f18b4bb-36c1-467c-9e16-ab89975b713b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.616012Z", "modified": "2026-06-02T15:57:33.616012Z", "relationship_type": "indicates", "source_ref": "indicator--2512bbba-0d56-4274-bef6-007949f90e9d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bc031a19-12f4-4bdf-81cb-ce7a9dd1da86", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.617002Z", "modified": "2026-06-02T15:57:33.617002Z", "relationship_type": "indicates", "source_ref": "indicator--7c076fb1-9849-4df3-9bba-fa21e18706ae", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ed8e4afa-6121-4b05-b79a-1e7dcefc13d3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.617995Z", "modified": "2026-06-02T15:57:33.617995Z", "relationship_type": "indicates", "source_ref": "indicator--11c9e9a6-c443-40e5-8aea-653dc72a96f2", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--42681f7e-5296-4939-b9e0-0dbc40e2a668", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.618989Z", "modified": "2026-06-02T15:57:33.618989Z", "relationship_type": "indicates", "source_ref": "indicator--0f46d05c-e161-4d42-a393-1cda1898d2a2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a4f2079f-7f1a-415d-8d7a-e4c0a4768de2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.620112Z", "modified": "2026-06-02T15:57:33.620112Z", "relationship_type": "indicates", "source_ref": "indicator--1577a1b4-7e0f-43ec-9a2f-dadadaec9e38", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a125ff2e-6671-41dd-8af5-d9974281c972", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.621099Z", "modified": "2026-06-02T15:57:33.621099Z", "relationship_type": "indicates", "source_ref": "indicator--dca7faef-090b-41d6-8125-524464a39e4c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--da814273-66a5-4fb7-9e73-dff2b6e1effe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.622073Z", "modified": "2026-06-02T15:57:33.622073Z", "relationship_type": "indicates", "source_ref": "indicator--470a06d2-b5be-4966-81d9-6802a4f28218", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dbd30481-e261-4537-b102-2f81db2ac0e0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.623208Z", "modified": "2026-06-02T15:57:33.623208Z", "relationship_type": "indicates", "source_ref": "indicator--000713c6-5f93-4f7a-beff-44a123fa7604", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f09ef62f-5b23-49d4-b5b2-b83b54ef513c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.624204Z", "modified": "2026-06-02T15:57:33.624204Z", "relationship_type": "indicates", "source_ref": "indicator--2e869a78-fc0d-4eba-89d5-477ec154f01d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cdfa43bc-eb1a-4a28-b47c-d7e77c62dc0d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.625198Z", "modified": "2026-06-02T15:57:33.625198Z", "relationship_type": "indicates", "source_ref": "indicator--683d855d-7bae-4b41-a17f-ae363f3d32ca", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fc2c875c-2c68-4e47-afdf-d6f2e613e7fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.626185Z", "modified": "2026-06-02T15:57:33.626185Z", "relationship_type": "indicates", "source_ref": "indicator--480dd671-0a62-4b3a-96be-72a412a96930", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6c2ce1b8-50dc-4545-af04-dac6bd94616e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.627183Z", "modified": "2026-06-02T15:57:33.627183Z", "relationship_type": "indicates", "source_ref": "indicator--2b038dac-3939-4bc1-92f6-a83915134b00", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d5feaab9-b504-453f-ac8c-248f1bd4e461", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.628174Z", "modified": "2026-06-02T15:57:33.628174Z", "relationship_type": "indicates", "source_ref": "indicator--0932b6c8-3339-4416-b5fd-e352869b5167", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--92135654-b91a-4b86-b61c-6b4fb42ff00b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.629148Z", "modified": "2026-06-02T15:57:33.629148Z", "relationship_type": "indicates", "source_ref": "indicator--093d86c4-de1f-48d0-8bfb-e50c72b02c7b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5b331a1f-0914-4874-a486-776f99d60a3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.630268Z", "modified": "2026-06-02T15:57:33.630268Z", "relationship_type": "indicates", "source_ref": "indicator--e740ab52-092d-42b6-bd67-f37364da96a2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e3f90503-f08f-4b5d-9e0a-f2e49c79f76a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.631269Z", "modified": "2026-06-02T15:57:33.631269Z", "relationship_type": "indicates", "source_ref": "indicator--5dfdc8e7-4d84-4240-a475-ab7c6f086efa", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ff491124-83dd-4047-9e92-0b015c54088d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.632268Z", "modified": "2026-06-02T15:57:33.632268Z", "relationship_type": "indicates", "source_ref": "indicator--aca7c0ce-ec43-491e-99a7-98f09eae9fc3", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f874d685-82a6-4c23-ac92-72d63cd3795a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.633243Z", "modified": "2026-06-02T15:57:33.633243Z", "relationship_type": "indicates", "source_ref": "indicator--0d00f1b5-1269-4f17-8713-96a792f9bd06", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--22fe6efa-ff7e-4e9a-bd9c-4c99ff678bcf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.634218Z", "modified": "2026-06-02T15:57:33.634218Z", "relationship_type": "indicates", "source_ref": "indicator--8e9a142f-b3d3-4c2e-9d36-0ff9822b29c4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e4ed3be5-66bf-4cad-864f-39bba709b589", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.635198Z", "modified": "2026-06-02T15:57:33.635198Z", "relationship_type": "indicates", "source_ref": "indicator--e377ae7b-c514-4b42-ab8d-de7841366851", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ee122107-7827-457e-98b5-bd2e39ac3a13", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.636186Z", "modified": "2026-06-02T15:57:33.636186Z", "relationship_type": "indicates", "source_ref": "indicator--ae2f314b-df9c-4774-8848-3aa9a13f4e73", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5905e9a7-7c55-4c9b-a5a1-6ddee42883ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.637316Z", "modified": "2026-06-02T15:57:33.637316Z", "relationship_type": "indicates", "source_ref": "indicator--6635c0de-db95-4c00-ab79-f64eb9724929", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c32e9137-adfa-4b91-8e6f-9ccd39689329", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.638313Z", "modified": "2026-06-02T15:57:33.638313Z", "relationship_type": "indicates", "source_ref": "indicator--e5eb243d-052f-4ffa-9572-fd7468efb534", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bf1d5155-5d99-4878-8d58-572305bd22e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.639301Z", "modified": "2026-06-02T15:57:33.639301Z", "relationship_type": "indicates", "source_ref": "indicator--979126e3-f881-45cd-900d-f3f3ae65b712", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6b0ad9cb-ecea-424a-b04d-d51e09327fe3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.640285Z", "modified": "2026-06-02T15:57:33.640285Z", "relationship_type": "indicates", "source_ref": "indicator--c8e2dc0e-30ae-47f1-b910-a7144c97210f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d9c3f2bd-8da0-49a6-b6b9-94be1cb54d44", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.641259Z", "modified": "2026-06-02T15:57:33.641259Z", "relationship_type": "indicates", "source_ref": "indicator--66cae2c8-020b-4253-a2f3-09a65fd8703e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bab25374-fa61-42b6-9dc6-0e8b2c9ef92b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.642228Z", "modified": "2026-06-02T15:57:33.642228Z", "relationship_type": "indicates", "source_ref": "indicator--ae3ff9c7-a9c6-4b4c-8b58-bc543806e7cc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a427ab51-020f-4634-a2fe-5696c5e51964", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.643209Z", "modified": "2026-06-02T15:57:33.643209Z", "relationship_type": "indicates", "source_ref": "indicator--72096d84-8b2d-488f-9841-ba02d6cbc17a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--67783ad9-c156-4700-928d-a0d65a6b7a58", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.644342Z", "modified": "2026-06-02T15:57:33.644342Z", "relationship_type": "indicates", "source_ref": "indicator--926467da-b353-4c60-a44e-874bb517328b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bd8816ee-2ed8-46a7-a101-45d22f290474", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.645352Z", "modified": "2026-06-02T15:57:33.645352Z", "relationship_type": "indicates", "source_ref": "indicator--3c46d8e2-2c14-4c4c-8939-6be6b9f6bb1e", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a5b268c3-b6a0-41b3-a35c-8094df1287ad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.646341Z", "modified": "2026-06-02T15:57:33.646341Z", "relationship_type": "indicates", "source_ref": "indicator--cf780c0e-739c-4477-93bd-e1eba7e74be8", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aec348d5-b019-4d5d-9b50-21f22fbc349d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.647327Z", "modified": "2026-06-02T15:57:33.647327Z", "relationship_type": "indicates", "source_ref": "indicator--a4bcfc9d-dada-4759-af51-815ca78b7149", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c73bd907-1af4-4360-b9f5-878d0c677f48", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.648593Z", "modified": "2026-06-02T15:57:33.648593Z", "relationship_type": "indicates", "source_ref": "indicator--1fde722f-0c76-45d7-9b06-7127113816f3", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0019265e-862c-48ac-a9b6-0a308bdbd73c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.649606Z", "modified": "2026-06-02T15:57:33.649606Z", "relationship_type": "indicates", "source_ref": "indicator--e8c30164-d0ef-42e0-8aa5-f9f5b21ecbdc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--10a2cc4b-ce57-4974-8ef6-4f3e2ca63506", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.651091Z", "modified": "2026-06-02T15:57:33.651091Z", "relationship_type": "indicates", "source_ref": "indicator--ede1d805-7276-4c2a-8b48-1a9b542f6072", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e8255b88-f3c6-46cc-8a3d-03e7d1dbf22d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.652407Z", "modified": "2026-06-02T15:57:33.652407Z", "relationship_type": "indicates", "source_ref": "indicator--8904a3d3-1941-4313-ac5d-b72a3e9ee91f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6a9d01a2-3ff2-4f5e-892f-e923bc3d9638", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.653464Z", "modified": "2026-06-02T15:57:33.653464Z", "relationship_type": "indicates", "source_ref": "indicator--bb5fd404-2e68-48cb-8e41-4b66c1bc13c7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--06900a1f-edb8-4de2-accd-ec6029f1b280", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.654494Z", "modified": "2026-06-02T15:57:33.654494Z", "relationship_type": "indicates", "source_ref": "indicator--69daa6a6-2d7f-4e04-99b4-9e79942f518e", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--95c6847d-6b2b-41ab-8773-42f3f3cb3913", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.655503Z", "modified": "2026-06-02T15:57:33.655503Z", "relationship_type": "indicates", "source_ref": "indicator--415ecc3d-6cf8-45a3-8462-8050dc036727", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--16c2866b-66fd-4217-b3bb-a0c564868e6c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.656494Z", "modified": "2026-06-02T15:57:33.656494Z", "relationship_type": "indicates", "source_ref": "indicator--10f9e285-25aa-405d-85c8-16a230a5a375", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b7fd287b-dff9-46cb-9400-b5e8de0adef1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.65749Z", "modified": "2026-06-02T15:57:33.65749Z", "relationship_type": "indicates", "source_ref": "indicator--a6c53af7-f947-43a0-a524-06e5d7eb8b1c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c0b680f5-2476-4a2e-a824-e837f2724cfb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.658471Z", "modified": "2026-06-02T15:57:33.658471Z", "relationship_type": "indicates", "source_ref": "indicator--de395703-7081-4907-87dd-c56fa928cfc1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--00253d02-b877-45c7-80d6-726092f8fc6b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.660694Z", "modified": "2026-06-02T15:57:33.660694Z", "relationship_type": "indicates", "source_ref": "indicator--366836f9-cc8d-41a4-8d34-b71f0b9d04d5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0850592e-78b3-486d-b624-30fa34c328c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.661889Z", "modified": "2026-06-02T15:57:33.661889Z", "relationship_type": "indicates", "source_ref": "indicator--8171ad5b-e49a-4cba-beeb-95d80f6a4693", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f787f4bb-abc3-4764-a703-6d220ec5df31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.662955Z", "modified": "2026-06-02T15:57:33.662955Z", "relationship_type": "indicates", "source_ref": "indicator--ce8f3024-ac4f-4c2b-9c0c-fa72da95dfcd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c6b0ecb3-905c-4978-9088-9520220a4084", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.664073Z", "modified": "2026-06-02T15:57:33.664073Z", "relationship_type": "indicates", "source_ref": "indicator--ad7efff6-f720-4db5-b91e-7ecbedd86e6c", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc5be1cb-494f-48b3-9012-17dc1201b1cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.665115Z", "modified": "2026-06-02T15:57:33.665115Z", "relationship_type": "indicates", "source_ref": "indicator--af0630f9-967f-43d4-90bf-87996bc80c3e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--624becd0-393f-4454-908e-e16f692c9ac5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.666124Z", "modified": "2026-06-02T15:57:33.666124Z", "relationship_type": "indicates", "source_ref": "indicator--53dd6443-8668-44e3-8a31-85236e5cebf5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9b9cc3a7-43e3-4b90-b481-d00346cf071c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.667135Z", "modified": "2026-06-02T15:57:33.667135Z", "relationship_type": "indicates", "source_ref": "indicator--9ee3c02f-9d87-4206-b27f-7c4b4dcc5b35", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c2fd7f6e-583a-409f-ba01-0c8508394600", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.714495Z", "modified": "2026-06-02T15:57:33.714495Z", "relationship_type": "indicates", "source_ref": "indicator--3815f527-0ed0-43df-815f-f12a49b1e07e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--195f6edd-d5c7-4860-a2ce-6514dfab345a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.71593Z", "modified": "2026-06-02T15:57:33.71593Z", "relationship_type": "indicates", "source_ref": "indicator--0c6c1aa7-9412-4f55-9142-fc67725aab99", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8be8175e-695a-497d-a2ac-53b8f64a363c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.716993Z", "modified": "2026-06-02T15:57:33.716993Z", "relationship_type": "indicates", "source_ref": "indicator--a88a271f-86fb-46f6-b0a7-91eb9526408d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--47ada41a-aa38-4942-95f5-e512686bc867", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.718021Z", "modified": "2026-06-02T15:57:33.718021Z", "relationship_type": "indicates", "source_ref": "indicator--4fcc706c-a4ae-4121-8ce4-fac626f2b6a2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b237b268-b2f3-4c57-afa7-4d05dafe7e7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.719025Z", "modified": "2026-06-02T15:57:33.719025Z", "relationship_type": "indicates", "source_ref": "indicator--9c8c7d08-6272-493f-a3d6-cc19c08349a4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8b129536-7e08-4304-89b9-dd9970fd2ef3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.720045Z", "modified": "2026-06-02T15:57:33.720045Z", "relationship_type": "indicates", "source_ref": "indicator--05f44f4c-7a07-4a5c-92da-9061a2b1489c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dae57acd-b98f-42a3-b14a-f4584435bd4f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.721189Z", "modified": "2026-06-02T15:57:33.721189Z", "relationship_type": "indicates", "source_ref": "indicator--c98be2b7-7b90-4a8f-95b7-cc21d63d2852", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--50555a89-a4ea-4cf3-8460-eb0ce66a326d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.722207Z", "modified": "2026-06-02T15:57:33.722207Z", "relationship_type": "indicates", "source_ref": "indicator--69d16e0e-f596-42f2-ae9e-0cd864079c88", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1395bf4a-6e32-4941-b2ed-17f6bbf3da90", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.723221Z", "modified": "2026-06-02T15:57:33.723221Z", "relationship_type": "indicates", "source_ref": "indicator--f00dd806-82eb-492b-a236-3056c6b32a15", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f2d2cdb9-5326-44ba-b049-243993b82369", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.724233Z", "modified": "2026-06-02T15:57:33.724233Z", "relationship_type": "indicates", "source_ref": "indicator--365e8574-ff1e-4192-8eca-87eda9090cec", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9a0ff123-1c65-4a0a-9a68-0ab38fb71d57", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.725221Z", "modified": "2026-06-02T15:57:33.725221Z", "relationship_type": "indicates", "source_ref": "indicator--c9f71608-cc1c-4c5f-b507-538af30f81cb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1ad2f7cd-4fcb-4ff3-b4c8-9db03532fe83", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.726206Z", "modified": "2026-06-02T15:57:33.726206Z", "relationship_type": "indicates", "source_ref": "indicator--9a71565f-dc92-4372-8360-3600194b9613", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--400be1a8-c4f0-4479-a990-b8eabe6b2f92", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.727213Z", "modified": "2026-06-02T15:57:33.727213Z", "relationship_type": "indicates", "source_ref": "indicator--3cb60610-f57e-4fdc-b0f6-d5731ffb1bcf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--03615f61-00fe-47b8-ab51-10cf34b73025", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.728356Z", "modified": "2026-06-02T15:57:33.728356Z", "relationship_type": "indicates", "source_ref": "indicator--fbc90e71-ccf7-4e2f-b20d-8e7328bd8e2c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f4b7267-5452-447c-b984-d891163cfd46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.729374Z", "modified": "2026-06-02T15:57:33.729374Z", "relationship_type": "indicates", "source_ref": "indicator--e456f27e-65ea-43e8-8916-81ad5908d63a", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--edb4e080-53cf-4e3a-a825-eeabc8c3a162", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.730398Z", "modified": "2026-06-02T15:57:33.730398Z", "relationship_type": "indicates", "source_ref": "indicator--0263c73e-74f2-48d2-a8b0-99e8aeef1eec", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--69b317b5-b2be-41a7-994b-da16fbd238a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.731696Z", "modified": "2026-06-02T15:57:33.731696Z", "relationship_type": "indicates", "source_ref": "indicator--c0052b88-e4cb-4042-b8db-38fb3c7f0618", "target_ref": "malware--8844a8fc-39a8-47b6-a7e7-a547bb298c48"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--39fa5eeb-3a94-4247-aab7-49256a820cbb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.732685Z", "modified": "2026-06-02T15:57:33.732685Z", "relationship_type": "indicates", "source_ref": "indicator--d0d3919d-c654-46b9-800b-49472263c6cb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0da5d529-e563-46a9-a7a6-baa579b4185b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.733673Z", "modified": "2026-06-02T15:57:33.733673Z", "relationship_type": "indicates", "source_ref": "indicator--96e1b034-62ea-475f-b90b-6643df828bef", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7a269b5c-6d20-4622-b656-1a444c2de91e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.734658Z", "modified": "2026-06-02T15:57:33.734658Z", "relationship_type": "indicates", "source_ref": "indicator--b3e3e48a-c5ee-4bdc-bf9e-5359844e302b", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--387a46ff-af64-4ab6-b007-4bda9d235225", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.735823Z", "modified": "2026-06-02T15:57:33.735823Z", "relationship_type": "indicates", "source_ref": "indicator--2ce00e97-1200-4a12-a2d5-ae820a30ecd2", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5da72d0f-c755-4798-a2c0-620d1c3e8a91", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.736834Z", "modified": "2026-06-02T15:57:33.736834Z", "relationship_type": "indicates", "source_ref": "indicator--ad78b136-ffd2-4b85-8f4b-20f4cd02e5b6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d1a83fd9-18a2-4e41-a42c-eb4ed50d6820", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.737822Z", "modified": "2026-06-02T15:57:33.737822Z", "relationship_type": "indicates", "source_ref": "indicator--c8e75ead-b09d-4386-a188-9f70d0e1c366", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1f50300a-b2bf-4d5e-be4b-c9abfd949ee3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.738806Z", "modified": "2026-06-02T15:57:33.738806Z", "relationship_type": "indicates", "source_ref": "indicator--78fd3e93-de08-4c5d-ba10-0df9401466bf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8debe86f-4645-4612-ab1e-4ccb33e16426", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.739805Z", "modified": "2026-06-02T15:57:33.739805Z", "relationship_type": "indicates", "source_ref": "indicator--fd33ac25-91c1-4b95-8855-d0ea1e9c1df9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--68f55880-5872-4021-b8fb-5ef1863fb538", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.740845Z", "modified": "2026-06-02T15:57:33.740845Z", "relationship_type": "indicates", "source_ref": "indicator--1ad96486-d1b5-4c80-a455-de30b572e1b1", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e28657e2-bc1d-483c-aa56-b3948f97200f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.741878Z", "modified": "2026-06-02T15:57:33.741878Z", "relationship_type": "indicates", "source_ref": "indicator--104d622f-0df7-4f73-b11f-19a43c4d5edb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--67302338-9513-4776-b359-c0b28d876ad8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.743045Z", "modified": "2026-06-02T15:57:33.743045Z", "relationship_type": "indicates", "source_ref": "indicator--7ab410a4-c0e1-46f6-90e7-99e597da35ac", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9ea324b4-7ee5-4e69-9a08-3cf9b53ef1c3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.74408Z", "modified": "2026-06-02T15:57:33.74408Z", "relationship_type": "indicates", "source_ref": "indicator--bb79d360-c024-412e-9763-4c6b86455e84", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2146b894-2790-4ac5-9255-1f7eba52607d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.745075Z", "modified": "2026-06-02T15:57:33.745075Z", "relationship_type": "indicates", "source_ref": "indicator--c5b7d70e-5c96-484f-8eaa-2cf5405fd7e3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--86f69ba8-df07-4016-a90c-46122325bb48", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.746064Z", "modified": "2026-06-02T15:57:33.746064Z", "relationship_type": "indicates", "source_ref": "indicator--42340c30-536b-47f7-ae40-ca9dde6b142d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3d152c2a-1bbd-46db-951b-74c4e5a4626d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.747062Z", "modified": "2026-06-02T15:57:33.747062Z", "relationship_type": "indicates", "source_ref": "indicator--152cc190-3df6-4fd2-b3ef-b694b3969199", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--389eabab-8fee-461d-bc1a-8f365e35f719", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.7481Z", "modified": "2026-06-02T15:57:33.7481Z", "relationship_type": "indicates", "source_ref": "indicator--d17d2d98-d2ff-4d43-8b29-8698c3ca85c3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d4b7314e-4a95-48a8-96ec-8f11b420cd3a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.749126Z", "modified": "2026-06-02T15:57:33.749126Z", "relationship_type": "indicates", "source_ref": "indicator--1794a3af-d79d-4f3c-919b-6b5f80952751", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1c9d812f-f017-41e5-b773-f8cc6dbf322c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.750289Z", "modified": "2026-06-02T15:57:33.750289Z", "relationship_type": "indicates", "source_ref": "indicator--89ba4f9f-c48a-47ae-8903-16f3dc4fbd10", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--22e58909-0198-41db-8195-4a95d83862fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.751323Z", "modified": "2026-06-02T15:57:33.751323Z", "relationship_type": "indicates", "source_ref": "indicator--a02566dc-80bd-418f-9413-991880769e89", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--18a6acf1-9e46-4722-a3a7-61ca9de4f39e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.752321Z", "modified": "2026-06-02T15:57:33.752321Z", "relationship_type": "indicates", "source_ref": "indicator--dbd5490f-82e1-476e-b0b4-726ae67da9a8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--079fa11f-1caa-4971-8598-85911e674c81", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.753312Z", "modified": "2026-06-02T15:57:33.753312Z", "relationship_type": "indicates", "source_ref": "indicator--8b5fbfbb-0e46-488f-8b8b-0eb50a65cbfc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--158829e9-5c10-496a-b712-73e5ab0400eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.754332Z", "modified": "2026-06-02T15:57:33.754332Z", "relationship_type": "indicates", "source_ref": "indicator--bed7aefb-d8d2-454f-a73e-f48a62997a36", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aa7875a7-52b3-4fe2-b622-c55f44893e2f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.755337Z", "modified": "2026-06-02T15:57:33.755337Z", "relationship_type": "indicates", "source_ref": "indicator--a933e99f-f4ad-4dfa-b37e-3ac132df9ae5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e7afcb46-07bd-492e-902d-23c007fcda63", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.75634Z", "modified": "2026-06-02T15:57:33.75634Z", "relationship_type": "indicates", "source_ref": "indicator--1c6666f1-a1ec-4702-bfc9-25970e615051", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dd94c443-fa27-44bc-bf6c-79af743f57e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.757483Z", "modified": "2026-06-02T15:57:33.757483Z", "relationship_type": "indicates", "source_ref": "indicator--6b2ff33b-64a0-442d-8735-2fd4f75d2e2e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e6da2216-b7dc-415d-8d24-15fb364415de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.758489Z", "modified": "2026-06-02T15:57:33.758489Z", "relationship_type": "indicates", "source_ref": "indicator--511d7773-45d8-46f8-b3ec-1319340606a4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a9f2a6ec-2d23-4c05-85c6-454092b3ebbb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.759504Z", "modified": "2026-06-02T15:57:33.759504Z", "relationship_type": "indicates", "source_ref": "indicator--e2d2a05d-fa0f-4f51-8db3-840deb3f9b93", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b0798e97-b625-44e8-9ea8-2356893f52a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.760507Z", "modified": "2026-06-02T15:57:33.760507Z", "relationship_type": "indicates", "source_ref": "indicator--528470eb-dd4a-4f11-834a-3ce6b3caacc8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0bd42405-f8e1-4bf1-803b-53ae06f01535", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.761491Z", "modified": "2026-06-02T15:57:33.761491Z", "relationship_type": "indicates", "source_ref": "indicator--d3b99d97-f4e3-4a51-a700-bba4f27dc6eb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f7eb8676-6f61-4ebe-846e-825bea095955", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.762477Z", "modified": "2026-06-02T15:57:33.762477Z", "relationship_type": "indicates", "source_ref": "indicator--3da7b5ef-7412-4740-96bf-4bbde442b6ed", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8655313a-a6b2-4c0c-9d22-f62f24445292", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.763469Z", "modified": "2026-06-02T15:57:33.763469Z", "relationship_type": "indicates", "source_ref": "indicator--6f25285f-021e-42d7-a579-48ff911a115e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d4599b19-ee3c-41bb-b133-ba96655f0cb0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.764609Z", "modified": "2026-06-02T15:57:33.764609Z", "relationship_type": "indicates", "source_ref": "indicator--1eacdbe7-0bae-4f1f-a2ce-13e58c541e87", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--613874a1-a7fc-4987-83cf-eaf97dcd7617", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.765616Z", "modified": "2026-06-02T15:57:33.765616Z", "relationship_type": "indicates", "source_ref": "indicator--2ef5d5d9-f7da-4c9a-8e17-a4bec0f56701", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--02b9de6d-4fb9-4027-a2e6-0a9c1ee6ccc5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.766617Z", "modified": "2026-06-02T15:57:33.766617Z", "relationship_type": "indicates", "source_ref": "indicator--2db1e546-897b-4fb7-b9a0-1e04ae84b032", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b44477ef-79a6-47e4-a260-a7079d8ea9f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.767619Z", "modified": "2026-06-02T15:57:33.767619Z", "relationship_type": "indicates", "source_ref": "indicator--727db8e7-2f93-46f1-b5c1-092dcd0b16f1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a34b000b-887a-4803-929b-90c058efbc15", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.768635Z", "modified": "2026-06-02T15:57:33.768635Z", "relationship_type": "indicates", "source_ref": "indicator--7b0ccc50-c39d-437a-a183-823da0053155", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5e6fddc1-9e1d-49d3-9671-81a5cf0dadb6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.769638Z", "modified": "2026-06-02T15:57:33.769638Z", "relationship_type": "indicates", "source_ref": "indicator--7b1a0f13-190a-40b8-b8d3-2c0305cafaeb", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fdfd95ee-9897-45be-9b2c-9326d0080f4b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.770619Z", "modified": "2026-06-02T15:57:33.770619Z", "relationship_type": "indicates", "source_ref": "indicator--7602bef8-8e4f-408b-b8da-27bbcb353dbb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--93073bdc-9b00-4cc1-bd92-926689de5c85", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.771769Z", "modified": "2026-06-02T15:57:33.771769Z", "relationship_type": "indicates", "source_ref": "indicator--50a83d63-bd97-4161-b1db-c8fc20bf4359", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--76061f1a-a560-44cd-ac0d-44773fe2a6fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.772782Z", "modified": "2026-06-02T15:57:33.772782Z", "relationship_type": "indicates", "source_ref": "indicator--d6fc5ea2-5ad2-471f-9304-47875281477c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc1957a7-9ac5-436e-b107-cf45b3ea3258", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.77377Z", "modified": "2026-06-02T15:57:33.77377Z", "relationship_type": "indicates", "source_ref": "indicator--5c01ee5d-54dc-4a53-9a37-72ea3c7e5ef8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eaafca1d-4d51-48af-9f32-8861f4768ce8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.774756Z", "modified": "2026-06-02T15:57:33.774756Z", "relationship_type": "indicates", "source_ref": "indicator--8d09b5b8-dd95-403d-9128-31cde2de1534", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e9597d2b-0767-4485-94a3-a84d4df7b93d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.775772Z", "modified": "2026-06-02T15:57:33.775772Z", "relationship_type": "indicates", "source_ref": "indicator--8dc72b5f-54be-41a1-b6ed-6f30ba8fe2c0", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--06de4e0c-e0c7-4793-b0d0-565fce928f04", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.776757Z", "modified": "2026-06-02T15:57:33.776757Z", "relationship_type": "indicates", "source_ref": "indicator--bc09bf04-48e4-4e58-9b33-4e315f717ed6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1ef66de2-303d-48fb-93d3-f3cf2ef658de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.777745Z", "modified": "2026-06-02T15:57:33.777745Z", "relationship_type": "indicates", "source_ref": "indicator--75c8ebe2-0532-403e-99bf-f9db85022613", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3999e8bf-b5e3-40dd-8a57-4cd18e263ee9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.778885Z", "modified": "2026-06-02T15:57:33.778885Z", "relationship_type": "indicates", "source_ref": "indicator--029e89a6-c147-4a8e-aabf-f9fd7839e602", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--06490b25-3104-4e60-b102-677f460513fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.779908Z", "modified": "2026-06-02T15:57:33.779908Z", "relationship_type": "indicates", "source_ref": "indicator--e4ba0d24-d43d-486c-a00d-c8cbff772425", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c89caa8d-36f2-43b5-aaf6-da70b976b72f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.780897Z", "modified": "2026-06-02T15:57:33.780897Z", "relationship_type": "indicates", "source_ref": "indicator--05487f8f-0d14-4228-bc93-569c7e43a121", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e992d08f-f705-4a6c-bca3-afffedf00740", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.78189Z", "modified": "2026-06-02T15:57:33.78189Z", "relationship_type": "indicates", "source_ref": "indicator--9bf0eff3-fccc-4476-b972-3aa4a9859a2c", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e719e380-137c-4fd1-9a46-c610c3274de7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.782887Z", "modified": "2026-06-02T15:57:33.782887Z", "relationship_type": "indicates", "source_ref": "indicator--72ce2bef-ed88-4ba0-8d68-283b42214882", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fafd2ae0-ead6-44aa-a819-55d67534aad6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.783884Z", "modified": "2026-06-02T15:57:33.783884Z", "relationship_type": "indicates", "source_ref": "indicator--8538cdf0-28ac-4054-b837-36ed4c8a6bfe", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b9961d65-6ecc-4015-9e3b-1e5ce2ebc987", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.784898Z", "modified": "2026-06-02T15:57:33.784898Z", "relationship_type": "indicates", "source_ref": "indicator--785c523a-a01d-4f68-94df-0e5ede1fec2e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--81fa6932-de1e-4e87-9d9a-f4a292e1e5cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.786031Z", "modified": "2026-06-02T15:57:33.786031Z", "relationship_type": "indicates", "source_ref": "indicator--41afdee9-bff4-49c3-8ba7-39cf46b608a2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3912531c-b6c3-4f98-9675-a0d491bc400e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.787072Z", "modified": "2026-06-02T15:57:33.787072Z", "relationship_type": "indicates", "source_ref": "indicator--f16d53d3-1510-4e2b-972c-a1dc92e45a3d", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--25c92bfa-2b82-43e1-a683-4faf6a9cb49b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.788084Z", "modified": "2026-06-02T15:57:33.788084Z", "relationship_type": "indicates", "source_ref": "indicator--daaa5f04-9f23-44b2-9a9f-717ab47df834", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--831f5d0e-93cc-442d-b45f-97469a345cc9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.789074Z", "modified": "2026-06-02T15:57:33.789074Z", "relationship_type": "indicates", "source_ref": "indicator--7d5fd1b8-7060-4189-bbf5-99ac5e96eb71", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8102af8e-f7d7-4cc0-981f-fc86b4a81c05", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.790069Z", "modified": "2026-06-02T15:57:33.790069Z", "relationship_type": "indicates", "source_ref": "indicator--530accb4-33fa-45c8-bfc0-a337dc01e25d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8df700d9-8497-4a5f-9959-02ded7c03b5a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.791363Z", "modified": "2026-06-02T15:57:33.791363Z", "relationship_type": "indicates", "source_ref": "indicator--90030643-ed88-419c-a930-9df5cc6e3e16", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--246b9102-f7c0-4f12-9157-6c859ae4aa02", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.792363Z", "modified": "2026-06-02T15:57:33.792363Z", "relationship_type": "indicates", "source_ref": "indicator--ffc595a5-323e-4b29-8a48-d802df6bf286", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c61eaf69-06a7-47b0-8a6f-0595a106dd22", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.793497Z", "modified": "2026-06-02T15:57:33.793497Z", "relationship_type": "indicates", "source_ref": "indicator--cfae11d3-da59-45a4-9583-12e641efeb24", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a7405f69-989d-4866-b544-34403836e4ef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.794498Z", "modified": "2026-06-02T15:57:33.794498Z", "relationship_type": "indicates", "source_ref": "indicator--d3d8a5eb-23bc-4536-bec2-3fb7398d5ee9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e723253a-cef2-4c8c-80a7-20bc2ee3c3cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.795503Z", "modified": "2026-06-02T15:57:33.795503Z", "relationship_type": "indicates", "source_ref": "indicator--a321824d-703b-44c3-8535-8e800ee6d738", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4040b049-c42d-42f3-8b1f-2a74321d1dcf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.796504Z", "modified": "2026-06-02T15:57:33.796504Z", "relationship_type": "indicates", "source_ref": "indicator--1558f616-8df1-4bde-968d-c8497e4b58aa", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dd7ff0a8-e425-4128-866f-f1c15e63ba19", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.7975Z", "modified": "2026-06-02T15:57:33.7975Z", "relationship_type": "indicates", "source_ref": "indicator--46123036-03ac-4fae-a08b-665f227df907", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8db6a516-821b-4c63-9b82-6205489da8a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.798485Z", "modified": "2026-06-02T15:57:33.798485Z", "relationship_type": "indicates", "source_ref": "indicator--af36a7b7-fd6b-4950-b599-325e8b299f36", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bbb483ca-d7ee-405a-86dd-3c5994a81a0c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.799491Z", "modified": "2026-06-02T15:57:33.799491Z", "relationship_type": "indicates", "source_ref": "indicator--f7a14143-339d-4df9-878f-e2716bb9c2d7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0dc26387-cd8f-420f-842f-a33b869db367", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.801499Z", "modified": "2026-06-02T15:57:33.801499Z", "relationship_type": "indicates", "source_ref": "indicator--7042ba1a-2df3-4ea9-b476-aa6ca9420bd8", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5813f330-4e0f-4bc9-927c-05a1b08cb954", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.802594Z", "modified": "2026-06-02T15:57:33.802594Z", "relationship_type": "indicates", "source_ref": "indicator--824a7d9c-9555-43e8-be30-23f32029041c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--34279216-57ad-4c0b-a685-6df54959198f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.803635Z", "modified": "2026-06-02T15:57:33.803635Z", "relationship_type": "indicates", "source_ref": "indicator--7481e347-ea8d-4566-a142-54a2a500c58f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--00c0a506-b77f-41f9-a281-7b09c4a3d9fe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.804659Z", "modified": "2026-06-02T15:57:33.804659Z", "relationship_type": "indicates", "source_ref": "indicator--3a735619-eac7-44db-a374-64cf3b570920", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c03a5549-8be3-4962-85ac-1893857c9734", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.80566Z", "modified": "2026-06-02T15:57:33.80566Z", "relationship_type": "indicates", "source_ref": "indicator--0f8ac09e-fac8-44ca-97f6-f0775fa8efd9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eb9a38de-da76-4a67-820e-54bf7ca54f1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.806656Z", "modified": "2026-06-02T15:57:33.806656Z", "relationship_type": "indicates", "source_ref": "indicator--681ec3c1-cf64-493c-9691-f22b9a41ec19", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--458e285f-efce-4773-92d9-2960dabdf28d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.807661Z", "modified": "2026-06-02T15:57:33.807661Z", "relationship_type": "indicates", "source_ref": "indicator--63367310-8777-422d-8d5d-d1dbf47c7664", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--791fbd92-115d-4128-bce2-c1485fc31cf3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.808806Z", "modified": "2026-06-02T15:57:33.808806Z", "relationship_type": "indicates", "source_ref": "indicator--3061e444-75dc-4f9a-861e-8947a2d4be27", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3cefaed3-b776-4fa7-be53-02dec27b32b4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.809827Z", "modified": "2026-06-02T15:57:33.809827Z", "relationship_type": "indicates", "source_ref": "indicator--13a9f55f-7913-4023-8d86-42810b38b599", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a9f73867-e814-4fe0-b886-44dcb61433a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.810836Z", "modified": "2026-06-02T15:57:33.810836Z", "relationship_type": "indicates", "source_ref": "indicator--090f06bb-f734-4b7b-afe9-a46d6505288f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5f676361-8e08-4b61-bd71-6734ba43bc93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.811867Z", "modified": "2026-06-02T15:57:33.811867Z", "relationship_type": "indicates", "source_ref": "indicator--e6971699-35a1-42e1-9f32-6da738be5e50", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8a1aef01-8bbc-48c9-9c4e-b63aefbc6847", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.812874Z", "modified": "2026-06-02T15:57:33.812874Z", "relationship_type": "indicates", "source_ref": "indicator--2834bd96-c088-4af9-85bc-2ee03ced18c7", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3f12b91f-ec78-4cf4-84e3-b94028d1ae5a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.813865Z", "modified": "2026-06-02T15:57:33.813865Z", "relationship_type": "indicates", "source_ref": "indicator--37d59dbb-5e75-4235-9eb6-b412128e02a4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e29390f1-31eb-482f-92ee-94af744817b6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.814855Z", "modified": "2026-06-02T15:57:33.814855Z", "relationship_type": "indicates", "source_ref": "indicator--cf7713d5-1a8d-409a-bcd3-fcbaaf16abe1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--db63ff69-45e3-403a-898c-fa09f36040f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.816Z", "modified": "2026-06-02T15:57:33.816Z", "relationship_type": "indicates", "source_ref": "indicator--8d3d811b-bf64-4f72-ae4b-2a23c47844c7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--107200af-adfc-49b9-b7fb-ef86b332189c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.817008Z", "modified": "2026-06-02T15:57:33.817008Z", "relationship_type": "indicates", "source_ref": "indicator--071d1a82-b74b-4194-9741-1467a846975b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a91376a9-3be5-4fa3-9a37-a7fab098a338", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.817993Z", "modified": "2026-06-02T15:57:33.817993Z", "relationship_type": "indicates", "source_ref": "indicator--95edd531-415e-466e-8a7d-c21e510d7c68", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c8f85f5d-a434-4b1a-88d2-5c941ff1fd98", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.818988Z", "modified": "2026-06-02T15:57:33.818988Z", "relationship_type": "indicates", "source_ref": "indicator--61929496-4ff6-4e0b-9061-1f608f7c5296", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--79441846-5a37-4ec0-8231-a9b1d660e39f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.819982Z", "modified": "2026-06-02T15:57:33.819982Z", "relationship_type": "indicates", "source_ref": "indicator--35f9fb62-8c33-4800-bade-b2bb3588f3df", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3c9a8371-18f7-4165-8a6c-725c1e14db3c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.820973Z", "modified": "2026-06-02T15:57:33.820973Z", "relationship_type": "indicates", "source_ref": "indicator--4fcd0b47-6c89-4147-9c28-53e334f44eec", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5b330861-ce93-4ca5-b468-231efbf91d66", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.821956Z", "modified": "2026-06-02T15:57:33.821956Z", "relationship_type": "indicates", "source_ref": "indicator--9f9437f1-bef9-455d-b35e-8e6222fcc6fa", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8f8a339e-d2b3-456a-a59a-8fa9047859c0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.823099Z", "modified": "2026-06-02T15:57:33.823099Z", "relationship_type": "indicates", "source_ref": "indicator--ceeb78b4-603c-4632-983e-a226ec23ce17", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--00159bb6-c614-41bb-a9fb-61afa92241ec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.824109Z", "modified": "2026-06-02T15:57:33.824109Z", "relationship_type": "indicates", "source_ref": "indicator--5da79195-fe2f-4408-b285-a025d82ad895", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a4427c4b-b0b0-495f-97c5-625645513465", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.825094Z", "modified": "2026-06-02T15:57:33.825094Z", "relationship_type": "indicates", "source_ref": "indicator--63f312b6-a74d-4fed-814a-e170cf670946", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e925fca8-86f4-4e6e-a5e0-e390fcc37060", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.826068Z", "modified": "2026-06-02T15:57:33.826068Z", "relationship_type": "indicates", "source_ref": "indicator--c71be4ff-5364-435d-beb5-0912ade8f3de", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--378cc001-c710-4b13-9829-816601745ede", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.827058Z", "modified": "2026-06-02T15:57:33.827058Z", "relationship_type": "indicates", "source_ref": "indicator--435e29a9-d0ef-4aaf-bf9b-87baa9387926", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d266739a-0963-490d-8e24-f8f79e2af26f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.828065Z", "modified": "2026-06-02T15:57:33.828065Z", "relationship_type": "indicates", "source_ref": "indicator--f9f293d3-d3f4-462d-9b2f-5a1e70c53624", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c761dc58-87c4-4d5c-a319-12f037df3e3a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.829053Z", "modified": "2026-06-02T15:57:33.829053Z", "relationship_type": "indicates", "source_ref": "indicator--e52406be-c8c6-4f48-98df-b94aa9b0ce33", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dfb33360-1da9-4807-ac8f-b7df97072177", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.830175Z", "modified": "2026-06-02T15:57:33.830175Z", "relationship_type": "indicates", "source_ref": "indicator--4815bdbe-84cb-46e5-a0f9-1a86be7f74a5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4392111e-7315-4196-9e0e-95b6bfc38ee4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.831189Z", "modified": "2026-06-02T15:57:33.831189Z", "relationship_type": "indicates", "source_ref": "indicator--82b81764-133c-43ff-a357-d9ab9a9dd736", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e6efd9ad-e8d7-4067-9de5-7234c65c511b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.832178Z", "modified": "2026-06-02T15:57:33.832178Z", "relationship_type": "indicates", "source_ref": "indicator--fd4330c7-7c77-4ec7-b613-8cddf8bcf0fb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--60e4b234-1df3-4678-ae94-3f73408797c9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.833159Z", "modified": "2026-06-02T15:57:33.833159Z", "relationship_type": "indicates", "source_ref": "indicator--870b93b3-60de-4372-bc0d-1766c580cffb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bd18420a-50f1-471d-bd60-7f80081e731c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.834149Z", "modified": "2026-06-02T15:57:33.834149Z", "relationship_type": "indicates", "source_ref": "indicator--7404a8eb-1cf4-4c03-b7c8-ce565d2a5e33", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b3735638-152b-4dbb-8c6d-36ada816d6e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.835142Z", "modified": "2026-06-02T15:57:33.835142Z", "relationship_type": "indicates", "source_ref": "indicator--b8e5f0d8-0893-4a2d-9dae-043542b672d2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--be263f1c-c844-499b-9a04-50e25f126a87", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.836132Z", "modified": "2026-06-02T15:57:33.836132Z", "relationship_type": "indicates", "source_ref": "indicator--5b331670-a707-4c13-88b9-bdebb3501560", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9923c603-0643-4cc0-8700-ff5ccdd1d729", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.837256Z", "modified": "2026-06-02T15:57:33.837256Z", "relationship_type": "indicates", "source_ref": "indicator--24755029-384c-4803-8c77-a141c202ecbe", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e1180ed5-7468-484d-b1a3-89bc35f612df", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.838252Z", "modified": "2026-06-02T15:57:33.838252Z", "relationship_type": "indicates", "source_ref": "indicator--5ba37ecd-177c-44a7-8023-5e94571889e9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--74a3ae8c-7c7e-4496-b9e9-6f6db9b15735", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.839251Z", "modified": "2026-06-02T15:57:33.839251Z", "relationship_type": "indicates", "source_ref": "indicator--417f88d0-9d4c-44f5-9cbe-6c6aafc735ca", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4bf12644-81a0-4adc-aaae-06ee3b9bec4b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.840264Z", "modified": "2026-06-02T15:57:33.840264Z", "relationship_type": "indicates", "source_ref": "indicator--7e1aaa15-adad-4b57-b532-8cbb8db261a5", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3bff69ed-72e7-4209-b3ae-1f928b3278a0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.841261Z", "modified": "2026-06-02T15:57:33.841261Z", "relationship_type": "indicates", "source_ref": "indicator--1a6cacd6-05ae-4d2b-ab02-cac27428638a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--46434220-452b-48fd-b03c-f0ee3e985fcd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.842243Z", "modified": "2026-06-02T15:57:33.842243Z", "relationship_type": "indicates", "source_ref": "indicator--08f8c7fe-e855-4a85-a044-fe8252917ead", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--de72f9e0-c74c-4e08-8746-bdadfd631a1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.843232Z", "modified": "2026-06-02T15:57:33.843232Z", "relationship_type": "indicates", "source_ref": "indicator--e59f16d0-c397-43ee-8c2a-11e5daff6e20", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4c225dcd-ed1b-4593-8435-41c44f3e9a1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.844358Z", "modified": "2026-06-02T15:57:33.844358Z", "relationship_type": "indicates", "source_ref": "indicator--6bad7e95-095b-44dc-95cc-67fa2012e70f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--20affda8-7078-4e8a-a9a4-2b76bc305838", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.845353Z", "modified": "2026-06-02T15:57:33.845353Z", "relationship_type": "indicates", "source_ref": "indicator--a90b7ab9-fed6-417c-a9ce-e8251e27aaff", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b4c1bc3b-402b-4c90-bde9-89a601cc36da", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.846338Z", "modified": "2026-06-02T15:57:33.846338Z", "relationship_type": "indicates", "source_ref": "indicator--3fa0f10e-cdd1-4254-9ae1-c54fce7864d6", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5eb29ca8-db31-4de9-9c21-f0033c23ec08", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.847349Z", "modified": "2026-06-02T15:57:33.847349Z", "relationship_type": "indicates", "source_ref": "indicator--f470dc26-22fc-47e7-8c62-41e865373381", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d3e9dfcc-f195-4d97-8cd4-b4960ac254f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.848335Z", "modified": "2026-06-02T15:57:33.848335Z", "relationship_type": "indicates", "source_ref": "indicator--6d1c733c-cafc-4651-a8c6-bd2b3717dd02", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--31990fdb-4efe-4aee-86e4-91c13cd6a5b5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.849322Z", "modified": "2026-06-02T15:57:33.849322Z", "relationship_type": "indicates", "source_ref": "indicator--3801377a-3b8e-4b58-9a26-4646ca482ff7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--87a66743-b8ea-40a3-b2ff-d6fb05331229", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.850328Z", "modified": "2026-06-02T15:57:33.850328Z", "relationship_type": "indicates", "source_ref": "indicator--41e156b8-2148-4155-bd55-f5fda0fb4921", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--70d3bb82-e7bd-4476-b800-b36ec50c0c7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.851512Z", "modified": "2026-06-02T15:57:33.851512Z", "relationship_type": "indicates", "source_ref": "indicator--0dce11d7-e1bd-45b7-9c92-be9cd43073e9", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--894b9a3a-3592-4007-9e70-32a3c50c1200", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.852576Z", "modified": "2026-06-02T15:57:33.852576Z", "relationship_type": "indicates", "source_ref": "indicator--e23909f9-452e-4564-8f2a-e64d824cf505", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5ac6d0d9-1770-41b8-99db-e38733a922b4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.853583Z", "modified": "2026-06-02T15:57:33.853583Z", "relationship_type": "indicates", "source_ref": "indicator--defb3dba-f9e8-4995-9419-6489fcf070bf", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a7e2e0f2-8366-468b-8c55-1f68b97a35b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.854572Z", "modified": "2026-06-02T15:57:33.854572Z", "relationship_type": "indicates", "source_ref": "indicator--f6293798-9cdd-4086-bb6e-3803ba0a97b3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e28d6cdf-36d3-4e32-88b1-9288d36d157f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.855574Z", "modified": "2026-06-02T15:57:33.855574Z", "relationship_type": "indicates", "source_ref": "indicator--bcdfd067-2818-4677-912b-0ed68dd2d373", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--51715844-ee69-400c-9551-8beef8ba057b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.856567Z", "modified": "2026-06-02T15:57:33.856567Z", "relationship_type": "indicates", "source_ref": "indicator--d5b2ddbd-4277-423d-96d3-e921987b716c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--71f106b8-0d9f-499a-8d34-e168230e0b8c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.857552Z", "modified": "2026-06-02T15:57:33.857552Z", "relationship_type": "indicates", "source_ref": "indicator--302b5fed-61dc-4e07-a12a-2f058431850a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--49caef16-9f0a-4a8e-91e5-8c0be4f640fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.8587Z", "modified": "2026-06-02T15:57:33.8587Z", "relationship_type": "indicates", "source_ref": "indicator--d4348862-89d9-46ce-8a01-13bb487ae9cf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--50a751e8-6bb0-47b0-a97c-2dff9bd855ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.859718Z", "modified": "2026-06-02T15:57:33.859718Z", "relationship_type": "indicates", "source_ref": "indicator--5816d2e6-0984-4ca8-9dd2-ffe1e24e2641", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d37dc212-4c4e-441b-a674-9091d6526c82", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.86071Z", "modified": "2026-06-02T15:57:33.86071Z", "relationship_type": "indicates", "source_ref": "indicator--d3e2f67d-6400-4618-9c35-3f4dcfb9657d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c4ba9fc8-8cfc-4c57-ac64-41efe56e8fc2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.861701Z", "modified": "2026-06-02T15:57:33.861701Z", "relationship_type": "indicates", "source_ref": "indicator--ab943d5c-76a2-4d78-8ca3-10b849add4af", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--816cad1d-30c1-462d-a90f-2bd4048c4d11", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.862694Z", "modified": "2026-06-02T15:57:33.862694Z", "relationship_type": "indicates", "source_ref": "indicator--542f62f8-2b66-4202-b70c-0fb9fa35d1cd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c34d5adc-358d-4875-b238-82a5a495dbe9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.863686Z", "modified": "2026-06-02T15:57:33.863686Z", "relationship_type": "indicates", "source_ref": "indicator--7ef95f46-0157-49cf-91d0-90ad043b9ad1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9060e89c-771e-40c8-adf4-51255a4fd956", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.864676Z", "modified": "2026-06-02T15:57:33.864676Z", "relationship_type": "indicates", "source_ref": "indicator--5984a15a-23dc-465b-b2d7-5b5736392e92", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7329a703-f69e-4d86-830f-66abf83dd4e5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.865821Z", "modified": "2026-06-02T15:57:33.865821Z", "relationship_type": "indicates", "source_ref": "indicator--5efe0d8f-15f5-45fb-bc34-aa5b4ecf7a6f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ecb389a1-d901-4eab-8ca6-07208c37694d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.866822Z", "modified": "2026-06-02T15:57:33.866822Z", "relationship_type": "indicates", "source_ref": "indicator--c4c98932-42b6-4333-af94-c1e40a244f76", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8a83608d-051b-469a-9528-f214145c6c88", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.867845Z", "modified": "2026-06-02T15:57:33.867845Z", "relationship_type": "indicates", "source_ref": "indicator--fb386e98-a27b-40ca-977c-e9869392f833", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b1c019ab-7f28-44fc-b2f5-f232214749ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.868833Z", "modified": "2026-06-02T15:57:33.868833Z", "relationship_type": "indicates", "source_ref": "indicator--83a2edf9-b4b0-4ff5-85fa-4888d464c2d5", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1cd0c3ea-bb4d-4234-960f-a66b80de65b7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.869818Z", "modified": "2026-06-02T15:57:33.869818Z", "relationship_type": "indicates", "source_ref": "indicator--6dcd0ca3-3f84-47a7-b22d-72eb88e90f48", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b88ce477-5705-4080-a5f4-4b347c0fcf31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.870809Z", "modified": "2026-06-02T15:57:33.870809Z", "relationship_type": "indicates", "source_ref": "indicator--ddac5570-a64c-4a5a-b19d-4ebbf22ed671", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7ccb0237-78cf-4f4e-a8e4-4ddf12e2f1dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.871844Z", "modified": "2026-06-02T15:57:33.871844Z", "relationship_type": "indicates", "source_ref": "indicator--b80fec14-3418-4539-a1ea-6c4603cba8e7", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9dd91a4c-99a5-4d17-8935-8bc0585439ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.872984Z", "modified": "2026-06-02T15:57:33.872984Z", "relationship_type": "indicates", "source_ref": "indicator--16351a98-372c-4e70-af95-59f9cbc3132b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f1341ae-0d15-44ca-834c-d1617adaa43f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.87398Z", "modified": "2026-06-02T15:57:33.87398Z", "relationship_type": "indicates", "source_ref": "indicator--0f86ec04-c479-4cd7-827d-0ca45aea6c0a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7d17b2a6-19c5-4a2a-b647-044cf2d1ae4d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.874969Z", "modified": "2026-06-02T15:57:33.874969Z", "relationship_type": "indicates", "source_ref": "indicator--f1e88b0b-f6dd-44ef-9937-b2596e65fa98", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--efe7cf76-5561-4d84-8849-1d52c3b1ff3a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.87598Z", "modified": "2026-06-02T15:57:33.87598Z", "relationship_type": "indicates", "source_ref": "indicator--c3f864eb-d661-4fb2-bcd3-47238da11023", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6b1595f0-b9c7-4f5c-a05c-b5c2e808619e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.876964Z", "modified": "2026-06-02T15:57:33.876964Z", "relationship_type": "indicates", "source_ref": "indicator--b23a0f85-a436-4a62-8d40-d606dc87f0dc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e855dfee-447e-4168-84f2-7de8dc9aac65", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.877957Z", "modified": "2026-06-02T15:57:33.877957Z", "relationship_type": "indicates", "source_ref": "indicator--a8d51ccb-20ef-4470-84b1-65c67df730b1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eda9cdf0-38c6-4b18-bc59-b0e68ae1b4cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.878942Z", "modified": "2026-06-02T15:57:33.878942Z", "relationship_type": "indicates", "source_ref": "indicator--8c34fa08-29cf-4485-a0c6-4038eb818272", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--da66e3b8-6b0c-4278-b59f-60a2f23e54e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.880081Z", "modified": "2026-06-02T15:57:33.880081Z", "relationship_type": "indicates", "source_ref": "indicator--a615ef2e-8ced-4a06-ac02-99e5424b45c5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c902450f-05eb-4ffb-a5d4-772893aff514", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.881077Z", "modified": "2026-06-02T15:57:33.881077Z", "relationship_type": "indicates", "source_ref": "indicator--d914b1dc-5693-46ab-b6b3-78e36b0b0bd2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4c6135f8-23ca-4be3-9331-8f4d94c63d4d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.882064Z", "modified": "2026-06-02T15:57:33.882064Z", "relationship_type": "indicates", "source_ref": "indicator--4ea9eb80-ff52-4532-93c5-624e68f7ccdf", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--577b6731-87fb-4f43-803f-0080c0ffce0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.883042Z", "modified": "2026-06-02T15:57:33.883042Z", "relationship_type": "indicates", "source_ref": "indicator--99fde0cc-0e54-497b-9dca-4c7781d7e920", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--abe0dcd6-9066-493c-b9b0-9475897aabde", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.88406Z", "modified": "2026-06-02T15:57:33.88406Z", "relationship_type": "indicates", "source_ref": "indicator--57a3bedf-c6a8-4c93-ad84-67132c7489b2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--85357a3b-05c5-495d-9c16-ea2e4f3a700c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.885082Z", "modified": "2026-06-02T15:57:33.885082Z", "relationship_type": "indicates", "source_ref": "indicator--8d9a15f5-5907-45d6-8377-1d6e8ad7bb59", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7bad20d5-aa31-4a37-afb0-52b5428638c3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.886095Z", "modified": "2026-06-02T15:57:33.886095Z", "relationship_type": "indicates", "source_ref": "indicator--ce7aa368-2014-4306-a5d6-81d90b2b9f02", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2084cb20-c432-4d13-8427-910211dfa0cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.888153Z", "modified": "2026-06-02T15:57:33.888153Z", "relationship_type": "indicates", "source_ref": "indicator--aab67bc4-bd0d-4471-a8c4-fa9919453a18", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--34c6edc8-4eb3-4fad-9c19-6785be35238b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.889264Z", "modified": "2026-06-02T15:57:33.889264Z", "relationship_type": "indicates", "source_ref": "indicator--f3b5fd51-e5fb-4937-81d5-5e1c25881973", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--62f123b7-2d5b-4328-ab00-f32317ba3acb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.890286Z", "modified": "2026-06-02T15:57:33.890286Z", "relationship_type": "indicates", "source_ref": "indicator--dd8b591d-089f-41af-ad30-3cabd47ff888", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b618fa2a-25b9-49f6-84f5-533367918aca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.89132Z", "modified": "2026-06-02T15:57:33.89132Z", "relationship_type": "indicates", "source_ref": "indicator--73814f9a-e1f8-4a28-91d1-2d4792c046a8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3d8a1758-3821-4f46-a8c9-1e1e40ec38f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.892337Z", "modified": "2026-06-02T15:57:33.892337Z", "relationship_type": "indicates", "source_ref": "indicator--bccdbadc-e0ec-4ba9-8438-64f888595b7c", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--49cd63b9-1dbe-4bfc-b6b8-4305c4b5a739", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.893329Z", "modified": "2026-06-02T15:57:33.893329Z", "relationship_type": "indicates", "source_ref": "indicator--7b2fc77d-438e-4f3a-8d02-239a23350da3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5619664b-96ff-4a5c-bcb1-d948e706b543", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.894318Z", "modified": "2026-06-02T15:57:33.894318Z", "relationship_type": "indicates", "source_ref": "indicator--da9866d1-4c9e-464d-b65b-76bde02016b2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ae51e2f0-90b0-4eb5-9439-dfbd96ba905d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.895462Z", "modified": "2026-06-02T15:57:33.895462Z", "relationship_type": "indicates", "source_ref": "indicator--f079336b-5c44-4b5c-9945-a5e40101b6cc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--478b9668-b790-4db0-90ee-cbaeaa920e67", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.89647Z", "modified": "2026-06-02T15:57:33.89647Z", "relationship_type": "indicates", "source_ref": "indicator--29a5a41b-029d-4b9a-a609-5cfc04ed7249", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e690c455-7876-4d1a-a04e-238861603a31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.897469Z", "modified": "2026-06-02T15:57:33.897469Z", "relationship_type": "indicates", "source_ref": "indicator--d4f4c40d-982d-4f32-b779-45a9b22ccf66", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3f15e800-8246-484f-84e6-2670dfebb3e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.89845Z", "modified": "2026-06-02T15:57:33.89845Z", "relationship_type": "indicates", "source_ref": "indicator--8a65506c-be18-4db8-9297-188fa5c8ace9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d9d75675-9c70-4f4f-bae5-1c89fba1bdb9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.899448Z", "modified": "2026-06-02T15:57:33.899448Z", "relationship_type": "indicates", "source_ref": "indicator--5da00d26-60f5-4fb8-b619-6a8d9164e759", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--86bab45f-6455-4689-b820-92fd383fe51b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.900443Z", "modified": "2026-06-02T15:57:33.900443Z", "relationship_type": "indicates", "source_ref": "indicator--9b9d5f03-f72d-4fae-845e-c7d4b0a67f6d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--586b1e90-a000-46cc-9c26-955e10edd99a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.901436Z", "modified": "2026-06-02T15:57:33.901436Z", "relationship_type": "indicates", "source_ref": "indicator--3fcbc41d-cd71-483a-8910-5bd3462f129f", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6a595b11-5bea-472d-8247-725d20425ece", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.902556Z", "modified": "2026-06-02T15:57:33.902556Z", "relationship_type": "indicates", "source_ref": "indicator--1b2156ec-500c-49cd-957b-2db414c987bc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a9ff0c17-cd20-4ba2-83ce-acc491a9afe1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.903576Z", "modified": "2026-06-02T15:57:33.903576Z", "relationship_type": "indicates", "source_ref": "indicator--dc9e1bd9-b445-46f6-92f5-4daead3c1e3a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--441758bc-2947-4ac1-a8a6-e315f4bdeddb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.904576Z", "modified": "2026-06-02T15:57:33.904576Z", "relationship_type": "indicates", "source_ref": "indicator--4e16d83a-4cbf-4cbf-b2e0-2071bea29910", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0bfe7c96-27fe-4771-963b-aaf30bcdb6e8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.905559Z", "modified": "2026-06-02T15:57:33.905559Z", "relationship_type": "indicates", "source_ref": "indicator--f9fbfec5-350a-4e1e-a2d6-85c5a1c077be", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--53de47f5-a2e1-40d5-8b62-cd6eeec41579", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.906542Z", "modified": "2026-06-02T15:57:33.906542Z", "relationship_type": "indicates", "source_ref": "indicator--79b4c4bd-4db4-4240-8c22-df348e466aaa", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--25e42a77-9c60-4467-bb3c-a848a3863096", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.907543Z", "modified": "2026-06-02T15:57:33.907543Z", "relationship_type": "indicates", "source_ref": "indicator--e52955e9-7acf-452c-81d0-0a2d84bf7a81", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--00fbf7b3-daa6-468e-8900-f7f5b9877dde", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.908526Z", "modified": "2026-06-02T15:57:33.908526Z", "relationship_type": "indicates", "source_ref": "indicator--33e39d94-1d8a-46d8-acf4-f8be66a8569e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5e4c13e2-0095-4702-b8aa-963d4c4dad31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.909655Z", "modified": "2026-06-02T15:57:33.909655Z", "relationship_type": "indicates", "source_ref": "indicator--b058dfad-7b82-4674-97ab-86fe0eebfa41", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--21491377-82e8-4653-9aff-92df5f48528b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.91065Z", "modified": "2026-06-02T15:57:33.91065Z", "relationship_type": "indicates", "source_ref": "indicator--a9fd4257-1e3e-4533-ae6c-d98bf84b8b80", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cb820c67-aebc-458f-81f7-3bd6140ade2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.911644Z", "modified": "2026-06-02T15:57:33.911644Z", "relationship_type": "indicates", "source_ref": "indicator--3420037d-2e1d-4d3b-96dc-f0c8edc6f64f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0c7aed56-ab88-4558-92ee-887f305a097f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.912622Z", "modified": "2026-06-02T15:57:33.912622Z", "relationship_type": "indicates", "source_ref": "indicator--1cad07c3-6825-4493-b76b-030380f8d7af", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0b0246d7-8a42-4d24-8591-8fae41395682", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.913612Z", "modified": "2026-06-02T15:57:33.913612Z", "relationship_type": "indicates", "source_ref": "indicator--d82cf9c9-c1ae-496d-8f8c-8a11941c4ab9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--788af696-c319-4468-a3ba-8af28e667a51", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.914606Z", "modified": "2026-06-02T15:57:33.914606Z", "relationship_type": "indicates", "source_ref": "indicator--b9fdd472-be8f-4c79-b6a6-b309a4de95c1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e70960c1-8d38-432e-bf89-0360f0bb4f94", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.915607Z", "modified": "2026-06-02T15:57:33.915607Z", "relationship_type": "indicates", "source_ref": "indicator--f0f7dd20-e89c-4d14-a50c-2cb06ba4214b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--16c84f9f-5fe0-45f1-9cf3-f460928227d3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.916739Z", "modified": "2026-06-02T15:57:33.916739Z", "relationship_type": "indicates", "source_ref": "indicator--7a5a374f-3fb6-40e4-a54b-0759f79e7967", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c09b5e6a-bc46-47a5-9b98-2c47afcc9fb7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.917751Z", "modified": "2026-06-02T15:57:33.917751Z", "relationship_type": "indicates", "source_ref": "indicator--7f49f917-565b-4dd8-8bcd-a69d907a3b61", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ce762c1b-4b87-4f66-8595-d0552c79c469", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.918734Z", "modified": "2026-06-02T15:57:33.918734Z", "relationship_type": "indicates", "source_ref": "indicator--24215ee0-3d10-4aed-9844-1cf743c34a02", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f0adcdbf-3680-44a7-b8f8-81fdef89c4ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.919737Z", "modified": "2026-06-02T15:57:33.919737Z", "relationship_type": "indicates", "source_ref": "indicator--87c91caf-e75a-42d3-adfd-8321b3855a75", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c81d7866-942b-41f2-b126-b187fe7cb133", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.920732Z", "modified": "2026-06-02T15:57:33.920732Z", "relationship_type": "indicates", "source_ref": "indicator--51abbfc4-1306-43f4-b3a3-40e9ef223d90", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--60b4abe8-236e-4a68-bfc2-d55f2e0db9cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.921724Z", "modified": "2026-06-02T15:57:33.921724Z", "relationship_type": "indicates", "source_ref": "indicator--adf680c9-4a59-4988-8fe1-75dd1d8032bd", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c6a7a508-b690-423b-a194-7bf2c609699b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.922698Z", "modified": "2026-06-02T15:57:33.922698Z", "relationship_type": "indicates", "source_ref": "indicator--a190e96a-7ceb-4cf8-96b4-3f88928ba905", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7175af80-b66b-4003-876f-cc606509f5f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.923848Z", "modified": "2026-06-02T15:57:33.923848Z", "relationship_type": "indicates", "source_ref": "indicator--2ebf2601-0acc-492f-b92b-0dd041c3193e", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d0fc2de7-7334-4afd-922c-d05e968cd4e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.924852Z", "modified": "2026-06-02T15:57:33.924852Z", "relationship_type": "indicates", "source_ref": "indicator--344556dd-bf32-49e2-beb4-45ed168c66fd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--913e36fc-c58c-47d8-9fd0-f9ded42909f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.925835Z", "modified": "2026-06-02T15:57:33.925835Z", "relationship_type": "indicates", "source_ref": "indicator--c1618ce6-825e-41b6-9cf1-e0d37c8def20", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e749f979-11d0-46de-96a1-b3e99a13504a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.926821Z", "modified": "2026-06-02T15:57:33.926821Z", "relationship_type": "indicates", "source_ref": "indicator--97989d5f-68cd-496d-95bb-0bb1c8ec0f8a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dd2fad01-a6f6-4b67-a1f3-753f8e4cb3ec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.927829Z", "modified": "2026-06-02T15:57:33.927829Z", "relationship_type": "indicates", "source_ref": "indicator--0b74c4d1-9ee8-44cc-81d6-2c27c248fe8b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e205efd9-32ed-40bf-8df8-d8b7ee304259", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.928813Z", "modified": "2026-06-02T15:57:33.928813Z", "relationship_type": "indicates", "source_ref": "indicator--b8a09e09-2eba-4df7-baa7-8b0f66240617", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4b80dd16-2eb3-400a-9d97-b7d6d84fa50e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.929801Z", "modified": "2026-06-02T15:57:33.929801Z", "relationship_type": "indicates", "source_ref": "indicator--3d9d025d-e448-4e40-9271-4e596154dcae", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bdebc564-dd0e-4693-9098-ecfc9e705796", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.930951Z", "modified": "2026-06-02T15:57:33.930951Z", "relationship_type": "indicates", "source_ref": "indicator--8f46b2de-f5d5-4367-8967-c2e83cf0dfd9", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--26c688b3-8d2c-401e-8f92-47513b868718", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.931968Z", "modified": "2026-06-02T15:57:33.931968Z", "relationship_type": "indicates", "source_ref": "indicator--05e30caf-278c-4a4f-a488-3db932b2518c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--44cf549e-104a-43fd-a4b2-ab5cb33cb3b6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.932955Z", "modified": "2026-06-02T15:57:33.932955Z", "relationship_type": "indicates", "source_ref": "indicator--ee61cec2-e3fe-40d2-9112-2c72e1be2195", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b44125d3-dbb4-45f5-b7d7-40573c3030e7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.93395Z", "modified": "2026-06-02T15:57:33.93395Z", "relationship_type": "indicates", "source_ref": "indicator--a323268a-6358-4f9a-b9fc-0dce71747c6a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--850afa46-43d1-48d3-b918-23127373601a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.934946Z", "modified": "2026-06-02T15:57:33.934946Z", "relationship_type": "indicates", "source_ref": "indicator--2436a15a-8c8c-4261-a8c0-ef08acc190b6", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9577883b-4da2-4b4f-8071-75262e371837", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.935943Z", "modified": "2026-06-02T15:57:33.935943Z", "relationship_type": "indicates", "source_ref": "indicator--8f8a5cbc-bbe6-4248-82bc-6e80f3f0116a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--89ab1d34-c98a-4c53-bb35-c3cc73fb912a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.93692Z", "modified": "2026-06-02T15:57:33.93692Z", "relationship_type": "indicates", "source_ref": "indicator--fc182162-ab82-43f0-a271-59fb4ffd9661", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3bd76427-2e49-4810-a2a3-7e817444082a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.938054Z", "modified": "2026-06-02T15:57:33.938054Z", "relationship_type": "indicates", "source_ref": "indicator--159d17ca-b19d-44cf-8198-19a4ca4a646b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b0e66878-b6fb-4006-b192-9bf1034561c1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.939049Z", "modified": "2026-06-02T15:57:33.939049Z", "relationship_type": "indicates", "source_ref": "indicator--4f054e1c-b6aa-4176-b437-ad0e129a228b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e321e0a4-bec5-4df1-8ef9-c7af5d36e704", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.940062Z", "modified": "2026-06-02T15:57:33.940062Z", "relationship_type": "indicates", "source_ref": "indicator--6ab190b3-4d55-42c9-a484-5d55303555a5", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1b48bd2a-7862-412a-9f77-7312ff67730a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.941044Z", "modified": "2026-06-02T15:57:33.941044Z", "relationship_type": "indicates", "source_ref": "indicator--4720209a-eea5-4701-88a9-f2618c0b6ab7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7a574d2e-94b6-43f8-b6f4-434db9161d87", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.942028Z", "modified": "2026-06-02T15:57:33.942028Z", "relationship_type": "indicates", "source_ref": "indicator--2f5ee6b3-4081-496b-9aed-1072477051f6", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6665cabb-046a-44ff-8e82-a1c8e43ac585", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.943011Z", "modified": "2026-06-02T15:57:33.943011Z", "relationship_type": "indicates", "source_ref": "indicator--a514f451-6914-407d-a919-2236b2902254", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2c3639eb-57d2-4ec2-935b-4fc99fff3c74", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.944006Z", "modified": "2026-06-02T15:57:33.944006Z", "relationship_type": "indicates", "source_ref": "indicator--304ae3eb-04c5-43ef-b9ef-084f41f34062", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e1f3239e-f4c0-485b-b8e4-18f9f07a2b91", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.945136Z", "modified": "2026-06-02T15:57:33.945136Z", "relationship_type": "indicates", "source_ref": "indicator--1450175c-8167-4428-9b8f-670bad0fbefb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9dedebfd-3690-4167-8aae-4157ea587097", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.946153Z", "modified": "2026-06-02T15:57:33.946153Z", "relationship_type": "indicates", "source_ref": "indicator--c6c4c552-6b6d-4fee-93f9-e24680444b6e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d5afe724-1e36-47f8-88f0-8d6401117633", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.947144Z", "modified": "2026-06-02T15:57:33.947144Z", "relationship_type": "indicates", "source_ref": "indicator--87d3e93d-188d-4aa9-8b9d-a59a338c25b2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--452d0efa-e616-4d04-b843-6fe00d18d220", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.948127Z", "modified": "2026-06-02T15:57:33.948127Z", "relationship_type": "indicates", "source_ref": "indicator--e7e2a783-3a3a-4fbf-9841-bc2e4a9f65f1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--44d2b1b9-5bbf-4e59-8f9c-e53b4ab705b7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.949106Z", "modified": "2026-06-02T15:57:33.949106Z", "relationship_type": "indicates", "source_ref": "indicator--0c9f7d72-3ba3-4c62-82de-9a23ff6c9dd5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b7f6d1e3-cf93-4962-a941-3b71ead2d768", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.950086Z", "modified": "2026-06-02T15:57:33.950086Z", "relationship_type": "indicates", "source_ref": "indicator--ac997719-c5dc-4c03-9b28-10a8b729d5fd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--208bf0eb-329e-4c14-a57b-3f74b746e03a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.951115Z", "modified": "2026-06-02T15:57:33.951115Z", "relationship_type": "indicates", "source_ref": "indicator--c2e3e0e7-3413-4fbe-baa7-afb9ce6345eb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--68980f57-010a-409d-8bad-5026de764302", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.952294Z", "modified": "2026-06-02T15:57:33.952294Z", "relationship_type": "indicates", "source_ref": "indicator--6171f286-d3ba-4c4a-84c7-6bf09a27917d", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3304043f-e3e1-461b-b13e-368018596b87", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.953308Z", "modified": "2026-06-02T15:57:33.953308Z", "relationship_type": "indicates", "source_ref": "indicator--645ca71e-42b9-44a8-9b66-b78cf152e10a", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a8706368-2559-4303-802e-f7554c4b09b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.954297Z", "modified": "2026-06-02T15:57:33.954297Z", "relationship_type": "indicates", "source_ref": "indicator--e2a1b164-47f8-4d1b-9df2-f06cc4eb45f2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5d1166e6-fb39-4f92-a5ca-50cd1c74acd8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.955321Z", "modified": "2026-06-02T15:57:33.955321Z", "relationship_type": "indicates", "source_ref": "indicator--3e617ac2-9a71-4f19-9d7f-e7cfcb9b6388", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ec043fea-936f-4258-bc25-c9aecb0cc984", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.956327Z", "modified": "2026-06-02T15:57:33.956327Z", "relationship_type": "indicates", "source_ref": "indicator--1ef2b236-b78d-46cc-9a70-90091d505ec1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0b621ded-929c-44f3-a0df-99c5d1dd51d0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.957313Z", "modified": "2026-06-02T15:57:33.957313Z", "relationship_type": "indicates", "source_ref": "indicator--3691a020-6a62-4aff-b7fe-dfdd80e85a10", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--462a4ec9-a22f-4dbf-b435-cd6c56cc72a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.958312Z", "modified": "2026-06-02T15:57:33.958312Z", "relationship_type": "indicates", "source_ref": "indicator--45c26d18-18bc-4599-a34f-2ac2fea83ccf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bb621311-9ebb-4b1b-a890-253d394e9314", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.959456Z", "modified": "2026-06-02T15:57:33.959456Z", "relationship_type": "indicates", "source_ref": "indicator--107d1796-f980-4a48-a95d-8badfa982856", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e69a30ea-d4fb-47b0-95b4-0b88ee3f6761", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.960471Z", "modified": "2026-06-02T15:57:33.960471Z", "relationship_type": "indicates", "source_ref": "indicator--f086a4aa-bed6-4dae-93c0-93b393c26f19", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--50fb229b-aa9c-4b27-8b51-398c10c503c7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.961485Z", "modified": "2026-06-02T15:57:33.961485Z", "relationship_type": "indicates", "source_ref": "indicator--04e06403-c0a4-41d8-9d3f-aef911b6f85a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3f1b80a2-47c1-46f5-95c6-10f7e61452b5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.962477Z", "modified": "2026-06-02T15:57:33.962477Z", "relationship_type": "indicates", "source_ref": "indicator--12568fef-e5e5-49ec-a8b3-82fbe5532d87", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e02102d8-233d-4223-861b-c8a9c7f27c22", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.963466Z", "modified": "2026-06-02T15:57:33.963466Z", "relationship_type": "indicates", "source_ref": "indicator--311c6053-2af2-4e91-ba89-1f8528332dd8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0c9d3892-a48f-4915-ba50-1f95b8b563a3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.964464Z", "modified": "2026-06-02T15:57:33.964464Z", "relationship_type": "indicates", "source_ref": "indicator--06252ba6-4e01-4fff-a5c6-b7d045e7adef", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--30f66c4f-4b48-4dae-ad6d-dd49a02b6f6e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.965448Z", "modified": "2026-06-02T15:57:33.965448Z", "relationship_type": "indicates", "source_ref": "indicator--aea41ce6-0ee8-45ab-a18a-477b04c529fd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--efb7893f-cec6-47ad-b729-506f27e213f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.966593Z", "modified": "2026-06-02T15:57:33.966593Z", "relationship_type": "indicates", "source_ref": "indicator--d34a1228-bbd3-4e9c-877f-62fda5de9121", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--326cff49-36ad-4a79-acf3-7c9b9d743c08", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.967615Z", "modified": "2026-06-02T15:57:33.967615Z", "relationship_type": "indicates", "source_ref": "indicator--2ff43c87-ab3d-4457-8997-bba3718d113b", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6a21cf36-1e1d-4e1e-b408-a0620f247f44", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.968612Z", "modified": "2026-06-02T15:57:33.968612Z", "relationship_type": "indicates", "source_ref": "indicator--c894a965-089f-44e7-9d74-e8c89c041950", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8691ac9b-40ff-49bf-b239-ac1834a4dbed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.969604Z", "modified": "2026-06-02T15:57:33.969604Z", "relationship_type": "indicates", "source_ref": "indicator--3b8529c7-61b3-443f-862b-6ee1decded97", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2193ccc9-3337-4315-b04a-437d56ed25a4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.970597Z", "modified": "2026-06-02T15:57:33.970597Z", "relationship_type": "indicates", "source_ref": "indicator--cb1cb0f5-bb32-4af6-a079-5d6b89f5da5c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--914d613b-fc62-47a4-81ff-99db2ad1fdd7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.971592Z", "modified": "2026-06-02T15:57:33.971592Z", "relationship_type": "indicates", "source_ref": "indicator--aa2efefb-3927-4fcc-b622-3e476431b00d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5dab77bb-f0e9-4232-870f-1c1cc59b8487", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.972583Z", "modified": "2026-06-02T15:57:33.972583Z", "relationship_type": "indicates", "source_ref": "indicator--a4926c39-cb5f-4be1-84b0-17a551019edc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d6ed623c-1be4-493d-9554-db8275f8714d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.974555Z", "modified": "2026-06-02T15:57:33.974555Z", "relationship_type": "indicates", "source_ref": "indicator--7599520a-4901-4fb6-ac2f-f97c0be81e81", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e22e630f-e2b1-4215-967f-206ce6f7bddc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.975671Z", "modified": "2026-06-02T15:57:33.975671Z", "relationship_type": "indicates", "source_ref": "indicator--7c554499-ac71-4e17-8ae2-b7f2b83ea928", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--68634cc8-5ff4-4ade-bed6-9fbb30da1950", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.976708Z", "modified": "2026-06-02T15:57:33.976708Z", "relationship_type": "indicates", "source_ref": "indicator--d9c5a266-d1b0-45f7-acf6-53dcf4323394", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3848d30a-5404-417b-9b68-7b49ac7b131d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.977733Z", "modified": "2026-06-02T15:57:33.977733Z", "relationship_type": "indicates", "source_ref": "indicator--14db49db-8a2f-4ef4-b491-3e1f0b9b2e7d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--965c69a8-d953-4a03-90ca-a7520919fb8e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.978754Z", "modified": "2026-06-02T15:57:33.978754Z", "relationship_type": "indicates", "source_ref": "indicator--a78289f4-dabb-414d-a477-d88a6a82ad7c", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3e06c40d-f47a-4435-8d8e-15a039188873", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.979766Z", "modified": "2026-06-02T15:57:33.979766Z", "relationship_type": "indicates", "source_ref": "indicator--7902f742-9423-4b65-874e-d1b808b14bc7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9a60607d-f7b0-432e-bf1d-cbefe3d0b23b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.980752Z", "modified": "2026-06-02T15:57:33.980752Z", "relationship_type": "indicates", "source_ref": "indicator--9a82af1a-e67f-4c88-9be0-9815cb7a929c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0b100230-532a-41e9-98fc-fbd101c3f50d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.981889Z", "modified": "2026-06-02T15:57:33.981889Z", "relationship_type": "indicates", "source_ref": "indicator--5f483ae9-1b1a-4d07-ab98-d1283f9390ea", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8cb22668-a2c3-4649-b8ad-c3281f82512c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.982894Z", "modified": "2026-06-02T15:57:33.982894Z", "relationship_type": "indicates", "source_ref": "indicator--3f3f79d3-d90d-4898-89b1-11ddf1238f94", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--77ba10d8-6f73-4637-80e7-589f5712f93f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.983912Z", "modified": "2026-06-02T15:57:33.983912Z", "relationship_type": "indicates", "source_ref": "indicator--ac2a1303-2202-4f32-b48d-01f91988d713", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ed27fa55-a7f5-47ec-b02d-b46ccf0412ef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.984927Z", "modified": "2026-06-02T15:57:33.984927Z", "relationship_type": "indicates", "source_ref": "indicator--17e829f8-10f7-4d09-9db4-54f96362c3e9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d31b5fb8-57d1-46b5-a834-fc4bfa14586a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.985925Z", "modified": "2026-06-02T15:57:33.985925Z", "relationship_type": "indicates", "source_ref": "indicator--e8a6b0a1-92ac-47fc-9e53-6c814c506aef", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b97c40ec-89f4-47d7-a859-9c7e67a722cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.986923Z", "modified": "2026-06-02T15:57:33.986923Z", "relationship_type": "indicates", "source_ref": "indicator--ae100fd5-2ecc-4a3f-b3e6-63e42d6cc2ba", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5663de26-0644-4426-a8c3-8309a759394d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.987929Z", "modified": "2026-06-02T15:57:33.987929Z", "relationship_type": "indicates", "source_ref": "indicator--57607861-438f-4781-9c09-c9de456451b5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3184ddae-9ea6-4ca3-87e9-9bad27812deb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.989062Z", "modified": "2026-06-02T15:57:33.989062Z", "relationship_type": "indicates", "source_ref": "indicator--a7d65151-92d4-4cf8-a072-416465dd0302", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c5ceafaa-fe26-4d1c-aad3-8f3da22c8531", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.990071Z", "modified": "2026-06-02T15:57:33.990071Z", "relationship_type": "indicates", "source_ref": "indicator--0e82b305-bb71-4944-b4c2-82d2627cb9a0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--627ac82b-0af3-4d93-a0b1-846dd20f588f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.991063Z", "modified": "2026-06-02T15:57:33.991063Z", "relationship_type": "indicates", "source_ref": "indicator--59ede6b5-64e2-48d4-8e8d-7d01486ecc17", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cd58d2ec-0297-4211-8966-55f52aea2fe6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.992063Z", "modified": "2026-06-02T15:57:33.992063Z", "relationship_type": "indicates", "source_ref": "indicator--040ed440-0759-4aa3-8345-d87d7c49390b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--02a35f6c-ed9f-4a53-8e46-8f9d2ca4b3cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.993047Z", "modified": "2026-06-02T15:57:33.993047Z", "relationship_type": "indicates", "source_ref": "indicator--60385374-cc9d-4829-9c21-7e633c6c42ee", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d6368af9-88b8-4e55-b0c8-0020919a03cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.994039Z", "modified": "2026-06-02T15:57:33.994039Z", "relationship_type": "indicates", "source_ref": "indicator--f45a1feb-30a9-4f29-8216-65be83e105cd", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--530fad53-401c-473b-bf15-337c68d68fcf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.995019Z", "modified": "2026-06-02T15:57:33.995019Z", "relationship_type": "indicates", "source_ref": "indicator--f6b6bae6-8040-4b35-a15d-3bad8dcb7a83", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4739aacf-52b5-4bde-b89f-55af05fb1333", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.996197Z", "modified": "2026-06-02T15:57:33.996197Z", "relationship_type": "indicates", "source_ref": "indicator--2a6471e9-e64c-441d-a7c3-6ec4aef4735e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5168819c-cf51-451d-864b-37d06d211ca3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.997204Z", "modified": "2026-06-02T15:57:33.997204Z", "relationship_type": "indicates", "source_ref": "indicator--c7a4aff1-e4b5-473e-88d2-a65c4a5d9e88", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8eef494d-038e-4529-ba9f-c9fdb2ec93e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.998197Z", "modified": "2026-06-02T15:57:33.998197Z", "relationship_type": "indicates", "source_ref": "indicator--c35c96e2-ea6f-4bdf-a599-38133d65131d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5c7dab50-2c82-404d-ae4f-174406ff016f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:33.999193Z", "modified": "2026-06-02T15:57:33.999193Z", "relationship_type": "indicates", "source_ref": "indicator--ea3e4c43-a049-4ca3-8cb8-e3aba6243da9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ae6656f1-7d40-4b03-81ed-673487e6dc36", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.000218Z", "modified": "2026-06-02T15:57:34.000218Z", "relationship_type": "indicates", "source_ref": "indicator--5516394a-71d3-4352-9d07-b9b449c95e81", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c1214c5d-0aa0-4d57-b760-57d9bdac4bc3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.001794Z", "modified": "2026-06-02T15:57:34.001794Z", "relationship_type": "indicates", "source_ref": "indicator--a6c5b939-fd08-4d58-9a17-6ff8b312e93e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5c7c4823-ec2b-46e3-b193-ebd708f58cf9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.004668Z", "modified": "2026-06-02T15:57:34.004668Z", "relationship_type": "indicates", "source_ref": "indicator--2e447866-873e-466c-b417-bb61e5cbfed9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5cc2f7dd-d9bb-4003-a149-f66731e3afcd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.007059Z", "modified": "2026-06-02T15:57:34.007059Z", "relationship_type": "indicates", "source_ref": "indicator--08fad254-65ce-4f9f-b0d8-804ac614f98e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f3310f75-900e-4a1a-89ac-a80e00ce1bde", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.009093Z", "modified": "2026-06-02T15:57:34.009093Z", "relationship_type": "indicates", "source_ref": "indicator--15fdb5f8-fc9c-4180-a7e7-107f9684fb93", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--05dd5b75-616b-42b3-9a0c-7ec298074d11", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.014028Z", "modified": "2026-06-02T15:57:34.014028Z", "relationship_type": "indicates", "source_ref": "indicator--09da6ae5-325d-4eea-9b0d-07d7c7d7d59d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ccd9d27f-08ab-4d2a-97e7-c97775f9b778", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.015632Z", "modified": "2026-06-02T15:57:34.015632Z", "relationship_type": "indicates", "source_ref": "indicator--a350719f-626e-4e3c-b507-33316f631b15", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e3d88e71-c2c9-4414-9f0b-89d07de473bd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.016971Z", "modified": "2026-06-02T15:57:34.016971Z", "relationship_type": "indicates", "source_ref": "indicator--3f5ef988-f345-4c8f-93cf-4a1e4b32fc5f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--39024320-0cd9-448c-8629-9a710144294c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.018098Z", "modified": "2026-06-02T15:57:34.018098Z", "relationship_type": "indicates", "source_ref": "indicator--963f9721-2883-4294-ad82-7ebb00ea10ff", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ce6a8311-1df6-45a3-ba3a-85dc02fc8915", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.019146Z", "modified": "2026-06-02T15:57:34.019146Z", "relationship_type": "indicates", "source_ref": "indicator--adc17e35-06fd-44d4-9c9c-a327bb7c1042", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--adf0cc11-8b99-43c1-9fe6-cb6b7ad3418d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.020381Z", "modified": "2026-06-02T15:57:34.020381Z", "relationship_type": "indicates", "source_ref": "indicator--05fb55d4-ad0e-4318-9dc4-03415623a3d8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d8e24d8f-9f94-4493-80a4-63d9bf674d1e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.021404Z", "modified": "2026-06-02T15:57:34.021404Z", "relationship_type": "indicates", "source_ref": "indicator--be4e99ca-843b-46e3-8e81-6fed14832d91", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a31895e3-457e-4bd3-aed2-6fcfb2834e61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.022401Z", "modified": "2026-06-02T15:57:34.022401Z", "relationship_type": "indicates", "source_ref": "indicator--82fe2be2-2f67-489a-b117-e4a18fb3890f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--727762c3-39ec-470b-a112-76def61d67bf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.023461Z", "modified": "2026-06-02T15:57:34.023461Z", "relationship_type": "indicates", "source_ref": "indicator--c3c437f4-1941-46bf-b93a-e05fd3320f59", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2dd12abf-160a-4e51-938a-97f4efb4e994", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.024488Z", "modified": "2026-06-02T15:57:34.024488Z", "relationship_type": "indicates", "source_ref": "indicator--d30a3bd5-e49b-4415-917b-204b6e20e4d6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f864e8af-727f-4cff-8768-02fa1ee14825", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.025479Z", "modified": "2026-06-02T15:57:34.025479Z", "relationship_type": "indicates", "source_ref": "indicator--8bb48cd6-11a0-494c-8641-8d4a41e068ba", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--64c5e628-c30f-4815-bfb8-d764113a214e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.026485Z", "modified": "2026-06-02T15:57:34.026485Z", "relationship_type": "indicates", "source_ref": "indicator--591f486b-0fd7-46fe-8143-ff9bc5133ed5", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fc425871-c98c-4c4c-829f-754a823e0679", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.027631Z", "modified": "2026-06-02T15:57:34.027631Z", "relationship_type": "indicates", "source_ref": "indicator--9835dce5-53e6-48f7-b31d-84ad35de3008", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--11831234-eef7-4e46-b0c8-0cdbb9773a77", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.028638Z", "modified": "2026-06-02T15:57:34.028638Z", "relationship_type": "indicates", "source_ref": "indicator--42d51539-1c5b-4f3e-a64e-b926a0c16470", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--31277766-e831-4381-8cea-3afba68f45e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.029628Z", "modified": "2026-06-02T15:57:34.029628Z", "relationship_type": "indicates", "source_ref": "indicator--33bcd73b-882c-4b96-b6f8-6071244f7484", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--42ca48c3-8b57-4eef-a102-3cdb5f6e2294", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.03066Z", "modified": "2026-06-02T15:57:34.03066Z", "relationship_type": "indicates", "source_ref": "indicator--bb36d382-c0ef-4256-b721-94c005dbd654", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--107d9882-c67e-479d-9d04-d3ac902cdf13", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.031674Z", "modified": "2026-06-02T15:57:34.031674Z", "relationship_type": "indicates", "source_ref": "indicator--5eac70e9-ca60-4634-bf1e-de7248189679", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--adab5276-1ddb-4bc8-b1f0-14a90175586f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.032662Z", "modified": "2026-06-02T15:57:34.032662Z", "relationship_type": "indicates", "source_ref": "indicator--abda09ef-79ed-4b11-a4a6-630671df446b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bd467df3-c40d-47b5-a634-f5f9eb5910aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.033653Z", "modified": "2026-06-02T15:57:34.033653Z", "relationship_type": "indicates", "source_ref": "indicator--1105c0f7-e31b-474b-bd83-bc03225adab8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1ef28b5c-d535-4e24-80e1-e06e29d68107", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.034786Z", "modified": "2026-06-02T15:57:34.034786Z", "relationship_type": "indicates", "source_ref": "indicator--d7f93f5d-eecd-49a6-9048-8558cc900373", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5a6835fa-d0d7-4054-88e0-febdba76422e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.035807Z", "modified": "2026-06-02T15:57:34.035807Z", "relationship_type": "indicates", "source_ref": "indicator--c49aa52d-a3df-4a42-8f78-bb38ace08d98", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b5b4e7e6-8b56-4073-a565-9e7e8afbbd43", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.036805Z", "modified": "2026-06-02T15:57:34.036805Z", "relationship_type": "indicates", "source_ref": "indicator--16cb53e4-dee8-41d3-a044-2edf85ab5f13", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--822a1184-c995-4833-948b-c77a52e6ff02", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.037796Z", "modified": "2026-06-02T15:57:34.037796Z", "relationship_type": "indicates", "source_ref": "indicator--40b94e30-2907-4c51-8dc0-11f43448057b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5cccbe77-042c-4b01-96cf-f46e36cb9970", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.038801Z", "modified": "2026-06-02T15:57:34.038801Z", "relationship_type": "indicates", "source_ref": "indicator--4388b0af-b3bd-4787-aae0-01244095c415", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7097b7de-ba8b-4c51-b99d-45873c4434ea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.039794Z", "modified": "2026-06-02T15:57:34.039794Z", "relationship_type": "indicates", "source_ref": "indicator--6ee60a74-6b88-42cc-ba39-1be268736166", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bbdb0666-ef15-462f-90e5-6f81972ea583", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.040773Z", "modified": "2026-06-02T15:57:34.040773Z", "relationship_type": "indicates", "source_ref": "indicator--bd6256b4-c097-47d4-b188-f0052a7df857", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--91260347-22db-4b6c-bf01-7e6764fcba92", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.041899Z", "modified": "2026-06-02T15:57:34.041899Z", "relationship_type": "indicates", "source_ref": "indicator--10c70e82-cbcd-4f0c-99c3-009b2b0b7779", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a60ae6d1-2a02-493b-b979-941c8a7908e5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.042903Z", "modified": "2026-06-02T15:57:34.042903Z", "relationship_type": "indicates", "source_ref": "indicator--0079edfd-cfde-4f4f-8d8a-5d04b00e97c9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--337d1fec-2d9a-4051-8b8f-4d1d319f722f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.043904Z", "modified": "2026-06-02T15:57:34.043904Z", "relationship_type": "indicates", "source_ref": "indicator--cbfa0a5e-93a3-43ec-a82d-d9d1ae9ac509", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fbd05a15-a5b5-49ef-90a5-e5e3fde505ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.044884Z", "modified": "2026-06-02T15:57:34.044884Z", "relationship_type": "indicates", "source_ref": "indicator--c2ee3edd-fa61-4c04-8fd9-1507ec6041b8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--efd0e419-3670-4bf9-a173-8068a9a0d463", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.045866Z", "modified": "2026-06-02T15:57:34.045866Z", "relationship_type": "indicates", "source_ref": "indicator--660301e6-a2b6-45c5-aeee-5b1a836bcc63", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4c300d37-a997-42bb-8dab-1903a39071e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.046859Z", "modified": "2026-06-02T15:57:34.046859Z", "relationship_type": "indicates", "source_ref": "indicator--edee3444-c8e4-4977-a21c-ca08336164de", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--620fdfe4-7d55-44d0-b1de-8ab0290f643a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.047916Z", "modified": "2026-06-02T15:57:34.047916Z", "relationship_type": "indicates", "source_ref": "indicator--54e54425-409e-4cc6-91ab-f0c05895e64f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fb4ce7c2-977d-4d37-a858-66b40ac047a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.049057Z", "modified": "2026-06-02T15:57:34.049057Z", "relationship_type": "indicates", "source_ref": "indicator--195f33e3-1311-4b49-aa1f-f2c67a08859b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ee577004-63a1-4c78-9c49-deb448601a86", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.050059Z", "modified": "2026-06-02T15:57:34.050059Z", "relationship_type": "indicates", "source_ref": "indicator--b0d0e34c-2a91-46a9-98fa-6325f3139be4", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8f4c946d-dc91-4c69-8d4a-e52afddf335b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.051048Z", "modified": "2026-06-02T15:57:34.051048Z", "relationship_type": "indicates", "source_ref": "indicator--b657f833-ca4f-4d4a-ad55-e1c6f3923e02", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--028fa5c1-969d-4927-99e5-632223cb7068", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.052056Z", "modified": "2026-06-02T15:57:34.052056Z", "relationship_type": "indicates", "source_ref": "indicator--f9b5e1bf-b565-4a5d-8a39-a3e942433c43", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2d9fdd5a-dbd0-4b02-bcbb-1650ad76f95b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.053045Z", "modified": "2026-06-02T15:57:34.053045Z", "relationship_type": "indicates", "source_ref": "indicator--baec2cbd-9388-4920-8c87-c1eb7bf9ec8f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a2a97fc1-9153-40c4-9d44-f8c2691258fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.054024Z", "modified": "2026-06-02T15:57:34.054024Z", "relationship_type": "indicates", "source_ref": "indicator--4730f11c-8fad-4daf-973f-2457fc26cd55", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--49dd34d3-3c0b-41b0-b1f1-689908fdca3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.055021Z", "modified": "2026-06-02T15:57:34.055021Z", "relationship_type": "indicates", "source_ref": "indicator--ecc9ef06-a01b-4219-b9f2-cc270e480f45", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--356babcd-f120-4338-8609-71779f5f8c68", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.056167Z", "modified": "2026-06-02T15:57:34.056167Z", "relationship_type": "indicates", "source_ref": "indicator--4e6ae033-2910-48e8-b69a-4b5c44b60fa4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c5b9db4f-efec-4011-99e6-795b4b1fdb69", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.057166Z", "modified": "2026-06-02T15:57:34.057166Z", "relationship_type": "indicates", "source_ref": "indicator--c61f2e10-7d15-4917-9b87-33001d812cef", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--efe699b5-b3ba-43bf-9a6c-2fe886a329f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.058159Z", "modified": "2026-06-02T15:57:34.058159Z", "relationship_type": "indicates", "source_ref": "indicator--f8a2d7ce-96cd-46b0-b9d0-55ce055cb8d6", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--35f16f10-8a24-42f8-aba5-d74f2b45c3eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.059156Z", "modified": "2026-06-02T15:57:34.059156Z", "relationship_type": "indicates", "source_ref": "indicator--3eee2599-2015-49a1-a03a-e08cfa3f8308", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--54ff57e0-4e48-446f-8966-815b037c734a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.060168Z", "modified": "2026-06-02T15:57:34.060168Z", "relationship_type": "indicates", "source_ref": "indicator--446c03ab-cc86-4a4d-9604-0241035da58e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c7b30a9e-7cf7-41eb-90de-09477ef6616a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.061156Z", "modified": "2026-06-02T15:57:34.061156Z", "relationship_type": "indicates", "source_ref": "indicator--9b8a9d0a-54fe-4833-9a26-c17772069c3d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0d97b8e4-0aa2-4cef-8da4-e493233fb7f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.062142Z", "modified": "2026-06-02T15:57:34.062142Z", "relationship_type": "indicates", "source_ref": "indicator--e2e0e9ac-45b9-47c6-a3b4-5dc795381b8f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aa95261f-d568-448c-8f50-5448a09e0ab4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.063291Z", "modified": "2026-06-02T15:57:34.063291Z", "relationship_type": "indicates", "source_ref": "indicator--4f0102ce-5ee4-4263-a86e-f507a50b2958", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--69042081-f52c-4258-9cf2-ec2b7e847202", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.064317Z", "modified": "2026-06-02T15:57:34.064317Z", "relationship_type": "indicates", "source_ref": "indicator--1d45b3e8-3357-4a5d-81fc-29fb63168838", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0b712f0f-8e85-4634-93fe-c7a8c91013cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.065309Z", "modified": "2026-06-02T15:57:34.065309Z", "relationship_type": "indicates", "source_ref": "indicator--31d4a256-6524-4a65-bfa0-d2d8a0e4c4ef", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3a91f4f2-ec95-418f-8ff8-fd26e3bf2dfb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.066288Z", "modified": "2026-06-02T15:57:34.066288Z", "relationship_type": "indicates", "source_ref": "indicator--183c2fc2-248f-42a3-9815-5f933a34788c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eccef1b3-a4cf-4401-9bfb-0145ca411dc5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.067295Z", "modified": "2026-06-02T15:57:34.067295Z", "relationship_type": "indicates", "source_ref": "indicator--d3d95307-cc71-44fd-a203-763c960b8894", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--67172cfe-ef50-4f67-b6b4-eafa4e67811e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.068308Z", "modified": "2026-06-02T15:57:34.068308Z", "relationship_type": "indicates", "source_ref": "indicator--38c99afd-cdbf-40a0-9062-ec3b278162e1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3a1c20c2-a1b0-4d57-b4ba-c0310b553553", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.069302Z", "modified": "2026-06-02T15:57:34.069302Z", "relationship_type": "indicates", "source_ref": "indicator--8c12be6a-e5b3-4a75-ab10-7ed4881a5228", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--75172c86-c352-4dec-b238-8fe2b82ee374", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.07125Z", "modified": "2026-06-02T15:57:34.07125Z", "relationship_type": "indicates", "source_ref": "indicator--0100ff3e-89a1-43c0-a781-576fb67bb37d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7f9bffcb-ba56-4126-a96f-478c869b4b1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.072376Z", "modified": "2026-06-02T15:57:34.072376Z", "relationship_type": "indicates", "source_ref": "indicator--60fe4641-0cbf-48a3-b1ba-b359ed5904db", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--603aeb10-2280-4cc9-ba27-652de693a645", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.073392Z", "modified": "2026-06-02T15:57:34.073392Z", "relationship_type": "indicates", "source_ref": "indicator--66d08060-6cc7-4788-9f12-c1c52c3655e2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c1bbee3d-2922-4611-a6b3-678009d2832c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.074387Z", "modified": "2026-06-02T15:57:34.074387Z", "relationship_type": "indicates", "source_ref": "indicator--393960a4-c058-4215-ba47-081e891cb29c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e155f0ac-280c-4568-9ec8-f3c38b7612bb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.075396Z", "modified": "2026-06-02T15:57:34.075396Z", "relationship_type": "indicates", "source_ref": "indicator--23c2f9ae-9f8e-415a-8c1b-ce6fcd51f5f4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6d2b6463-113f-430b-89d1-6dddfff000d8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.076387Z", "modified": "2026-06-02T15:57:34.076387Z", "relationship_type": "indicates", "source_ref": "indicator--0ed38252-5b04-404c-94a4-22a4a24f1619", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--42c05493-d5b0-4cd4-9644-b1aa7d3cbc93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.077374Z", "modified": "2026-06-02T15:57:34.077374Z", "relationship_type": "indicates", "source_ref": "indicator--d039e346-2c62-4775-96bd-2536f23eca1c", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--83fbef9a-a369-40c9-bfbc-db7b3653022c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.078499Z", "modified": "2026-06-02T15:57:34.078499Z", "relationship_type": "indicates", "source_ref": "indicator--4ad4062c-4446-4fdd-85ac-b87dbadcd6cb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5a2378ed-2e2e-4349-bc71-54ab83667680", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.079505Z", "modified": "2026-06-02T15:57:34.079505Z", "relationship_type": "indicates", "source_ref": "indicator--4ae3cf28-7f03-4d2a-9c1f-b511fcec96a6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b6d016f5-2ce5-4043-88b9-a969c8a971be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.080518Z", "modified": "2026-06-02T15:57:34.080518Z", "relationship_type": "indicates", "source_ref": "indicator--ab6c4f45-28da-4451-9e34-4af19dce7db0", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aaf4192e-af80-43db-b61a-bc27ed070e1b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.0815Z", "modified": "2026-06-02T15:57:34.0815Z", "relationship_type": "indicates", "source_ref": "indicator--7e3aca16-e450-42fa-be5b-ed7ffdbe2a5d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--28ac2f9c-b095-4148-a694-1999671c8a84", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.082479Z", "modified": "2026-06-02T15:57:34.082479Z", "relationship_type": "indicates", "source_ref": "indicator--14b92aa3-2223-40cb-9606-4b32594c8afd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f701f0d-e10f-4bac-947c-36521bfa55cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.08351Z", "modified": "2026-06-02T15:57:34.08351Z", "relationship_type": "indicates", "source_ref": "indicator--a301b167-d90d-427a-bd51-7b848bfa6f1d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d90c6f45-94a1-469a-aaa1-fec741fa4373", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.08453Z", "modified": "2026-06-02T15:57:34.08453Z", "relationship_type": "indicates", "source_ref": "indicator--0f7019ab-fd59-47e8-9157-7abf3c94d742", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cec6d0d5-1ddc-4cfa-bebe-083b8dae99f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.085671Z", "modified": "2026-06-02T15:57:34.085671Z", "relationship_type": "indicates", "source_ref": "indicator--664292c4-6457-4c27-b5bf-b475df247edb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2d65c625-275e-43ab-9451-1515235a5804", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.086701Z", "modified": "2026-06-02T15:57:34.086701Z", "relationship_type": "indicates", "source_ref": "indicator--33ef42c4-eb36-4135-ad5c-179a5b883464", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5d81a6d8-e3e4-4885-9415-41dec2298822", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.087701Z", "modified": "2026-06-02T15:57:34.087701Z", "relationship_type": "indicates", "source_ref": "indicator--ef84ae9c-277f-4edb-addb-afdbdd40341c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4fdb3af0-75cf-486a-a773-0644f381c969", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.088698Z", "modified": "2026-06-02T15:57:34.088698Z", "relationship_type": "indicates", "source_ref": "indicator--38da95e3-9d01-4d54-b4af-24ca43f2fdeb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dfc62e87-e5e6-41a6-9d47-3e6ba4880a4f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.08968Z", "modified": "2026-06-02T15:57:34.08968Z", "relationship_type": "indicates", "source_ref": "indicator--237ea0d4-ae20-4071-aee9-08759ce71080", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--750fc50c-0835-4218-ae6b-5c816d6335f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.090666Z", "modified": "2026-06-02T15:57:34.090666Z", "relationship_type": "indicates", "source_ref": "indicator--d0a3369f-b99d-43e7-b421-4f1bbfd2b026", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--92c8ba03-d6bb-41ce-997e-dbc3f0656092", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.091671Z", "modified": "2026-06-02T15:57:34.091671Z", "relationship_type": "indicates", "source_ref": "indicator--da83b718-7370-47c0-a22e-e24aba7eee0c", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a5f3a19a-46bd-4734-93f6-19f2e0d4ec69", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.092797Z", "modified": "2026-06-02T15:57:34.092797Z", "relationship_type": "indicates", "source_ref": "indicator--26808f52-2df4-4cf3-9d98-6f7a06bc2fc9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--989cc3bc-34ba-41bd-a37c-93260fc5383e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.093796Z", "modified": "2026-06-02T15:57:34.093796Z", "relationship_type": "indicates", "source_ref": "indicator--d500d3ea-59df-4602-90be-b9ab5e0e3bf6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8a7d26be-93cf-4dc0-ac55-491775c73073", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.094785Z", "modified": "2026-06-02T15:57:34.094785Z", "relationship_type": "indicates", "source_ref": "indicator--35a8296b-11d1-4085-a7a6-1da51c8f98a5", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8221258d-c635-422a-8e5c-c321fdd08f2d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.095789Z", "modified": "2026-06-02T15:57:34.095789Z", "relationship_type": "indicates", "source_ref": "indicator--4e6dcb34-2bf7-4ce2-b0ec-0f2210369304", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7f42a562-e6e5-48f7-b3d0-8b13f2ede73f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.096782Z", "modified": "2026-06-02T15:57:34.096782Z", "relationship_type": "indicates", "source_ref": "indicator--0d61f5e6-baf6-465b-b5a0-1f778d265f96", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--73374dcf-2a68-4bfd-accf-7d2f98128776", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.09777Z", "modified": "2026-06-02T15:57:34.09777Z", "relationship_type": "indicates", "source_ref": "indicator--e73b7013-1bc4-4212-ab79-9838d1f74aa0", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5f7eebb9-7a0b-4a84-9eb2-e7818428853f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.098752Z", "modified": "2026-06-02T15:57:34.098752Z", "relationship_type": "indicates", "source_ref": "indicator--be6d29d7-3533-427e-bd23-3e50c37c50f2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7f88e38b-fc2d-4d6c-b757-a01380302623", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.099883Z", "modified": "2026-06-02T15:57:34.099883Z", "relationship_type": "indicates", "source_ref": "indicator--7bf6938c-b589-4a06-a685-a6973329c7c2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ae1d2d67-730e-46df-9d8d-e2527d648bee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.100884Z", "modified": "2026-06-02T15:57:34.100884Z", "relationship_type": "indicates", "source_ref": "indicator--dbc420f1-e6f6-43d9-b865-44331808b583", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--94f29293-5c36-4b9a-9d9a-eb7955935165", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.101879Z", "modified": "2026-06-02T15:57:34.101879Z", "relationship_type": "indicates", "source_ref": "indicator--904d0e72-2ab6-4840-90c8-6edf3505aedb", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--018200f5-38b6-47ab-a27e-7711210a1144", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.102858Z", "modified": "2026-06-02T15:57:34.102858Z", "relationship_type": "indicates", "source_ref": "indicator--010085ea-0dd8-4319-ba4c-665f294f526f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--52bdb0bc-2697-4caa-a378-fd478c51150b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.103888Z", "modified": "2026-06-02T15:57:34.103888Z", "relationship_type": "indicates", "source_ref": "indicator--1a15b9dd-e7d7-4ea5-a230-4c4ba1258e6e", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--139a1847-caca-493a-aacd-1bf7f7f96aa7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.104884Z", "modified": "2026-06-02T15:57:34.104884Z", "relationship_type": "indicates", "source_ref": "indicator--7026fe3f-44db-4243-ac71-d2e3d2b8909a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--678830ed-d8cf-4b45-b60f-ea688a4dbecd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.105863Z", "modified": "2026-06-02T15:57:34.105863Z", "relationship_type": "indicates", "source_ref": "indicator--d533f75d-892b-46d2-8b05-861f0dec9c90", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ff6ebf76-90a7-47bf-8f71-7d73de5924bd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.106992Z", "modified": "2026-06-02T15:57:34.106992Z", "relationship_type": "indicates", "source_ref": "indicator--c996bf26-ddc6-462d-8237-fdbd12553f13", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--034888c8-3dae-481c-aadd-1309cf5ee82d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.108044Z", "modified": "2026-06-02T15:57:34.108044Z", "relationship_type": "indicates", "source_ref": "indicator--f3498838-0458-4b26-85e7-9f0caa2d3f2e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--464acf32-b784-4a9a-97cd-30dfb7113635", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.109045Z", "modified": "2026-06-02T15:57:34.109045Z", "relationship_type": "indicates", "source_ref": "indicator--90a60a2f-4ffb-45d3-849f-b8b06e9f53a6", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--916d9789-6064-44d2-8493-ed866d51d8e8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.110042Z", "modified": "2026-06-02T15:57:34.110042Z", "relationship_type": "indicates", "source_ref": "indicator--13b58434-45a8-46fe-a8f5-5ff249c8310f", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--babc4440-eea0-471e-bb8b-a1bf9215a89d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.11105Z", "modified": "2026-06-02T15:57:34.11105Z", "relationship_type": "indicates", "source_ref": "indicator--26d14d9d-3541-4975-820a-8cfea788c94b", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--776c56bf-b0a0-4368-848a-327f72f63d13", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.112045Z", "modified": "2026-06-02T15:57:34.112045Z", "relationship_type": "indicates", "source_ref": "indicator--1f66e8ce-28cd-4a26-a056-9e99cb50376e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--47890445-a74d-425b-9b66-ba4a0d98028f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.113025Z", "modified": "2026-06-02T15:57:34.113025Z", "relationship_type": "indicates", "source_ref": "indicator--2910cae3-eeed-46f1-a6a0-be2dac20c986", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f664e7c6-b5c2-4f38-a969-6a137291fd1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.114148Z", "modified": "2026-06-02T15:57:34.114148Z", "relationship_type": "indicates", "source_ref": "indicator--c392f86b-3b6b-4a48-ab36-9f5ba39ac750", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--21ff9040-5cb5-4662-8130-1bf3ba3c08db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.115153Z", "modified": "2026-06-02T15:57:34.115153Z", "relationship_type": "indicates", "source_ref": "indicator--9be1009e-f71c-4e37-90af-55a2d662c1b1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d7838b14-9fa6-4d73-bad4-fbb55736e67e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.116152Z", "modified": "2026-06-02T15:57:34.116152Z", "relationship_type": "indicates", "source_ref": "indicator--5eed6f51-0b19-478e-8062-a06dd641e04d", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3b0d74de-de59-4537-881c-6e58c36f2045", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.117148Z", "modified": "2026-06-02T15:57:34.117148Z", "relationship_type": "indicates", "source_ref": "indicator--033b92c7-55c8-44eb-8e07-cae504d128fa", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b640d663-1439-45f1-84a4-c7290c70b979", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.118138Z", "modified": "2026-06-02T15:57:34.118138Z", "relationship_type": "indicates", "source_ref": "indicator--801bafed-f37a-430f-8ad1-28957a864247", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d5b47a4b-14a9-44d4-b137-a86c5b9ba88d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.119122Z", "modified": "2026-06-02T15:57:34.119122Z", "relationship_type": "indicates", "source_ref": "indicator--4638b208-cb60-4d3a-9f3d-5c0b83e3bdad", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--49d6db97-e610-4602-ae6e-d1173004234f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.120126Z", "modified": "2026-06-02T15:57:34.120126Z", "relationship_type": "indicates", "source_ref": "indicator--85505ea8-d79b-445f-bb01-2d9744f58db8", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fdf263cf-285b-4fb2-88d0-a06896ffe490", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.121243Z", "modified": "2026-06-02T15:57:34.121243Z", "relationship_type": "indicates", "source_ref": "indicator--b27e447f-c321-4192-8f0c-dacec66e8bc7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d7fcfba1-15e2-4277-8a86-66d43067a0bf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.122236Z", "modified": "2026-06-02T15:57:34.122236Z", "relationship_type": "indicates", "source_ref": "indicator--6d7888ee-57af-4da8-acda-a7fa9ee0e7d5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f3814174-0329-46be-b60d-4404bfac152f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.123311Z", "modified": "2026-06-02T15:57:34.123311Z", "relationship_type": "indicates", "source_ref": "indicator--49a89494-e443-4b05-b1e0-f4982b1f3b65", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c74b9fbc-c58f-4f93-9fe4-8fc8e41738cb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.124308Z", "modified": "2026-06-02T15:57:34.124308Z", "relationship_type": "indicates", "source_ref": "indicator--aad623ac-e324-4159-8e5e-c8d73decbf61", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f02c6c1d-9821-4c6a-a860-44a7ced125b6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.12529Z", "modified": "2026-06-02T15:57:34.12529Z", "relationship_type": "indicates", "source_ref": "indicator--b7399c9c-9676-41eb-a470-0f94068ea5a5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c4ac8e37-aa1e-43e2-8908-8cc2c55fd74c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.126266Z", "modified": "2026-06-02T15:57:34.126266Z", "relationship_type": "indicates", "source_ref": "indicator--a580e512-f1f1-49d2-9c58-43208418fb9b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1b40368a-539a-43d1-9cee-99ff235aeff7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.127263Z", "modified": "2026-06-02T15:57:34.127263Z", "relationship_type": "indicates", "source_ref": "indicator--449668eb-8377-4507-89dd-2a68f7bca09c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b49eaf13-dd98-4e45-a9d9-56b31696d2d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.128391Z", "modified": "2026-06-02T15:57:34.128391Z", "relationship_type": "indicates", "source_ref": "indicator--f8806d24-3209-4851-8d1c-e27496fddf47", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a79c3212-a2d8-4aa7-877e-f68bfec8411c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.129414Z", "modified": "2026-06-02T15:57:34.129414Z", "relationship_type": "indicates", "source_ref": "indicator--60bf8644-3d36-4fa6-b7b3-6efe2bcdbd7e", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b4de9b59-eee9-4a74-a17d-6daa6beb5473", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.130492Z", "modified": "2026-06-02T15:57:34.130492Z", "relationship_type": "indicates", "source_ref": "indicator--fbc16581-1b43-4c2e-8c0c-4831996d24d7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d8a325aa-da02-4150-9931-58fd53ccfdb0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.131498Z", "modified": "2026-06-02T15:57:34.131498Z", "relationship_type": "indicates", "source_ref": "indicator--71b7aff9-389e-4cdc-a6ee-b2d2fa2e68f2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--204d0be3-9f72-4045-a0f2-600e1ee926b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.132489Z", "modified": "2026-06-02T15:57:34.132489Z", "relationship_type": "indicates", "source_ref": "indicator--9ef13ec1-1910-4a78-97b7-13e0c1e711c7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--beaa2e8a-2065-4578-b338-45f3e80297fe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.133478Z", "modified": "2026-06-02T15:57:34.133478Z", "relationship_type": "indicates", "source_ref": "indicator--512975e7-e2a0-4b06-b4b7-2107686a7af2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5eccb1cd-d3dc-43a8-8f85-fd21137a0896", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.134457Z", "modified": "2026-06-02T15:57:34.134457Z", "relationship_type": "indicates", "source_ref": "indicator--0711d40b-b768-4e73-9a9d-493623aee3f1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4642234c-79f6-4e04-83b1-fdf2265d9fdd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.135605Z", "modified": "2026-06-02T15:57:34.135605Z", "relationship_type": "indicates", "source_ref": "indicator--55359991-98ab-4d4a-9ff8-de5031774bf1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--69084b02-cceb-4692-ab60-77816ad8ed2e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.136609Z", "modified": "2026-06-02T15:57:34.136609Z", "relationship_type": "indicates", "source_ref": "indicator--12453c0a-1f5c-402d-93f2-bf6cd71ee8f8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dab25762-6228-465c-9134-698c9275d8c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.137595Z", "modified": "2026-06-02T15:57:34.137595Z", "relationship_type": "indicates", "source_ref": "indicator--f0ab87bd-b83e-432d-aa13-1248322ea91c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--706a5a52-7629-42a5-9e68-42bebd6fc978", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.138578Z", "modified": "2026-06-02T15:57:34.138578Z", "relationship_type": "indicates", "source_ref": "indicator--cfacb768-4416-4747-af06-7626e00389b2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b7672071-1f3e-4d11-8a01-be7c506c9d3b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.139565Z", "modified": "2026-06-02T15:57:34.139565Z", "relationship_type": "indicates", "source_ref": "indicator--b27235b0-410c-45a2-bae0-f42ed8dec14c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ccef0a38-fc04-40bd-8d60-4381cbe62743", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.140555Z", "modified": "2026-06-02T15:57:34.140555Z", "relationship_type": "indicates", "source_ref": "indicator--f691aae6-476c-4b2e-bebf-252ddf75402b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a442f070-229f-4946-bd29-b04445d8bbb7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.14156Z", "modified": "2026-06-02T15:57:34.14156Z", "relationship_type": "indicates", "source_ref": "indicator--1f6e154d-291e-415d-b4d0-92b937d84ef1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--26e6f507-81cc-4fa5-9e76-3d7168c56b9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.142742Z", "modified": "2026-06-02T15:57:34.142742Z", "relationship_type": "indicates", "source_ref": "indicator--fdf2c752-1bb9-4be5-a447-87b467528921", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--92910d74-a901-4daa-b563-a058878b0def", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.143807Z", "modified": "2026-06-02T15:57:34.143807Z", "relationship_type": "indicates", "source_ref": "indicator--4ff48b20-b3b3-440b-8cb9-45a999291d36", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6581dc30-5f20-4c7a-b459-fc4be29894ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.144917Z", "modified": "2026-06-02T15:57:34.144917Z", "relationship_type": "indicates", "source_ref": "indicator--78da6159-76c4-4714-842d-18ce89e3df20", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c369f10e-331e-4a28-ab43-f2d1e26040dc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.145921Z", "modified": "2026-06-02T15:57:34.145921Z", "relationship_type": "indicates", "source_ref": "indicator--dcacebbe-3d03-4924-80f0-c0bcd3aabfe7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c50f8f97-dae6-4058-988e-8547d595fb14", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.146917Z", "modified": "2026-06-02T15:57:34.146917Z", "relationship_type": "indicates", "source_ref": "indicator--54515fe6-6da7-4b45-9cc5-95bf77151025", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--21619c1c-72da-403d-a644-d28cf9c00c5d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.147933Z", "modified": "2026-06-02T15:57:34.147933Z", "relationship_type": "indicates", "source_ref": "indicator--6263c987-8013-4214-8766-16d58527e355", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1859f0b0-f1df-4694-8210-f26b019a83fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.148924Z", "modified": "2026-06-02T15:57:34.148924Z", "relationship_type": "indicates", "source_ref": "indicator--d9e99f79-1f85-4f7d-a7b9-5ed66320c0c4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b1920bb3-c669-459d-8c20-d639f71f4eba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.15006Z", "modified": "2026-06-02T15:57:34.15006Z", "relationship_type": "indicates", "source_ref": "indicator--1f9f7fd4-35f1-4911-818c-c46388baba41", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fc77f451-add0-4bf5-93c5-69f8a47656a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.151063Z", "modified": "2026-06-02T15:57:34.151063Z", "relationship_type": "indicates", "source_ref": "indicator--6da08a3e-4825-4a71-a9b4-ca8af1b0f74c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3e146d33-b415-44a2-88a8-2c09b3ac7ad9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.152073Z", "modified": "2026-06-02T15:57:34.152073Z", "relationship_type": "indicates", "source_ref": "indicator--6e25fe0c-4d05-4039-bf14-c461342c7336", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8f383a91-f748-476d-ae90-069c66741c70", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.15307Z", "modified": "2026-06-02T15:57:34.15307Z", "relationship_type": "indicates", "source_ref": "indicator--bd95065a-b3bc-442c-9ec3-993a7d4883f1", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4630a679-8dbc-41ed-a29e-bcd1c6380f61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.154067Z", "modified": "2026-06-02T15:57:34.154067Z", "relationship_type": "indicates", "source_ref": "indicator--312955fa-b9ee-4681-81e5-cb3dbb57f759", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9dbc6235-760d-447f-ac49-921e626b1324", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.155044Z", "modified": "2026-06-02T15:57:34.155044Z", "relationship_type": "indicates", "source_ref": "indicator--c12b4991-4868-4ded-9b81-a22018237fa7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--37448beb-00a0-4a47-a488-1f65149e4601", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.156046Z", "modified": "2026-06-02T15:57:34.156046Z", "relationship_type": "indicates", "source_ref": "indicator--b154862c-0ecd-45c8-afa2-6b91810e0759", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8ed032aa-158f-4c69-8662-e276e0b654c9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.158038Z", "modified": "2026-06-02T15:57:34.158038Z", "relationship_type": "indicates", "source_ref": "indicator--c852c9ee-e112-4693-8625-90a3f5afbb4c", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8f3ec54d-7a0b-415a-a61e-befbcf54bb64", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.159164Z", "modified": "2026-06-02T15:57:34.159164Z", "relationship_type": "indicates", "source_ref": "indicator--dca219b4-0c4d-44f0-8a9d-dee3a2660027", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--769e6504-601f-4181-8076-175f6e455f8a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.160181Z", "modified": "2026-06-02T15:57:34.160181Z", "relationship_type": "indicates", "source_ref": "indicator--50ee17a1-3c6c-4aea-a4cf-c2e551455d18", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc4e2617-d548-4b3c-932f-2f647b8fbf78", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.161182Z", "modified": "2026-06-02T15:57:34.161182Z", "relationship_type": "indicates", "source_ref": "indicator--a9e40f36-979d-4bac-a5bb-60a42ff2ed0b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7b16702f-cf15-4a98-be2d-30631574182f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.162167Z", "modified": "2026-06-02T15:57:34.162167Z", "relationship_type": "indicates", "source_ref": "indicator--445be07f-0f3f-46cc-99e3-f9e6a3f8a609", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--042ba9e7-e0a4-4dcc-ada8-c0a90b2b1173", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.163164Z", "modified": "2026-06-02T15:57:34.163164Z", "relationship_type": "indicates", "source_ref": "indicator--3bf17b33-b37b-4fcb-a2d0-64eea08a7bdf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--79db3719-de7e-45ea-91fa-0943c2a4037f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.164164Z", "modified": "2026-06-02T15:57:34.164164Z", "relationship_type": "indicates", "source_ref": "indicator--b7b9d894-a274-4efa-8216-2ad5227251ff", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4a96d669-bcde-4f4f-8eb8-f615902f6d45", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.165347Z", "modified": "2026-06-02T15:57:34.165347Z", "relationship_type": "indicates", "source_ref": "indicator--573e0be0-3e39-47e9-b33d-8423eb689b55", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--42a4b521-c445-491c-a35f-a9c168d5d7d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.166354Z", "modified": "2026-06-02T15:57:34.166354Z", "relationship_type": "indicates", "source_ref": "indicator--a7819ef9-169c-491d-82fb-2f16897e44ab", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6dfbc71d-0c09-4750-b949-df6610e5f68e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.167383Z", "modified": "2026-06-02T15:57:34.167383Z", "relationship_type": "indicates", "source_ref": "indicator--048c3b86-0ac0-4545-a2ff-714323850a22", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--99aed4ce-1173-4314-8646-b1724c1fe30c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.168378Z", "modified": "2026-06-02T15:57:34.168378Z", "relationship_type": "indicates", "source_ref": "indicator--ac9f0e6f-d052-4c6a-a9f6-0727562d5eb9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ba14fefe-37aa-4bf2-8a5e-92e6791d3100", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.169374Z", "modified": "2026-06-02T15:57:34.169374Z", "relationship_type": "indicates", "source_ref": "indicator--6a119e5b-4325-4920-9bd8-b55fd1095339", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ded0f96c-3764-4b47-9e48-ae4703452e98", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.170353Z", "modified": "2026-06-02T15:57:34.170353Z", "relationship_type": "indicates", "source_ref": "indicator--3e762c58-827d-4fce-a436-ad76f0edef9d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--45d90e07-b7ef-412c-9e5f-d3e4286b14bd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.171364Z", "modified": "2026-06-02T15:57:34.171364Z", "relationship_type": "indicates", "source_ref": "indicator--2ea8356d-d1a9-4ce1-8155-21827b1b76b2", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f70c08e-8ce6-4755-b557-db32bc3105fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.172526Z", "modified": "2026-06-02T15:57:34.172526Z", "relationship_type": "indicates", "source_ref": "indicator--d09d8b81-5d67-4a37-b53b-2df12ef1e254", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d191ad43-b88f-4f29-9cb5-b25920b2f171", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.173538Z", "modified": "2026-06-02T15:57:34.173538Z", "relationship_type": "indicates", "source_ref": "indicator--56be4175-0cf6-497a-b419-6ef619457ed2", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--302ef3ad-76c2-49e3-a089-f2de4773cedd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.174523Z", "modified": "2026-06-02T15:57:34.174523Z", "relationship_type": "indicates", "source_ref": "indicator--3a959760-8645-4d8b-9a88-6d5ff793bc77", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--476dd40c-8674-4af6-b889-49333eda1d8c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.175515Z", "modified": "2026-06-02T15:57:34.175515Z", "relationship_type": "indicates", "source_ref": "indicator--7370d365-a8a8-4c32-a5b2-3a0d1beb8004", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f0bb85d0-76a6-492b-a155-0f3f425ce341", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.176492Z", "modified": "2026-06-02T15:57:34.176492Z", "relationship_type": "indicates", "source_ref": "indicator--82aae9b6-c7f7-4461-bbf0-7702bc622606", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc4461bf-f3f4-49ac-bedb-b84ff454baf2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.177487Z", "modified": "2026-06-02T15:57:34.177487Z", "relationship_type": "indicates", "source_ref": "indicator--84f734b8-a64b-462b-b73b-7ac271b9cf48", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--076e28f9-1091-44ed-976f-4a29437f077e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.178465Z", "modified": "2026-06-02T15:57:34.178465Z", "relationship_type": "indicates", "source_ref": "indicator--ec251d1a-01fe-459b-92a7-d71c12b8a1cb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a2ffdda9-3f1d-4e3f-baa1-8728810dbe98", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.179601Z", "modified": "2026-06-02T15:57:34.179601Z", "relationship_type": "indicates", "source_ref": "indicator--e3a22afc-7374-4e53-8549-99a70a22d2b3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3544a842-dacb-4f7f-885a-4a5ad55b80cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.180607Z", "modified": "2026-06-02T15:57:34.180607Z", "relationship_type": "indicates", "source_ref": "indicator--5c16ca0f-f23a-4305-9202-419ac14ff2cb", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d2dac58c-af80-41f3-8614-58af0bed4cde", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.181588Z", "modified": "2026-06-02T15:57:34.181588Z", "relationship_type": "indicates", "source_ref": "indicator--43c70338-e62b-48c7-8152-fba7a95af9d5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4eaba8bc-28a8-40cb-a90c-76920413cfb6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.182575Z", "modified": "2026-06-02T15:57:34.182575Z", "relationship_type": "indicates", "source_ref": "indicator--b30ef1aa-15ad-4713-a3e9-b84ff9428e94", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--37d39e84-9ee2-4a5b-a31c-a073b1b5ed4f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.183574Z", "modified": "2026-06-02T15:57:34.183574Z", "relationship_type": "indicates", "source_ref": "indicator--7e96c766-4cf7-4b05-b069-5296903f2b07", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6bc8c489-3291-458c-ab69-99d235b5fd79", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.184569Z", "modified": "2026-06-02T15:57:34.184569Z", "relationship_type": "indicates", "source_ref": "indicator--51afe2b3-88e7-40a6-8f6f-4173bbf8ccb7", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0a1779ef-941c-441a-a4e9-a6d7edb83b5f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.185566Z", "modified": "2026-06-02T15:57:34.185566Z", "relationship_type": "indicates", "source_ref": "indicator--63557ff6-218f-4e58-b3d4-42555616073a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ce9483c0-2045-4683-a123-491220d285ef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.186689Z", "modified": "2026-06-02T15:57:34.186689Z", "relationship_type": "indicates", "source_ref": "indicator--d01c8d4f-94e5-498e-a0ed-c9c513764aa9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--54a3998a-8c27-4a8e-b73d-85ecbdc0bb8c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.187699Z", "modified": "2026-06-02T15:57:34.187699Z", "relationship_type": "indicates", "source_ref": "indicator--e4e947e8-6f87-4fea-ac93-eb77344a1641", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3e127cf3-d07e-485a-85ce-2975c164f2de", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.188682Z", "modified": "2026-06-02T15:57:34.188682Z", "relationship_type": "indicates", "source_ref": "indicator--92b0614d-372e-4029-a4ed-c94ef2c21681", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9cf31e71-9483-41c8-8eba-d11849782656", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.189676Z", "modified": "2026-06-02T15:57:34.189676Z", "relationship_type": "indicates", "source_ref": "indicator--1950633e-9804-4ba4-a454-91f92b60cd7d", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cdac9962-603e-41f0-8535-e82125213888", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.190653Z", "modified": "2026-06-02T15:57:34.190653Z", "relationship_type": "indicates", "source_ref": "indicator--458be886-936c-4711-8710-409dde73e3c0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a4257893-2c96-4e1d-b050-c1399218afeb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.191655Z", "modified": "2026-06-02T15:57:34.191655Z", "relationship_type": "indicates", "source_ref": "indicator--f42196de-7669-4657-b9c0-425628f7b516", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--76eecab5-64ca-4b64-829e-13dfadac5e40", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.19266Z", "modified": "2026-06-02T15:57:34.19266Z", "relationship_type": "indicates", "source_ref": "indicator--33ace63a-2ffd-4fae-8592-2f9dead47156", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6723e81d-3222-450f-80a6-2cde415694b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.193797Z", "modified": "2026-06-02T15:57:34.193797Z", "relationship_type": "indicates", "source_ref": "indicator--160c82c1-1ec2-4c20-9736-b31fcadf77be", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0ba4731e-6303-4e2c-a39f-600f9d307d15", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.194788Z", "modified": "2026-06-02T15:57:34.194788Z", "relationship_type": "indicates", "source_ref": "indicator--6008d0fd-41ec-4f51-bd59-1b6bd77ebfb9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e724c6e7-c48a-4f89-8f37-9613e82f8213", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.195802Z", "modified": "2026-06-02T15:57:34.195802Z", "relationship_type": "indicates", "source_ref": "indicator--7500119f-14a0-4352-a184-638c15feaac1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bb6f170c-847c-4df2-956d-b2742af0ec54", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.196786Z", "modified": "2026-06-02T15:57:34.196786Z", "relationship_type": "indicates", "source_ref": "indicator--88666eeb-84ff-44fa-bc46-90dc97e1ed59", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2c81b1e0-ff19-4d0d-a7bc-72c059e3f7cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.197779Z", "modified": "2026-06-02T15:57:34.197779Z", "relationship_type": "indicates", "source_ref": "indicator--60851ffd-da0a-4f99-9fa0-ce9f66214429", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7747b660-c017-4aac-accc-cad40fb26b85", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.198758Z", "modified": "2026-06-02T15:57:34.198758Z", "relationship_type": "indicates", "source_ref": "indicator--30f83e37-52ba-43a9-880e-abeba5667358", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bf3d5fda-2bad-4408-8126-b6dfa9a22834", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.199751Z", "modified": "2026-06-02T15:57:34.199751Z", "relationship_type": "indicates", "source_ref": "indicator--0a0ac034-2adc-4810-8ae0-2ffd5c7e29b3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5e711b90-a603-47ce-bf4e-4e95c2443470", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.200884Z", "modified": "2026-06-02T15:57:34.200884Z", "relationship_type": "indicates", "source_ref": "indicator--e7257ab7-4dab-4cd2-af3f-ed7073a7c283", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0d6c1847-690a-441d-8ea4-21933eb8037e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.201876Z", "modified": "2026-06-02T15:57:34.201876Z", "relationship_type": "indicates", "source_ref": "indicator--feb47413-134e-44c6-b2c6-e9d433c1999e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f6b29794-e0e2-4696-ab53-663b59b1d077", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.202881Z", "modified": "2026-06-02T15:57:34.202881Z", "relationship_type": "indicates", "source_ref": "indicator--76360205-bdbf-4131-99f5-df7769c344b7", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--743b6e6d-a278-46a0-9dcc-8f247a9baf4c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.203961Z", "modified": "2026-06-02T15:57:34.203961Z", "relationship_type": "indicates", "source_ref": "indicator--915e5c5c-6a1e-4782-b175-0426259306e3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--773f65a6-91aa-4280-b45a-665e2e598030", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.204961Z", "modified": "2026-06-02T15:57:34.204961Z", "relationship_type": "indicates", "source_ref": "indicator--cdc95af9-0a53-497f-91d6-5487b8f9cb4e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c7b59a5b-1414-4148-9bd0-015aa9411c40", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.205977Z", "modified": "2026-06-02T15:57:34.205977Z", "relationship_type": "indicates", "source_ref": "indicator--73b1eeed-a0ba-4d26-8799-5797731d947d", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--50953fba-aff4-48b0-8345-3156a2d86754", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.206998Z", "modified": "2026-06-02T15:57:34.206998Z", "relationship_type": "indicates", "source_ref": "indicator--88e31ac9-c5f0-42cb-9f76-542d80fe03ff", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bd89841d-d694-4523-8611-f6a8a7e920fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.20815Z", "modified": "2026-06-02T15:57:34.20815Z", "relationship_type": "indicates", "source_ref": "indicator--8a80eb39-ed19-4f90-aaf0-8edbd0e279c8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--092c5785-e229-41ff-b3e4-292f039a8f42", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.209151Z", "modified": "2026-06-02T15:57:34.209151Z", "relationship_type": "indicates", "source_ref": "indicator--dfe1a2d6-31fb-4246-91c3-8676ccf44e7b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--05c89133-49c3-4150-a149-76a17ff996f7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.210142Z", "modified": "2026-06-02T15:57:34.210142Z", "relationship_type": "indicates", "source_ref": "indicator--645e6c5b-73e7-44ad-9d5a-c9c577f97bb3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef1f8736-a31c-4849-86c8-c20caf02fc1e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.211142Z", "modified": "2026-06-02T15:57:34.211142Z", "relationship_type": "indicates", "source_ref": "indicator--2b372410-a094-4474-816a-729fc6599c4f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1292f9cd-00c9-4d19-a867-e396f3620761", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.212135Z", "modified": "2026-06-02T15:57:34.212135Z", "relationship_type": "indicates", "source_ref": "indicator--cf27ab6e-629d-48d4-80e9-0b5ac2b58bea", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f9d60177-2a8c-4c74-9e69-9514a90d374c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.213117Z", "modified": "2026-06-02T15:57:34.213117Z", "relationship_type": "indicates", "source_ref": "indicator--b1d2166c-59dd-46f0-bb51-08cfa25c24ca", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c1aea908-9ee8-4991-a499-0926340aebd2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.214133Z", "modified": "2026-06-02T15:57:34.214133Z", "relationship_type": "indicates", "source_ref": "indicator--3f07b45e-e6c2-49b1-a7a7-aec05f7b3273", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--28abf663-2b60-402b-82f3-35497643daa8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.215268Z", "modified": "2026-06-02T15:57:34.215268Z", "relationship_type": "indicates", "source_ref": "indicator--42da7696-fe37-4714-acfa-ad33d39ac7cd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f99029d8-2b4c-4f67-b702-a5162dc036ba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.216276Z", "modified": "2026-06-02T15:57:34.216276Z", "relationship_type": "indicates", "source_ref": "indicator--f9ad5df2-cc58-47b3-a05c-a0f0ce2c7939", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--064eaf97-e9b9-4b59-8092-3eeab7aa16bc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.217273Z", "modified": "2026-06-02T15:57:34.217273Z", "relationship_type": "indicates", "source_ref": "indicator--7adf4914-d05a-4c0c-b9f3-8e40afd4efc1", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f947f135-84e3-44a6-890d-ed81083959a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.218271Z", "modified": "2026-06-02T15:57:34.218271Z", "relationship_type": "indicates", "source_ref": "indicator--874861d6-b31d-4490-a8cb-e42f7ccc138d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f7fb442-c497-4114-a5a2-e9ac484e2612", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.219267Z", "modified": "2026-06-02T15:57:34.219267Z", "relationship_type": "indicates", "source_ref": "indicator--50942b1a-7443-4b3c-9cf2-8f6de9f0ad69", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1be169da-4a5b-4243-82a4-d46d43243f54", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.220273Z", "modified": "2026-06-02T15:57:34.220273Z", "relationship_type": "indicates", "source_ref": "indicator--b06aea95-32af-4405-a818-14c519e11b8c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--035a0c8d-5a5b-48b2-ba11-4d7f309a2e89", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.221264Z", "modified": "2026-06-02T15:57:34.221264Z", "relationship_type": "indicates", "source_ref": "indicator--736460cb-91b6-4311-98aa-994e4a86bd46", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7cbe3217-c207-49ba-b511-a8b4eed6f149", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.222399Z", "modified": "2026-06-02T15:57:34.222399Z", "relationship_type": "indicates", "source_ref": "indicator--90bb6d54-b5eb-46fe-822d-6821fa5039ff", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0da63f33-7645-4a36-bcb6-c3a3f5c576f4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.223404Z", "modified": "2026-06-02T15:57:34.223404Z", "relationship_type": "indicates", "source_ref": "indicator--5a818ef1-2a38-449a-a986-98724d003144", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d457b383-c9cb-4f65-bb2d-ebcd30722d2a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.224391Z", "modified": "2026-06-02T15:57:34.224391Z", "relationship_type": "indicates", "source_ref": "indicator--90e96d7c-9df9-4fc6-9d4a-0248e385d750", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d6793eff-a7f8-44cc-9c0e-68b45e4b8ac5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.225373Z", "modified": "2026-06-02T15:57:34.225373Z", "relationship_type": "indicates", "source_ref": "indicator--2c28bfa1-4ae9-44cf-a12a-3dcefa1d4dc4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--71d7002b-3778-450f-ad3b-aa8d492fea51", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.226562Z", "modified": "2026-06-02T15:57:34.226562Z", "relationship_type": "indicates", "source_ref": "indicator--0434688a-85e8-4d56-821a-180b9f6af417", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4732a2b4-5483-4432-bdc7-b7ae8d29a4d5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.227601Z", "modified": "2026-06-02T15:57:34.227601Z", "relationship_type": "indicates", "source_ref": "indicator--15ad5239-88a4-410e-9624-8f75aa835d75", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e39b77d2-017f-4a5f-819b-5513e0a61a9c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.228605Z", "modified": "2026-06-02T15:57:34.228605Z", "relationship_type": "indicates", "source_ref": "indicator--47db011c-0b25-47d3-b069-385df6364dd0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1484ee25-f973-41c2-95b8-9a47feec40bb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.22974Z", "modified": "2026-06-02T15:57:34.22974Z", "relationship_type": "indicates", "source_ref": "indicator--23e6d41a-6a32-4b68-bc99-5cdf62cf2643", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--14a43e0c-9749-4712-a149-ab8807396bb9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.23074Z", "modified": "2026-06-02T15:57:34.23074Z", "relationship_type": "indicates", "source_ref": "indicator--ce82ac15-dd21-4312-babb-334648a821fc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8eebc5ad-2a83-4321-a795-65e6449a14f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.231742Z", "modified": "2026-06-02T15:57:34.231742Z", "relationship_type": "indicates", "source_ref": "indicator--50ea6377-99f9-47de-8f08-02022fb7fc31", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--174a9b63-2438-4657-b718-7e74c6461f5c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.232726Z", "modified": "2026-06-02T15:57:34.232726Z", "relationship_type": "indicates", "source_ref": "indicator--63bd328d-db3f-4968-8957-907c7133dc6a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2c723027-d43a-4bc4-98c2-12caa0f336f8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.233727Z", "modified": "2026-06-02T15:57:34.233727Z", "relationship_type": "indicates", "source_ref": "indicator--7290affb-3eff-4733-91a1-ed4b2f42200d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2a7b3cd6-bfa0-45ff-950e-aaabcfaec55c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.234717Z", "modified": "2026-06-02T15:57:34.234717Z", "relationship_type": "indicates", "source_ref": "indicator--1fe59cb2-22f4-4269-b9c1-8fe19fadbec5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6c692f09-af9a-4d85-a6e5-729b7eaa0e60", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.235707Z", "modified": "2026-06-02T15:57:34.235707Z", "relationship_type": "indicates", "source_ref": "indicator--2beac7b8-6b35-4996-9ce5-25715c7d4c1f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--21aa3df8-ffad-40cf-85d8-051bb10abe6a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.23684Z", "modified": "2026-06-02T15:57:34.23684Z", "relationship_type": "indicates", "source_ref": "indicator--139d62bf-3c4b-484b-83c1-8c85d0a73f96", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a021aeb3-9204-4a3b-bb67-d37f60082e44", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.23784Z", "modified": "2026-06-02T15:57:34.23784Z", "relationship_type": "indicates", "source_ref": "indicator--c7599f0e-20fc-4813-a9a5-e960120cae1b", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--327edc09-cffb-4f7a-8031-69367a2e987f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.238854Z", "modified": "2026-06-02T15:57:34.238854Z", "relationship_type": "indicates", "source_ref": "indicator--9f32cc2c-d630-4c75-ae58-f708ba243135", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--016112c8-e3c3-49b5-a32a-aea657028bf4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.239856Z", "modified": "2026-06-02T15:57:34.239856Z", "relationship_type": "indicates", "source_ref": "indicator--afc663aa-ea56-44d7-a3ca-e5cd5fa1f4e8", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--25334719-6c7f-4055-9cd3-3439f6fb5475", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.240851Z", "modified": "2026-06-02T15:57:34.240851Z", "relationship_type": "indicates", "source_ref": "indicator--6221e699-a326-4b12-acc4-7343c016e05f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--095a55cd-c169-4761-a4a1-8d9937f34b3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.241827Z", "modified": "2026-06-02T15:57:34.241827Z", "relationship_type": "indicates", "source_ref": "indicator--7754104a-58b6-4444-acc5-1b0c685eeb4e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fe8a4ea2-b515-4296-b4d0-0f479b3f81f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.242807Z", "modified": "2026-06-02T15:57:34.242807Z", "relationship_type": "indicates", "source_ref": "indicator--483f2239-5c30-469b-a839-8e581a477110", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ed89161a-f8e4-4dd7-9ff1-f810093c0a1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.244727Z", "modified": "2026-06-02T15:57:34.244727Z", "relationship_type": "indicates", "source_ref": "indicator--c89fa11f-d4cd-40b8-8988-6c220e6678ac", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4ec63609-0592-4889-9630-86ea474b170e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.245858Z", "modified": "2026-06-02T15:57:34.245858Z", "relationship_type": "indicates", "source_ref": "indicator--95659260-bb09-4c74-8c8a-47f653cf5218", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--28693876-219e-4063-b37e-411fc77c7679", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.246876Z", "modified": "2026-06-02T15:57:34.246876Z", "relationship_type": "indicates", "source_ref": "indicator--5857f656-1148-45d2-9013-6756cb82812e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e3295e05-50ae-468f-9113-7c56cfe9650f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.247899Z", "modified": "2026-06-02T15:57:34.247899Z", "relationship_type": "indicates", "source_ref": "indicator--e24b7ea5-b723-48f0-811d-551cff262356", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e87c78d4-290f-4019-8710-f3b5a80ad6db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.248887Z", "modified": "2026-06-02T15:57:34.248887Z", "relationship_type": "indicates", "source_ref": "indicator--8c61b092-1961-475d-acaa-2649f93c9dee", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e4ca93f4-0274-4c89-9698-2e3b3cbab189", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.249883Z", "modified": "2026-06-02T15:57:34.249883Z", "relationship_type": "indicates", "source_ref": "indicator--f1f323ca-f031-4dbc-9639-0b0adcbb5a26", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--10167ea3-aab8-4f74-8cff-451aefc4a950", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.250866Z", "modified": "2026-06-02T15:57:34.250866Z", "relationship_type": "indicates", "source_ref": "indicator--ea106bb5-b5ad-4f5e-be4a-a28a60d39dbf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0ff97d15-d6d5-473b-8347-0e85f33aeb3a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.252047Z", "modified": "2026-06-02T15:57:34.252047Z", "relationship_type": "indicates", "source_ref": "indicator--d3040d6e-cf2b-4782-8501-f51e82d4dc96", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--30ed4499-5844-4579-9088-4c7412ce7b9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.253061Z", "modified": "2026-06-02T15:57:34.253061Z", "relationship_type": "indicates", "source_ref": "indicator--dfcd7886-a068-4362-92df-d1be2f5597cd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2bd985c7-9dd9-421e-aa36-0925419dec9a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.254086Z", "modified": "2026-06-02T15:57:34.254086Z", "relationship_type": "indicates", "source_ref": "indicator--83ccc42b-7b50-4250-96d5-744efd6fa314", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--73aa736a-5880-402a-8d12-d9a18ae99a30", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.255109Z", "modified": "2026-06-02T15:57:34.255109Z", "relationship_type": "indicates", "source_ref": "indicator--41429ac7-3f44-42c7-bf55-5ea72a979929", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c44fdf8c-e865-4181-9bf1-eec3b05cdfbb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.256109Z", "modified": "2026-06-02T15:57:34.256109Z", "relationship_type": "indicates", "source_ref": "indicator--b678006d-bb7c-41b8-a302-c0a73042a4c4", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--581e5d1c-398c-443b-8ef4-df757ebd4520", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.25709Z", "modified": "2026-06-02T15:57:34.25709Z", "relationship_type": "indicates", "source_ref": "indicator--dfc336ba-ab95-4fa5-aa88-42aa8d185919", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ed5df317-4417-428c-b198-0704a214e112", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.258083Z", "modified": "2026-06-02T15:57:34.258083Z", "relationship_type": "indicates", "source_ref": "indicator--7d348c85-eaae-43fe-ab9d-4f94cff2061e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--62073309-41c9-429b-bd73-d44dd8826a1d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.259223Z", "modified": "2026-06-02T15:57:34.259223Z", "relationship_type": "indicates", "source_ref": "indicator--66960c81-ec1f-4f0c-a951-de5ee8c26d02", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--52544857-03f9-4a46-9eed-310e7f3e3b74", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.260241Z", "modified": "2026-06-02T15:57:34.260241Z", "relationship_type": "indicates", "source_ref": "indicator--71b61c14-6d16-4acd-8579-e3ccae6c2e5f", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f70de6fd-ee3e-455c-bfa1-e73ed7d59249", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.261226Z", "modified": "2026-06-02T15:57:34.261226Z", "relationship_type": "indicates", "source_ref": "indicator--fa10461f-ba43-46fe-9377-5a35f6a41af7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5640370e-a549-457b-90b4-52929b148e00", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.262208Z", "modified": "2026-06-02T15:57:34.262208Z", "relationship_type": "indicates", "source_ref": "indicator--43d0d57a-410d-41ba-881c-7c9934aaad79", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8081be2a-2b1e-4fe4-8a84-9abceddb530c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.263206Z", "modified": "2026-06-02T15:57:34.263206Z", "relationship_type": "indicates", "source_ref": "indicator--492c44d9-a92b-4c01-a84f-c451ff4a04dd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9f18cc04-e1e7-414c-83cb-240abc88d729", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.264192Z", "modified": "2026-06-02T15:57:34.264192Z", "relationship_type": "indicates", "source_ref": "indicator--fe4099ba-f034-4bc2-9f4b-f6ac9674824a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a6dd4cf0-e22a-4418-8683-6adaf957ec70", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.265179Z", "modified": "2026-06-02T15:57:34.265179Z", "relationship_type": "indicates", "source_ref": "indicator--143d1647-aa0a-4689-9b26-4d553ae23ed3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--49a7eda0-9175-4a90-8e01-818cfe1306a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.266311Z", "modified": "2026-06-02T15:57:34.266311Z", "relationship_type": "indicates", "source_ref": "indicator--31cb34a8-7b37-4284-90de-302b236db0e2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--78f1ac68-2e8a-483c-b6ca-f3fbc9e76f6e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.267333Z", "modified": "2026-06-02T15:57:34.267333Z", "relationship_type": "indicates", "source_ref": "indicator--c16bc8ec-5632-42a0-89e6-c433306b7d69", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--03bed81e-ac9c-4427-b0d1-2cbf49cc0d62", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.268341Z", "modified": "2026-06-02T15:57:34.268341Z", "relationship_type": "indicates", "source_ref": "indicator--dba2092d-1456-43a6-82f5-a777e5d269f4", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aa2dcede-b50c-4beb-a2e4-0f94b3395f89", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.269328Z", "modified": "2026-06-02T15:57:34.269328Z", "relationship_type": "indicates", "source_ref": "indicator--c8ad2a2e-225e-41a8-8c20-6d8af0ff51f4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3a381af3-b5fd-4941-9f01-42d17276afcd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.270311Z", "modified": "2026-06-02T15:57:34.270311Z", "relationship_type": "indicates", "source_ref": "indicator--4a1b8a2a-615f-43a2-983b-29182c531329", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6eb04b8b-9028-4d95-8f69-488b7fa6efe0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.271304Z", "modified": "2026-06-02T15:57:34.271304Z", "relationship_type": "indicates", "source_ref": "indicator--cded9ab6-5580-41ca-a0fb-88c46aa0c678", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dbb3351e-b39d-46e1-a842-095c6cb9a8f5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.272302Z", "modified": "2026-06-02T15:57:34.272302Z", "relationship_type": "indicates", "source_ref": "indicator--3a9eac9a-d870-4a27-bafe-dc45f9bcf05d", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8e157cc9-c5c9-4792-bd47-176f6e72ee8d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.273417Z", "modified": "2026-06-02T15:57:34.273417Z", "relationship_type": "indicates", "source_ref": "indicator--794fb329-6a76-4aa6-807b-35afa9e84bfc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c99e9146-2475-4425-b8e4-4cf3de427909", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.274409Z", "modified": "2026-06-02T15:57:34.274409Z", "relationship_type": "indicates", "source_ref": "indicator--3330d98e-c30b-4f4c-a8bc-8319f889d20b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b6b090cc-08b9-4d66-8fdd-9654f7e56d2d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.275438Z", "modified": "2026-06-02T15:57:34.275438Z", "relationship_type": "indicates", "source_ref": "indicator--47c754c7-5dd9-4942-8c3c-fa2194033c0d", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--87a5a335-05e1-4d2f-9354-1b5f94a1abb9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.276437Z", "modified": "2026-06-02T15:57:34.276437Z", "relationship_type": "indicates", "source_ref": "indicator--c8a5b3e0-cffc-4512-b9a6-18fb20931353", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--755389c3-cc95-4183-9525-9a71f85b4fc5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.277434Z", "modified": "2026-06-02T15:57:34.277434Z", "relationship_type": "indicates", "source_ref": "indicator--00300d18-c239-4642-b10c-0a5e4a9d1f73", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e4aef750-255b-4090-b654-7587b992d0bb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.278429Z", "modified": "2026-06-02T15:57:34.278429Z", "relationship_type": "indicates", "source_ref": "indicator--6b905f20-02ca-43e0-b798-cf3416c0a5d8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f5996ab-9c61-4e60-a5cb-0951356546d1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.279422Z", "modified": "2026-06-02T15:57:34.279422Z", "relationship_type": "indicates", "source_ref": "indicator--e63a748c-eca5-4d29-bd41-2b4655b58ade", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a516eb3a-6502-415d-abc7-ce417026d1ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.280545Z", "modified": "2026-06-02T15:57:34.280545Z", "relationship_type": "indicates", "source_ref": "indicator--1e798341-68fc-4029-81cd-0fe25d3e42de", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0c721160-baa4-4fe8-8f1e-d4edbcd64046", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.281553Z", "modified": "2026-06-02T15:57:34.281553Z", "relationship_type": "indicates", "source_ref": "indicator--815e0463-2040-4fb9-9e15-e92e95c9f051", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aebb4542-2ad7-43ee-bcb7-8d462c35cda4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.282536Z", "modified": "2026-06-02T15:57:34.282536Z", "relationship_type": "indicates", "source_ref": "indicator--4636e367-85a3-4542-9f85-429544f63585", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c973f9d9-d088-4e9d-a793-720aa8015475", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.283525Z", "modified": "2026-06-02T15:57:34.283525Z", "relationship_type": "indicates", "source_ref": "indicator--966f2f21-5716-43e0-9dc4-36eb6605f21f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f5dc835-cca6-49ec-96d4-bcb3bd50a577", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.284521Z", "modified": "2026-06-02T15:57:34.284521Z", "relationship_type": "indicates", "source_ref": "indicator--141a6bf6-daa3-4f65-8b11-a69f3d04897e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--92034e68-9f19-4687-86f4-5fde0434ec3e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.285501Z", "modified": "2026-06-02T15:57:34.285501Z", "relationship_type": "indicates", "source_ref": "indicator--7630c579-bee9-4743-8a13-b0d75a8ab026", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9bbe7360-a496-4f4c-910b-5e6c36b117c7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.286485Z", "modified": "2026-06-02T15:57:34.286485Z", "relationship_type": "indicates", "source_ref": "indicator--93c2a2fc-500f-4267-beaf-e807880c288c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--df4a8f87-4665-4950-aa64-a4f3e14492a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.287623Z", "modified": "2026-06-02T15:57:34.287623Z", "relationship_type": "indicates", "source_ref": "indicator--f37e8c5e-ff9a-4811-aff1-12c858b08dac", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9ef57d23-9449-4d2b-aeb7-b731d8ab9faf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.288628Z", "modified": "2026-06-02T15:57:34.288628Z", "relationship_type": "indicates", "source_ref": "indicator--546ade63-ac16-449d-9507-f0b376dce774", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--532014a9-2007-4519-875a-c2bdb62b7aeb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.289628Z", "modified": "2026-06-02T15:57:34.289628Z", "relationship_type": "indicates", "source_ref": "indicator--10eeba0c-bf2a-4e7f-aa75-f65377595a2e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--485681cd-03f3-4337-af4c-ba38573c9c9a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.290644Z", "modified": "2026-06-02T15:57:34.290644Z", "relationship_type": "indicates", "source_ref": "indicator--ad226a11-ae12-4e55-b21c-e5c4a3bda50c", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0377d437-3097-4e2f-9a9c-2e976d10ad36", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.291649Z", "modified": "2026-06-02T15:57:34.291649Z", "relationship_type": "indicates", "source_ref": "indicator--ef15e9a5-5b4d-4049-9413-364e31faf543", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--900e1679-3edc-4bde-992b-aa37c71215ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.292647Z", "modified": "2026-06-02T15:57:34.292647Z", "relationship_type": "indicates", "source_ref": "indicator--554eb4aa-1ca1-4f01-9faa-00a767bed7e6", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a8374e6d-f8c5-4a1d-b888-0821dd9820aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.29363Z", "modified": "2026-06-02T15:57:34.29363Z", "relationship_type": "indicates", "source_ref": "indicator--65fd894f-a6ed-43f6-9848-1d92221f80fb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b34f9b5a-0d2a-474a-983f-4f74d95ced36", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.294762Z", "modified": "2026-06-02T15:57:34.294762Z", "relationship_type": "indicates", "source_ref": "indicator--b35f5ad2-1901-462c-8bce-b77e67f29bbb", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8d3e414f-03c1-41a6-bf76-b85e0711755c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.295778Z", "modified": "2026-06-02T15:57:34.295778Z", "relationship_type": "indicates", "source_ref": "indicator--ad9aed89-404f-411f-b4f2-ed97c0add90b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f19b3ab-3646-4ad7-b113-ed5a826d1c7b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.296779Z", "modified": "2026-06-02T15:57:34.296779Z", "relationship_type": "indicates", "source_ref": "indicator--66abef07-ae04-427a-b20f-b1f43d53b383", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--377d5dda-aa68-4195-b566-3f9f48d5291e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.297775Z", "modified": "2026-06-02T15:57:34.297775Z", "relationship_type": "indicates", "source_ref": "indicator--08d0321e-4f70-474c-8252-6e1b6a46fd8f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--624d0134-f3ce-4634-99c9-5164b961679b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.298783Z", "modified": "2026-06-02T15:57:34.298783Z", "relationship_type": "indicates", "source_ref": "indicator--6eeb74e1-1e29-47bb-ae08-37fa752ad4b0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a39deed3-0e67-4313-8d87-b23356179b89", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.29981Z", "modified": "2026-06-02T15:57:34.29981Z", "relationship_type": "indicates", "source_ref": "indicator--e599f001-3d93-46a0-864a-ae63258cce83", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cfc8d081-54d8-46a5-91cf-730e80584eeb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.300818Z", "modified": "2026-06-02T15:57:34.300818Z", "relationship_type": "indicates", "source_ref": "indicator--115854e6-cd5d-4346-85bd-ef9912eea02d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ae6baf82-cf24-4cbb-8327-7eb2b442f024", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.30198Z", "modified": "2026-06-02T15:57:34.30198Z", "relationship_type": "indicates", "source_ref": "indicator--01f011e8-2679-46a7-a66c-ddfb0b69a358", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--29a483e2-ba30-4de9-955b-b80632e805d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.302983Z", "modified": "2026-06-02T15:57:34.302983Z", "relationship_type": "indicates", "source_ref": "indicator--4cf2765f-83b2-46c1-8c3d-d39c95d84781", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--25c8b173-5de4-4d66-999e-01bd4013a76f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.304018Z", "modified": "2026-06-02T15:57:34.304018Z", "relationship_type": "indicates", "source_ref": "indicator--e06380f1-b115-462c-b516-66c7a5d17e30", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6b3e0096-4f91-46bc-bd5a-f105269bdcf6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.305012Z", "modified": "2026-06-02T15:57:34.305012Z", "relationship_type": "indicates", "source_ref": "indicator--90f0aeb4-91a9-4660-8dd6-9e6721803ecb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--072c295d-8a7c-46fd-9963-7de7e8c30e6c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.306Z", "modified": "2026-06-02T15:57:34.306Z", "relationship_type": "indicates", "source_ref": "indicator--eb35845d-81ca-48d1-a36a-9ecceb979937", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c274bffa-b071-4de5-8cef-53a0be471d3b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.306985Z", "modified": "2026-06-02T15:57:34.306985Z", "relationship_type": "indicates", "source_ref": "indicator--bd8a817a-f957-4ef0-9258-cfd46a2d7e3e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d4546592-1090-41b3-96de-e8a98919ec0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.308035Z", "modified": "2026-06-02T15:57:34.308035Z", "relationship_type": "indicates", "source_ref": "indicator--a7fdd92f-8f2e-4867-b29a-0a37b903c967", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--250c524e-b9b8-4f36-89b6-c0207fd1c56a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.309195Z", "modified": "2026-06-02T15:57:34.309195Z", "relationship_type": "indicates", "source_ref": "indicator--dd540f27-d932-4253-a23b-f109073b84ce", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3d0b616c-1662-4bbe-ae15-cf3d8bcca0ad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.310194Z", "modified": "2026-06-02T15:57:34.310194Z", "relationship_type": "indicates", "source_ref": "indicator--01337871-a87b-4d49-a769-1c46f0bced2c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3bab0dcb-4795-40bc-8513-d8632e04d02d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.311182Z", "modified": "2026-06-02T15:57:34.311182Z", "relationship_type": "indicates", "source_ref": "indicator--64cb56d8-1a6e-45dc-ac59-15e2fd28daf7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3d543979-6901-4703-aa2e-1e9d8963d114", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.312164Z", "modified": "2026-06-02T15:57:34.312164Z", "relationship_type": "indicates", "source_ref": "indicator--9caac11f-d116-4fe5-95c2-819e782e90b9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--318bab73-20f2-44dd-b44f-79f96e31a710", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.313144Z", "modified": "2026-06-02T15:57:34.313144Z", "relationship_type": "indicates", "source_ref": "indicator--1f9f74ee-76a3-47ea-959b-431936d53474", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0c4890f1-2f11-4d30-8c46-c3f6993e691c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.314122Z", "modified": "2026-06-02T15:57:34.314122Z", "relationship_type": "indicates", "source_ref": "indicator--0a44b970-081b-46af-a32a-0c6e6fcf9013", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e2c2c8d8-a112-4915-9eed-f3ff51dd5744", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.315126Z", "modified": "2026-06-02T15:57:34.315126Z", "relationship_type": "indicates", "source_ref": "indicator--4d3d355b-cf1c-4c9d-b9e2-dc6fde4f3e6d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--49878b19-dc10-4fb0-848a-d765858d5530", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.31627Z", "modified": "2026-06-02T15:57:34.31627Z", "relationship_type": "indicates", "source_ref": "indicator--cad10f8e-bd3c-413d-869e-1282677ce196", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6802d520-6993-4746-804e-9f8cbe34440d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.317265Z", "modified": "2026-06-02T15:57:34.317265Z", "relationship_type": "indicates", "source_ref": "indicator--50a41c4c-5f41-4577-bbab-850bca5ba98a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4de25f77-d966-4f53-acfd-448f78edecf9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.318292Z", "modified": "2026-06-02T15:57:34.318292Z", "relationship_type": "indicates", "source_ref": "indicator--a0b159f0-78ed-43d0-8d33-1a59bc84220c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--900eea6c-1b7e-4dbd-a7ce-ba2cdf0b8de6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.319289Z", "modified": "2026-06-02T15:57:34.319289Z", "relationship_type": "indicates", "source_ref": "indicator--30c8dd97-130a-42e4-a27a-5c372c8ca54b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--32c8f674-fc02-472b-ab16-a10cc1ed83af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.320284Z", "modified": "2026-06-02T15:57:34.320284Z", "relationship_type": "indicates", "source_ref": "indicator--fd10f259-72a2-4040-a44c-90aa714d30fa", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c7f0d3ad-90a0-4fb5-81ce-c91cc33f6e37", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.321275Z", "modified": "2026-06-02T15:57:34.321275Z", "relationship_type": "indicates", "source_ref": "indicator--caa659d4-718d-4193-aef5-1bb9acf3a3f2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5a6a3c7a-56f7-4f02-a7ea-fe862d0a421e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.322255Z", "modified": "2026-06-02T15:57:34.322255Z", "relationship_type": "indicates", "source_ref": "indicator--467be853-c62a-4f45-ba7b-d448c0e5ba6e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0dc25c96-fb35-49c6-aeb7-d39a68e6d5b7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.323405Z", "modified": "2026-06-02T15:57:34.323405Z", "relationship_type": "indicates", "source_ref": "indicator--8fbf254f-e8e6-4bda-9a2f-e098d1dbf6f7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0ca4392c-4a44-43d0-9b95-691f0bc2bf62", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.324413Z", "modified": "2026-06-02T15:57:34.324413Z", "relationship_type": "indicates", "source_ref": "indicator--8714e7a0-bbe8-44e4-a187-727367aa671c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0e7099c4-2ba2-4093-97f2-5a991281ec16", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.325404Z", "modified": "2026-06-02T15:57:34.325404Z", "relationship_type": "indicates", "source_ref": "indicator--06952e62-3c55-4c4f-895a-93b6f6e71b57", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c699bcca-1f6a-4c9f-b5ab-2f923456f021", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.326415Z", "modified": "2026-06-02T15:57:34.326415Z", "relationship_type": "indicates", "source_ref": "indicator--1fcde5a1-2a19-4c85-a47c-364957897a72", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--63acefdb-13d8-4221-b86b-223284341977", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.327503Z", "modified": "2026-06-02T15:57:34.327503Z", "relationship_type": "indicates", "source_ref": "indicator--36e22999-2b6b-49d4-983e-7eba08b8ed0d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--104d3dc5-ef17-4b87-bfaf-ff9eb9f812f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.328577Z", "modified": "2026-06-02T15:57:34.328577Z", "relationship_type": "indicates", "source_ref": "indicator--0c00b460-219a-41f9-b7c6-5f5e48724b57", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--60db353f-9de8-407c-b252-2e803558b164", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.329619Z", "modified": "2026-06-02T15:57:34.329619Z", "relationship_type": "indicates", "source_ref": "indicator--66798b17-5c05-45c1-8b1c-48d106205aa8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9a6fe723-7a89-48d6-b158-1c10ac8fbddd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.331792Z", "modified": "2026-06-02T15:57:34.331792Z", "relationship_type": "indicates", "source_ref": "indicator--4520ca01-27ff-48d3-a42b-b451a792c570", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--53aa9558-b3d0-4a7f-81f8-38cdd5f2b4c1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.333002Z", "modified": "2026-06-02T15:57:34.333002Z", "relationship_type": "indicates", "source_ref": "indicator--70edb049-8175-4196-8d38-32ec22aa7773", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f5ecf604-abf7-401a-9ce6-6d382fecc7ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.334041Z", "modified": "2026-06-02T15:57:34.334041Z", "relationship_type": "indicates", "source_ref": "indicator--c279c9e8-95b0-444c-ae65-fdcd2f2d7e08", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--109879ee-2993-4bb3-a076-dfce2acfc2e7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.335045Z", "modified": "2026-06-02T15:57:34.335045Z", "relationship_type": "indicates", "source_ref": "indicator--90a48319-1e9b-44d5-8836-7cd5ffddf606", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0c707b99-e3a1-4208-bcb3-6ac4518d8a63", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.33607Z", "modified": "2026-06-02T15:57:34.33607Z", "relationship_type": "indicates", "source_ref": "indicator--131fde3a-6412-4a11-a2f5-c9d8e1525aee", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--53cb4856-022b-4ef3-8604-6ad7d5d30a61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.337069Z", "modified": "2026-06-02T15:57:34.337069Z", "relationship_type": "indicates", "source_ref": "indicator--ec772d00-c045-4af0-a931-d7bf1d61d2dc", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--efcb7ef8-4fec-4cea-afb7-7a8229e2878a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.338052Z", "modified": "2026-06-02T15:57:34.338052Z", "relationship_type": "indicates", "source_ref": "indicator--c5e45712-8db8-4a13-a417-d1f49a67a3df", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c7b042f5-e8f7-4473-82a7-35094e9c0d19", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.340522Z", "modified": "2026-06-02T15:57:34.340522Z", "relationship_type": "indicates", "source_ref": "indicator--18903672-8e03-4818-9427-84e3324d3815", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7d122bc3-09b1-441f-a239-cf35f05fc7f4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.341835Z", "modified": "2026-06-02T15:57:34.341835Z", "relationship_type": "indicates", "source_ref": "indicator--822c3d0d-01c6-4fc5-b5e7-0014f04083ac", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--01055090-74bf-443a-9481-5e56002810b8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.342871Z", "modified": "2026-06-02T15:57:34.342871Z", "relationship_type": "indicates", "source_ref": "indicator--dab47e17-fe5d-484b-8481-49683e6c2c3e", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--09550e3a-0c57-4ea7-933a-7938504259ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.343882Z", "modified": "2026-06-02T15:57:34.343882Z", "relationship_type": "indicates", "source_ref": "indicator--18e7b38d-be20-4a2a-94b2-9d62811fdc71", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3a9bb78c-3684-4f96-b78f-c6c34572649e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.344867Z", "modified": "2026-06-02T15:57:34.344867Z", "relationship_type": "indicates", "source_ref": "indicator--39042c60-af28-4f8c-b99e-46a6987de5b0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c7fc2dc3-9a25-46e1-b35c-6c2a2e90b770", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.345864Z", "modified": "2026-06-02T15:57:34.345864Z", "relationship_type": "indicates", "source_ref": "indicator--a7a664b0-d2f6-4019-8c01-79b4dd964787", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8e5a8503-2229-4ec8-8282-452c74da7cbe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.346852Z", "modified": "2026-06-02T15:57:34.346852Z", "relationship_type": "indicates", "source_ref": "indicator--af3fbcd0-8d6d-4980-845f-b61964f93e9f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--94db20e2-3091-45a7-8e32-1b0d8fd5ec6d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.347998Z", "modified": "2026-06-02T15:57:34.347998Z", "relationship_type": "indicates", "source_ref": "indicator--36993581-0219-4b8b-a7a7-383a8d14be93", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--79bcc0b5-e2a0-47f3-8ed3-2c20c49e607d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.349001Z", "modified": "2026-06-02T15:57:34.349001Z", "relationship_type": "indicates", "source_ref": "indicator--a3c11f59-2df3-41f6-8d56-3210111bc2d1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7a96fd8e-1719-495a-bba5-aeb00ff7952f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.349995Z", "modified": "2026-06-02T15:57:34.349995Z", "relationship_type": "indicates", "source_ref": "indicator--724a6b8c-131b-48fb-899c-08fa2dc74dd4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5fa3e39f-1199-4b24-a5a1-c40c1c3473b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.350973Z", "modified": "2026-06-02T15:57:34.350973Z", "relationship_type": "indicates", "source_ref": "indicator--eb457b60-d818-4962-ae57-f3dbc07b17f3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--23f8e601-edbf-47e6-b8a5-090e3be3e92f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.351976Z", "modified": "2026-06-02T15:57:34.351976Z", "relationship_type": "indicates", "source_ref": "indicator--64820130-411d-4b7a-a1cd-08c704e1dc70", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cf7edad2-e0aa-43a0-9b0f-1ac8a8a9e759", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.352965Z", "modified": "2026-06-02T15:57:34.352965Z", "relationship_type": "indicates", "source_ref": "indicator--3bf7de79-ffdd-4fde-9e36-0999a87ba4ba", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0282b8ad-9245-49d2-b728-3ff2536ad6a3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.353957Z", "modified": "2026-06-02T15:57:34.353957Z", "relationship_type": "indicates", "source_ref": "indicator--6a0ed9e7-7f05-441e-b17b-79cd73b95874", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--558e256b-69ce-4a84-bda7-2e2e80158fa3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.355098Z", "modified": "2026-06-02T15:57:34.355098Z", "relationship_type": "indicates", "source_ref": "indicator--526fbd96-e596-45f0-a4bd-c9f54509f129", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--56cf9923-c9d4-4e26-a9d5-4228efe1199f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.356112Z", "modified": "2026-06-02T15:57:34.356112Z", "relationship_type": "indicates", "source_ref": "indicator--ffbd70f7-cc91-463b-9db9-f9e0f0fdb211", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cca99e89-080e-4cf2-bb9c-996211ad1904", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.357102Z", "modified": "2026-06-02T15:57:34.357102Z", "relationship_type": "indicates", "source_ref": "indicator--17b1e8ea-3cfd-45f0-9dc4-4b34227fd463", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--98e58653-58b8-4e8e-aefe-239c799156bf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.35809Z", "modified": "2026-06-02T15:57:34.35809Z", "relationship_type": "indicates", "source_ref": "indicator--aa203d33-ceaa-4add-adc0-ef8af92b944a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4db579bb-96f9-49c7-9481-3e4163b087b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.359087Z", "modified": "2026-06-02T15:57:34.359087Z", "relationship_type": "indicates", "source_ref": "indicator--ab0a3318-128d-45a4-b05a-6c286db07365", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ecbbd66b-9428-4705-9d7b-ba7478789a65", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.360088Z", "modified": "2026-06-02T15:57:34.360088Z", "relationship_type": "indicates", "source_ref": "indicator--f6546f80-d86e-448c-9452-71bbd271a3d7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6253a2e4-67ed-460c-a1f9-c8c41c2c14a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.361079Z", "modified": "2026-06-02T15:57:34.361079Z", "relationship_type": "indicates", "source_ref": "indicator--67d83370-cdca-4157-95b3-30aa8e9c8022", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ed7a330e-9ba6-4af9-98c2-4f58783ce99e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.3622Z", "modified": "2026-06-02T15:57:34.3622Z", "relationship_type": "indicates", "source_ref": "indicator--bc7e449b-72f1-480f-82da-d74a464991d0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef05df7e-6a37-457b-90df-ea6a8a08af96", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.363211Z", "modified": "2026-06-02T15:57:34.363211Z", "relationship_type": "indicates", "source_ref": "indicator--0d6adaca-f41a-45af-8be9-29a9acf6a0ef", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d11eab10-aa8d-4613-b718-d364b991fe93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.364203Z", "modified": "2026-06-02T15:57:34.364203Z", "relationship_type": "indicates", "source_ref": "indicator--cc67bd13-99d8-404e-a390-0f466eb15c39", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--16d3b333-3432-4ad3-ba44-8ee8f7382c7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.365184Z", "modified": "2026-06-02T15:57:34.365184Z", "relationship_type": "indicates", "source_ref": "indicator--8580d6e2-b89e-45a4-b9bf-f5dfdd6c116d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--18509a32-ff9b-4ae5-9fa5-346d07020ac5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.366193Z", "modified": "2026-06-02T15:57:34.366193Z", "relationship_type": "indicates", "source_ref": "indicator--ae6d4ab6-b7b5-4056-af7e-786bca061ce0", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--79e47351-6feb-467b-87cb-c6eef9932b3a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.36719Z", "modified": "2026-06-02T15:57:34.36719Z", "relationship_type": "indicates", "source_ref": "indicator--11511813-2a0a-456b-adb0-3db212e4c333", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2b2b79c8-b969-4985-a9a7-0c3725655903", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.368181Z", "modified": "2026-06-02T15:57:34.368181Z", "relationship_type": "indicates", "source_ref": "indicator--9a8f5a5d-1db3-4de9-94fc-d8e93fdfaa82", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--762e36a8-d0dc-4774-887a-3f6179ad624e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.369301Z", "modified": "2026-06-02T15:57:34.369301Z", "relationship_type": "indicates", "source_ref": "indicator--84463d24-3327-4dcb-b087-0c1e06152a30", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8932455c-fec0-4f5b-b4bc-0e5b723ad2e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.370315Z", "modified": "2026-06-02T15:57:34.370315Z", "relationship_type": "indicates", "source_ref": "indicator--c9237f5f-98bc-4265-8511-e1f06cfb3cee", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--61c2d27c-55c4-429f-a38e-3c93c395702a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.371311Z", "modified": "2026-06-02T15:57:34.371311Z", "relationship_type": "indicates", "source_ref": "indicator--cb53e6d3-a2f4-4269-ab5a-0a4c13472f26", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--56e51c8e-acbd-404e-8ef4-d81bcd4807d0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.372303Z", "modified": "2026-06-02T15:57:34.372303Z", "relationship_type": "indicates", "source_ref": "indicator--69068810-5e81-4e46-aa01-87db1d629503", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b8e6b00d-3ff4-4fbd-a8c1-ffa6a0dbc0f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.37329Z", "modified": "2026-06-02T15:57:34.37329Z", "relationship_type": "indicates", "source_ref": "indicator--32d642e0-87a1-4836-9ce7-8e2ef96c1410", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--df8a9d9f-adac-4436-8fed-608a74cf0fda", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.374274Z", "modified": "2026-06-02T15:57:34.374274Z", "relationship_type": "indicates", "source_ref": "indicator--17abee0c-3ace-4d05-89be-aa91a7db6729", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0c167aaf-12fb-4914-9e1b-65a98d4177f7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.375279Z", "modified": "2026-06-02T15:57:34.375279Z", "relationship_type": "indicates", "source_ref": "indicator--319ccde6-8294-4be2-8e0d-1eea39fd7a64", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5eec21d0-6020-4465-8e2c-646b22a0cac6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.376406Z", "modified": "2026-06-02T15:57:34.376406Z", "relationship_type": "indicates", "source_ref": "indicator--8d65a02a-d3ec-4ef6-8787-a532f1cc9dea", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3490198e-7499-4062-9f0f-0dda6308b41f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.377401Z", "modified": "2026-06-02T15:57:34.377401Z", "relationship_type": "indicates", "source_ref": "indicator--891cd310-bf7c-484b-afb6-019b80c2e4c2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aad8f59f-800c-4a35-a50f-4a021360c1ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.378388Z", "modified": "2026-06-02T15:57:34.378388Z", "relationship_type": "indicates", "source_ref": "indicator--6281d217-0236-42e6-aa73-8f833a442715", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e736be44-6728-4cd1-986a-1ba1b548596a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.379414Z", "modified": "2026-06-02T15:57:34.379414Z", "relationship_type": "indicates", "source_ref": "indicator--6bd1bbdb-3b30-4818-b29c-4117a6ee528e", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1c7321c7-7e4b-49d5-ae60-5620bc960258", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.380453Z", "modified": "2026-06-02T15:57:34.380453Z", "relationship_type": "indicates", "source_ref": "indicator--c583cb0c-aca5-4396-94af-c886dae45c9b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d87c5869-3f6b-4fb2-aeea-bc708eb9e9dc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.38144Z", "modified": "2026-06-02T15:57:34.38144Z", "relationship_type": "indicates", "source_ref": "indicator--a5e37c26-d1ca-49e8-b702-07ce2a86e162", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--255cbfbd-8f5a-465b-85ee-05e31062395b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.382422Z", "modified": "2026-06-02T15:57:34.382422Z", "relationship_type": "indicates", "source_ref": "indicator--0fc0fedd-bbea-4ec3-85ee-ba1edbcf0911", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--76679ff9-b667-4c86-9d76-c9e5a6bf2aad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.383563Z", "modified": "2026-06-02T15:57:34.383563Z", "relationship_type": "indicates", "source_ref": "indicator--bcc6d11f-684d-4b35-99fa-fb0279ad8e9a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2d2e0193-0507-42a9-a154-0f475d21d142", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.384567Z", "modified": "2026-06-02T15:57:34.384567Z", "relationship_type": "indicates", "source_ref": "indicator--4142bbe6-12c7-4828-b569-b5bec8737937", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ff3e676f-422b-406c-9c6c-17fdeb71cb46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.385569Z", "modified": "2026-06-02T15:57:34.385569Z", "relationship_type": "indicates", "source_ref": "indicator--e686c94d-5850-4233-8fb3-a12e4d873fa8", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--32410b2d-c470-4468-9f85-1da9b2b9e312", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.386565Z", "modified": "2026-06-02T15:57:34.386565Z", "relationship_type": "indicates", "source_ref": "indicator--26d971dd-ec82-49b7-ac67-595ee7806006", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--211306bc-ebb3-4426-a087-ff1a2dd5df38", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.387581Z", "modified": "2026-06-02T15:57:34.387581Z", "relationship_type": "indicates", "source_ref": "indicator--f991253c-6fee-4398-871e-0d8e349b6d39", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9cab9433-59aa-4c81-b76f-46f78d75d82e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.388574Z", "modified": "2026-06-02T15:57:34.388574Z", "relationship_type": "indicates", "source_ref": "indicator--ab534c82-20ba-432d-9b34-f29c9feb2ea7", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b88b6b46-0b55-4596-b7b8-b0899be281f8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.389555Z", "modified": "2026-06-02T15:57:34.389555Z", "relationship_type": "indicates", "source_ref": "indicator--120876fa-1842-4baa-bc77-4a51913764e6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--98bb64da-e78f-471f-baef-9c4b8e19ac2f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.39068Z", "modified": "2026-06-02T15:57:34.39068Z", "relationship_type": "indicates", "source_ref": "indicator--43b04191-6f5a-4b83-8d41-66927cca7562", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--398324de-208a-4323-beff-a552f43a4f69", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.391704Z", "modified": "2026-06-02T15:57:34.391704Z", "relationship_type": "indicates", "source_ref": "indicator--7bd690be-566a-47e4-8935-2c63cb1696b1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e9f44922-5355-45b6-ad2d-57a8808205f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.392689Z", "modified": "2026-06-02T15:57:34.392689Z", "relationship_type": "indicates", "source_ref": "indicator--fc27401b-8fd7-48f1-bd6a-b77b89132304", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e4b26242-02bb-48c3-a47c-dfa9080ea0d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.393679Z", "modified": "2026-06-02T15:57:34.393679Z", "relationship_type": "indicates", "source_ref": "indicator--54f4c0ba-8b28-4f17-909e-f48c29d2c921", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9478722c-f772-4223-aa22-6fdc43bfc8e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.394679Z", "modified": "2026-06-02T15:57:34.394679Z", "relationship_type": "indicates", "source_ref": "indicator--8cfb02b5-2956-45a0-8c4d-db6cbabf9acd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--105a2f57-6933-4b87-a9fc-97b46947112b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.395679Z", "modified": "2026-06-02T15:57:34.395679Z", "relationship_type": "indicates", "source_ref": "indicator--9b0fc993-9e6c-4c85-9a03-a026d0258783", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0b051c86-69b0-4850-8cb3-8600c320ffa7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.396663Z", "modified": "2026-06-02T15:57:34.396663Z", "relationship_type": "indicates", "source_ref": "indicator--cef5deea-9e61-4ffe-ad2d-001936ce8930", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1b67ac5a-075c-4f91-b5d2-b1bd622eb07b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.397812Z", "modified": "2026-06-02T15:57:34.397812Z", "relationship_type": "indicates", "source_ref": "indicator--55a096af-23f9-4977-811f-f5d4e33a7162", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--39db25a4-eaba-453e-8e84-a9bdf5fc592c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.398805Z", "modified": "2026-06-02T15:57:34.398805Z", "relationship_type": "indicates", "source_ref": "indicator--63258efb-8562-4c19-add1-33f1a13801a3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b8bd8e54-1d7b-47be-ac84-7564f00adb18", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.399814Z", "modified": "2026-06-02T15:57:34.399814Z", "relationship_type": "indicates", "source_ref": "indicator--e770150e-082a-4ff1-b081-28e56b21abec", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--58ddab10-3209-4a22-9dcc-72ee4cdcee87", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.400805Z", "modified": "2026-06-02T15:57:34.400805Z", "relationship_type": "indicates", "source_ref": "indicator--a452f724-1772-4d1f-be36-683c0e7ac70e", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--397ea1b1-d0ca-4ab8-8bb9-b244a64610ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.402012Z", "modified": "2026-06-02T15:57:34.402012Z", "relationship_type": "indicates", "source_ref": "indicator--d497e682-7d56-42a2-a013-c0245e6a1381", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--422d3da0-b477-407c-9852-f18aabddf06c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.403244Z", "modified": "2026-06-02T15:57:34.403244Z", "relationship_type": "indicates", "source_ref": "indicator--61b1fc8a-4894-4702-bcfb-6dee57f4c9a5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c0de1351-ebdf-4c37-8449-28879430f287", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.404481Z", "modified": "2026-06-02T15:57:34.404481Z", "relationship_type": "indicates", "source_ref": "indicator--de6f4f33-14bd-4767-8965-2e9fd229f00a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--af3950d3-f2db-47f5-8fab-422879949ac7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.405897Z", "modified": "2026-06-02T15:57:34.405897Z", "relationship_type": "indicates", "source_ref": "indicator--d2cbd0a6-eaf4-4128-8a07-1600611a59e6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7494cc4f-c274-4b7c-9340-07562801bc93", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.407153Z", "modified": "2026-06-02T15:57:34.407153Z", "relationship_type": "indicates", "source_ref": "indicator--19b27912-0566-4c06-b65b-e3e88862e377", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9b364d57-c7c4-440c-b58b-813a6dfd5054", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.408393Z", "modified": "2026-06-02T15:57:34.408393Z", "relationship_type": "indicates", "source_ref": "indicator--12f605b5-41cf-43a4-9633-77cef81b6055", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--307d5135-03cc-4d26-bc1f-814aa5f3f593", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.409617Z", "modified": "2026-06-02T15:57:34.409617Z", "relationship_type": "indicates", "source_ref": "indicator--a5624028-1789-4589-a207-7829f8580ff1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--810c972b-fc2b-42aa-8f85-b4646cebe0a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.410836Z", "modified": "2026-06-02T15:57:34.410836Z", "relationship_type": "indicates", "source_ref": "indicator--21d4e3e0-b8f9-4180-bde4-8b822937ac20", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ad00e4cf-dc11-4b25-9acc-740aef742453", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.412093Z", "modified": "2026-06-02T15:57:34.412093Z", "relationship_type": "indicates", "source_ref": "indicator--74d56e31-c08f-4528-8909-51fbce8452ce", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--48339101-fa7e-4b59-b849-dfda02df5d41", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.413319Z", "modified": "2026-06-02T15:57:34.413319Z", "relationship_type": "indicates", "source_ref": "indicator--1323cb8d-64ae-4eb5-a771-f9ca16726140", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3143c80f-df44-4fc8-bb8a-a5da40dd9acf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.414728Z", "modified": "2026-06-02T15:57:34.414728Z", "relationship_type": "indicates", "source_ref": "indicator--f920435e-7f57-4fcf-b3ad-52c0e31c84e4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9292f52c-d592-424a-b424-c704af3a9b1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.415991Z", "modified": "2026-06-02T15:57:34.415991Z", "relationship_type": "indicates", "source_ref": "indicator--72101546-4645-4089-b287-d800a2120410", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bfddac0a-a006-4851-a5ea-5a98c7f2cae3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.417222Z", "modified": "2026-06-02T15:57:34.417222Z", "relationship_type": "indicates", "source_ref": "indicator--8be2d5d2-4254-4dbf-9aeb-73d518407c9a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fdbeda67-caa9-46f0-9564-a8c6722a01be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.418447Z", "modified": "2026-06-02T15:57:34.418447Z", "relationship_type": "indicates", "source_ref": "indicator--ab437546-7c1a-456f-ba5f-3752f39af5c8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eeb35056-5c68-4e7b-b63e-6db906ebb228", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.419695Z", "modified": "2026-06-02T15:57:34.419695Z", "relationship_type": "indicates", "source_ref": "indicator--14d9b484-3850-45f8-9254-2282d3ff6e47", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1c4842e7-05c2-4fc3-86aa-bf994a5ef6ab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.420915Z", "modified": "2026-06-02T15:57:34.420915Z", "relationship_type": "indicates", "source_ref": "indicator--08a8377a-a8d4-409d-ae82-17c0d4612f16", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7e8fff5a-4300-449a-9549-6ef5aef8edac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.42215Z", "modified": "2026-06-02T15:57:34.42215Z", "relationship_type": "indicates", "source_ref": "indicator--3754cb58-8ac9-4976-9cfe-81ac10733e3e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6ae6b3eb-b07f-48e6-bc4e-a3efd152242a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.424465Z", "modified": "2026-06-02T15:57:34.424465Z", "relationship_type": "indicates", "source_ref": "indicator--ed968c2e-c814-43ad-a773-5b56352912ce", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--56c61cad-5bac-4f0a-a62b-b355e44e4371", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.425828Z", "modified": "2026-06-02T15:57:34.425828Z", "relationship_type": "indicates", "source_ref": "indicator--05d0583d-a14f-4aa1-9529-75025d76cd48", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--85417158-0e87-4a6c-94b8-c6aeb94c5c46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.427082Z", "modified": "2026-06-02T15:57:34.427082Z", "relationship_type": "indicates", "source_ref": "indicator--bdbb218e-e259-487b-b620-1e922f4b04d7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e354e1d0-3eea-4464-9304-093f7e5390c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.428347Z", "modified": "2026-06-02T15:57:34.428347Z", "relationship_type": "indicates", "source_ref": "indicator--6ea72f46-a853-4645-b28e-fa66c8b6f82c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b2b839b0-8ba1-41b3-a13b-fe6955cefdb2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.429575Z", "modified": "2026-06-02T15:57:34.429575Z", "relationship_type": "indicates", "source_ref": "indicator--7f2ad43c-86a7-4be0-89c1-032251a526ee", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--131f631a-93b1-427c-8101-8406603538ab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.430801Z", "modified": "2026-06-02T15:57:34.430801Z", "relationship_type": "indicates", "source_ref": "indicator--bdc74668-2504-4f35-a6c9-f9cf5a3ca320", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bc2126c7-715d-4d7e-ad81-2a9ad7a31b66", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.432054Z", "modified": "2026-06-02T15:57:34.432054Z", "relationship_type": "indicates", "source_ref": "indicator--cf316802-7cc3-4c5b-9493-aeb86a92f3c4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7233ef02-f198-4282-93fb-311b5149b12a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.433458Z", "modified": "2026-06-02T15:57:34.433458Z", "relationship_type": "indicates", "source_ref": "indicator--ece61835-5748-4bf4-94f8-91bead1e4582", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--25c09679-476a-4c7a-ae4f-1ba232945c91", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.434705Z", "modified": "2026-06-02T15:57:34.434705Z", "relationship_type": "indicates", "source_ref": "indicator--15a28fb1-5752-4177-8209-25e29fc5b5af", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4a03d623-7ea0-4558-ac95-8d4ae11cf2c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.435967Z", "modified": "2026-06-02T15:57:34.435967Z", "relationship_type": "indicates", "source_ref": "indicator--659910d4-8fc8-47be-9849-af751d9b0ee6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fd69d3e5-1ff8-4dee-b62d-1098c5b0a9dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.437203Z", "modified": "2026-06-02T15:57:34.437203Z", "relationship_type": "indicates", "source_ref": "indicator--e95b5986-3a19-4ed5-a07e-a1b334643e45", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b69e28f1-8573-4dd3-9484-17de510a6006", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.438433Z", "modified": "2026-06-02T15:57:34.438433Z", "relationship_type": "indicates", "source_ref": "indicator--2e8a596f-dcbb-427d-9914-23420e91b5a2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0b570c40-7d46-4729-8960-f757cf0dd225", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.439671Z", "modified": "2026-06-02T15:57:34.439671Z", "relationship_type": "indicates", "source_ref": "indicator--3361fb14-e693-4b66-9637-7a1c083a5f6f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8d5ff35c-b8c5-441e-b121-57b0deb72057", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.440973Z", "modified": "2026-06-02T15:57:34.440973Z", "relationship_type": "indicates", "source_ref": "indicator--44eaf8f0-70ec-4345-b638-3ff02206c145", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ff9c59c1-af2d-4889-a608-fea080f48729", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.442413Z", "modified": "2026-06-02T15:57:34.442413Z", "relationship_type": "indicates", "source_ref": "indicator--1ec83457-89ca-4c90-88d9-8e2ede9987d9", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a5f93507-41b4-4283-a9ff-d6eec6ed3746", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.443686Z", "modified": "2026-06-02T15:57:34.443686Z", "relationship_type": "indicates", "source_ref": "indicator--6bcb2e7d-e0dc-4656-b466-39548cbf64e3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aa6af7e4-7401-4ada-bdbd-6cab5dd4a415", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.444926Z", "modified": "2026-06-02T15:57:34.444926Z", "relationship_type": "indicates", "source_ref": "indicator--9699996e-00e8-45b5-8568-b38aeffe2018", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--20fca6ce-a0b2-432f-afab-520c3e781e1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.446151Z", "modified": "2026-06-02T15:57:34.446151Z", "relationship_type": "indicates", "source_ref": "indicator--5e053d83-586c-43b5-a058-48b529c8bdfb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2a69c343-29f1-4fad-97ce-db567875607b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.447403Z", "modified": "2026-06-02T15:57:34.447403Z", "relationship_type": "indicates", "source_ref": "indicator--9768010a-6762-45fb-8dfe-86e3246ac65d", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3c7a888f-f082-44d0-ad8c-4ad299219ea3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.448642Z", "modified": "2026-06-02T15:57:34.448642Z", "relationship_type": "indicates", "source_ref": "indicator--dc661aa2-91fb-418a-98b5-62c4af53e8fa", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2ef5974d-3cad-4f2d-9bca-8762ac2391a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.449872Z", "modified": "2026-06-02T15:57:34.449872Z", "relationship_type": "indicates", "source_ref": "indicator--74db1c25-9047-4a99-a13c-a66fe39fff48", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b8fbed94-f67b-4d12-aa52-9c61dcc34028", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.451291Z", "modified": "2026-06-02T15:57:34.451291Z", "relationship_type": "indicates", "source_ref": "indicator--a07bd37b-cd63-43f5-81f9-b6281ba5c417", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c5a5f2c1-afd1-4416-9a31-4b50734acfa7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.452679Z", "modified": "2026-06-02T15:57:34.452679Z", "relationship_type": "indicates", "source_ref": "indicator--39b1cee2-0157-4df8-b58a-cafe5e82b885", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--60a5ae92-74a1-427a-8c4f-58d9adcedb95", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.453962Z", "modified": "2026-06-02T15:57:34.453962Z", "relationship_type": "indicates", "source_ref": "indicator--bf9e9922-982d-4002-94ef-9fa55931b47b", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--497c744c-d75e-42b3-923a-fe6f1c7907c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.45525Z", "modified": "2026-06-02T15:57:34.45525Z", "relationship_type": "indicates", "source_ref": "indicator--0ab6fc08-fffd-441e-9138-d302def6fb4d", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ffd18087-aabf-494f-bd1b-98aa8c3c6b2b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.456486Z", "modified": "2026-06-02T15:57:34.456486Z", "relationship_type": "indicates", "source_ref": "indicator--700d862a-2e8b-4477-bb74-45e2489d6d9b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--af20b0c6-853c-4615-9b04-6028a41f649a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.457727Z", "modified": "2026-06-02T15:57:34.457727Z", "relationship_type": "indicates", "source_ref": "indicator--fde2b856-cb93-44a4-a4f7-1fb1880298dd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--392c2ef1-fdba-411b-a540-71e236309253", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.458966Z", "modified": "2026-06-02T15:57:34.458966Z", "relationship_type": "indicates", "source_ref": "indicator--c4ed092e-5c74-43a5-9c6c-639519de6c5d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f7ea91c7-b510-4708-a2b5-3134dbc385ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.460387Z", "modified": "2026-06-02T15:57:34.460387Z", "relationship_type": "indicates", "source_ref": "indicator--aedf35a1-1cef-4a4f-8e8e-bd18e38deea9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3f572b9f-fb97-4bb7-95e5-17576242088d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.461625Z", "modified": "2026-06-02T15:57:34.461625Z", "relationship_type": "indicates", "source_ref": "indicator--e86a045d-32a3-412b-a50a-89016bdc35e6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0ded6c63-f638-4fc9-b29a-ec3bd24cf4c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.462854Z", "modified": "2026-06-02T15:57:34.462854Z", "relationship_type": "indicates", "source_ref": "indicator--c514c57c-f8ad-4d83-9fb0-0c0e7c69d177", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5a02c9a6-3953-4414-ad23-12f66accf61c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.464109Z", "modified": "2026-06-02T15:57:34.464109Z", "relationship_type": "indicates", "source_ref": "indicator--47bac6c6-8cd8-4da9-ab94-4fcaba347968", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d438787e-459d-4458-b48c-f64dd05bbed5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.465346Z", "modified": "2026-06-02T15:57:34.465346Z", "relationship_type": "indicates", "source_ref": "indicator--ee5b649f-e7cf-49a7-acf3-a2796890fe9c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3e4e0e26-7865-4a6c-9546-4ee42db7b907", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.466596Z", "modified": "2026-06-02T15:57:34.466596Z", "relationship_type": "indicates", "source_ref": "indicator--8d7ad215-777c-487a-88cc-57d62380c427", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1048b0a4-c61d-405a-a9ab-2e02c6f42530", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.467848Z", "modified": "2026-06-02T15:57:34.467848Z", "relationship_type": "indicates", "source_ref": "indicator--c5228807-84a2-43bd-93a8-921e15f7f3d6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--417243b3-5419-4454-9442-f4438072b7d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.469312Z", "modified": "2026-06-02T15:57:34.469312Z", "relationship_type": "indicates", "source_ref": "indicator--d0226885-4053-43ef-88e7-8319d1656fcd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0ac6a959-bc32-4a7a-b914-0a59b5e71122", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.470592Z", "modified": "2026-06-02T15:57:34.470592Z", "relationship_type": "indicates", "source_ref": "indicator--0544b0a4-150f-44e2-9a5a-f6d1d8e7d9c4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--798218d9-5ca6-4ccf-8a1b-1d250a79636c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.471929Z", "modified": "2026-06-02T15:57:34.471929Z", "relationship_type": "indicates", "source_ref": "indicator--ef0a03a0-9fe5-4d0b-80c3-a04c6dcb460e", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1f0b061f-2cce-461f-900f-4a6bc6aea1fe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.473215Z", "modified": "2026-06-02T15:57:34.473215Z", "relationship_type": "indicates", "source_ref": "indicator--3683dcd8-3750-4d80-9d3b-cee793a4d6a3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b59f479b-7073-4a7d-b862-ab07ef3f55c9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.474518Z", "modified": "2026-06-02T15:57:34.474518Z", "relationship_type": "indicates", "source_ref": "indicator--0f00ff66-ce4f-4b98-a90b-f918c3a331ea", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bd7ca91e-b716-4eec-99c1-74c50007822b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.475822Z", "modified": "2026-06-02T15:57:34.475822Z", "relationship_type": "indicates", "source_ref": "indicator--2e3acabd-3547-4140-b0c8-5e0daa1dc90a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b242d006-4310-4e41-98d1-2d1e3ea0268a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.477086Z", "modified": "2026-06-02T15:57:34.477086Z", "relationship_type": "indicates", "source_ref": "indicator--17da4131-a674-48a3-b52b-85cde2514c39", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1f5ccf65-8655-474a-a669-a3cacaade966", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.478552Z", "modified": "2026-06-02T15:57:34.478552Z", "relationship_type": "indicates", "source_ref": "indicator--8357fd41-bf3d-4e4e-8770-b69640321adc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f4491dfd-1549-4d11-acb5-6a31829d1172", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.480119Z", "modified": "2026-06-02T15:57:34.480119Z", "relationship_type": "indicates", "source_ref": "indicator--4a925119-1bc7-4da7-8589-73233fad4ed6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ece45ae0-f8c8-49b0-85cb-2f96ff3f5334", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.481467Z", "modified": "2026-06-02T15:57:34.481467Z", "relationship_type": "indicates", "source_ref": "indicator--ec4fc5ec-0a59-4d45-87aa-f41bcb934270", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--36fbd1b6-db66-420f-a0c6-7fa4521df7ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.482818Z", "modified": "2026-06-02T15:57:34.482818Z", "relationship_type": "indicates", "source_ref": "indicator--97a05772-1369-47fe-96f2-92e58fa3f634", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef7f21e7-8197-41d9-949f-d864a9d4dacc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.48418Z", "modified": "2026-06-02T15:57:34.48418Z", "relationship_type": "indicates", "source_ref": "indicator--bb1fd2b0-987d-4149-8f89-3745ceee65af", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--819d8471-12f3-4c96-86bb-46036ac846da", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.485491Z", "modified": "2026-06-02T15:57:34.485491Z", "relationship_type": "indicates", "source_ref": "indicator--76ca5c84-a898-4f49-bc09-bdf2012a6d6b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2d0b8c38-0deb-46c2-8c21-0105055ed239", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.486755Z", "modified": "2026-06-02T15:57:34.486755Z", "relationship_type": "indicates", "source_ref": "indicator--1a414b11-b16e-4745-a629-1f71e5a80866", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--62092060-634c-4d41-93c7-b8887bae6bc3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.488238Z", "modified": "2026-06-02T15:57:34.488238Z", "relationship_type": "indicates", "source_ref": "indicator--694933e9-4e9b-44fc-8bd5-3f6a732259e0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--30fae0ae-7712-47af-941d-6230e8db25d3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.489486Z", "modified": "2026-06-02T15:57:34.489486Z", "relationship_type": "indicates", "source_ref": "indicator--73890bd5-eff7-42be-b2c9-2f9a7d543d61", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--21a5ea42-40af-4343-a5ef-37ab64919cf2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.49073Z", "modified": "2026-06-02T15:57:34.49073Z", "relationship_type": "indicates", "source_ref": "indicator--42ba12d3-1837-421c-80ad-f41ab4ada3ba", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--973095b2-6ac6-4c3c-bc64-78b4e1f70fd5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.491978Z", "modified": "2026-06-02T15:57:34.491978Z", "relationship_type": "indicates", "source_ref": "indicator--b716ea85-394a-4653-a635-534b9bc31c8e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c7acfa27-96f9-4f7f-9353-4680abaeca67", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.493222Z", "modified": "2026-06-02T15:57:34.493222Z", "relationship_type": "indicates", "source_ref": "indicator--72e6dae4-ea26-46f4-bf1d-e54395db75f5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ed5c1ecb-5809-4ad2-8bfb-bbb0aa69f01b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.494449Z", "modified": "2026-06-02T15:57:34.494449Z", "relationship_type": "indicates", "source_ref": "indicator--e9587fac-15af-46a6-8f5e-90285118da7f", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--77f43a06-aaa1-436e-b764-27ffd04575db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.495683Z", "modified": "2026-06-02T15:57:34.495683Z", "relationship_type": "indicates", "source_ref": "indicator--64c341cf-33db-4c36-9e73-bff9b8d23a53", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--345bc165-2973-4607-9416-31aed166a8c3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.497086Z", "modified": "2026-06-02T15:57:34.497086Z", "relationship_type": "indicates", "source_ref": "indicator--8ab81fb8-f88f-4c18-ba7d-e236466e78be", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f2fd9dd1-9f5c-4674-aaee-34b52c4567a7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.498344Z", "modified": "2026-06-02T15:57:34.498344Z", "relationship_type": "indicates", "source_ref": "indicator--824a9d5e-2bd2-41ca-9503-b922d2e59ad4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f8437110-aa18-4cd6-bd62-b03813778a65", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.499598Z", "modified": "2026-06-02T15:57:34.499598Z", "relationship_type": "indicates", "source_ref": "indicator--a7abb310-2c0f-4a5d-abe4-b8df8754aa8d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--597f99e7-95b1-478e-a870-b1894a29a712", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.500837Z", "modified": "2026-06-02T15:57:34.500837Z", "relationship_type": "indicates", "source_ref": "indicator--b48b8b10-4910-4958-95e2-68bba2b8913b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--845291eb-5319-4f8b-97d3-86636b18b664", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.501952Z", "modified": "2026-06-02T15:57:34.501952Z", "relationship_type": "indicates", "source_ref": "indicator--dfbfcf27-4788-4b1b-bcdc-5824fc7e977f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d04a743b-fee7-471c-853f-777f54d16bb0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.502933Z", "modified": "2026-06-02T15:57:34.502933Z", "relationship_type": "indicates", "source_ref": "indicator--a6142a73-80b7-43a6-baa4-9306e5a40372", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2e77c4db-b373-4b7d-a8f8-fa81b3f6826f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.503955Z", "modified": "2026-06-02T15:57:34.503955Z", "relationship_type": "indicates", "source_ref": "indicator--d252e15c-2bd3-49b3-b443-053df6fa03b8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bebe928a-c9fc-4c23-b8d7-1a746377a1ad", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.505091Z", "modified": "2026-06-02T15:57:34.505091Z", "relationship_type": "indicates", "source_ref": "indicator--7117fec9-d753-488c-81ac-75b55069b416", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4301d3df-02ab-4af7-ab3f-3b8f2c4f1bf2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.50611Z", "modified": "2026-06-02T15:57:34.50611Z", "relationship_type": "indicates", "source_ref": "indicator--6048cd34-7570-4a1c-b495-ec38da3c1061", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f76f79ba-d88d-4dc2-ac7a-aed5ea2fdcb7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.507095Z", "modified": "2026-06-02T15:57:34.507095Z", "relationship_type": "indicates", "source_ref": "indicator--cb732453-2bc9-48f3-af8d-e6f910fb637d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--944f6d05-5934-4f9c-b5e9-2843493e38f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.508115Z", "modified": "2026-06-02T15:57:34.508115Z", "relationship_type": "indicates", "source_ref": "indicator--fb37cf8d-4a42-402c-b1ac-b33cadca2d0b", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f2e48dd5-16fa-4460-8687-b5f367998603", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.509103Z", "modified": "2026-06-02T15:57:34.509103Z", "relationship_type": "indicates", "source_ref": "indicator--e9cbda4c-b1b1-4d54-acdd-2a9a802320bb", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--22129fff-3288-48d2-b189-dc960427db14", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.510079Z", "modified": "2026-06-02T15:57:34.510079Z", "relationship_type": "indicates", "source_ref": "indicator--2fad0693-091a-4127-bae1-f4d2f388cfa9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2d0b4224-ecce-40cc-a07f-fdda37f69709", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.51107Z", "modified": "2026-06-02T15:57:34.51107Z", "relationship_type": "indicates", "source_ref": "indicator--89595dd3-1d35-4969-991e-f4603d2e95b2", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3a9dfeaa-4f23-48de-ad7a-9354f96dd609", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.512225Z", "modified": "2026-06-02T15:57:34.512225Z", "relationship_type": "indicates", "source_ref": "indicator--eb15175c-f54a-47a8-b9db-ae58891e4da7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ec7f84b6-1989-42bc-94e6-3de43970b688", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.513245Z", "modified": "2026-06-02T15:57:34.513245Z", "relationship_type": "indicates", "source_ref": "indicator--003311f4-313e-4509-b2ae-5e4b3c5e8f92", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2c78ec02-81df-4c52-93da-7417306e41cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.514231Z", "modified": "2026-06-02T15:57:34.514231Z", "relationship_type": "indicates", "source_ref": "indicator--bdcb8d61-7550-429b-9fea-2798d71b81b0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--31b802cb-1564-4171-b469-b6b11937c8e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.515219Z", "modified": "2026-06-02T15:57:34.515219Z", "relationship_type": "indicates", "source_ref": "indicator--839a418d-1e72-4862-a462-1cf2f5f0dbb8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--36e67e96-be09-4de6-ab49-20a10c66d1f9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.516203Z", "modified": "2026-06-02T15:57:34.516203Z", "relationship_type": "indicates", "source_ref": "indicator--0e7b815c-89ee-4775-af0a-05b3a898a65b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c99a5742-aece-4ce4-834c-d2c7012e590a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.51719Z", "modified": "2026-06-02T15:57:34.51719Z", "relationship_type": "indicates", "source_ref": "indicator--c7b041e3-54d4-4520-abe6-829f0861b3db", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--65140566-2be6-4a1f-9f25-10ae64c615cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.518164Z", "modified": "2026-06-02T15:57:34.518164Z", "relationship_type": "indicates", "source_ref": "indicator--525c105f-2732-49b4-968b-88e8fdf68653", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4bfeca9f-c8a6-49bc-a62c-b64bed0468b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.519317Z", "modified": "2026-06-02T15:57:34.519317Z", "relationship_type": "indicates", "source_ref": "indicator--3e5937ea-e57f-4b05-8c0a-480da8e0e908", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--285414e6-b2c2-482c-9b02-5e565340a79f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.520321Z", "modified": "2026-06-02T15:57:34.520321Z", "relationship_type": "indicates", "source_ref": "indicator--ff915287-6b77-47fc-bc31-2719cd8ba032", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fa15a240-10d1-46db-94f4-37df418a0f01", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.521308Z", "modified": "2026-06-02T15:57:34.521308Z", "relationship_type": "indicates", "source_ref": "indicator--b0cc18d7-08f3-4c79-a7a8-1d0e9467ad2e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d5f9ca78-0f25-4498-8178-8f133b514ae6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.522286Z", "modified": "2026-06-02T15:57:34.522286Z", "relationship_type": "indicates", "source_ref": "indicator--b4109068-66be-482e-a0a7-578dafa3b830", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2db35962-8c82-4036-ab56-1a4fcd9904f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.523296Z", "modified": "2026-06-02T15:57:34.523296Z", "relationship_type": "indicates", "source_ref": "indicator--3a4f1a7e-6c3a-4fb7-95a4-67a03b915917", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--13acbb9a-c301-461a-b14f-3008035f4172", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.524283Z", "modified": "2026-06-02T15:57:34.524283Z", "relationship_type": "indicates", "source_ref": "indicator--56de459f-4df4-4cf5-b3ca-ef7b658e5979", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--32862d6c-45ef-4bf9-a213-3d14df390b60", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.525304Z", "modified": "2026-06-02T15:57:34.525304Z", "relationship_type": "indicates", "source_ref": "indicator--37e796e4-4d4e-44f4-8c4d-bccb439c706f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--61a6f881-8fb1-45df-b18e-9a3feddc8c8e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.527234Z", "modified": "2026-06-02T15:57:34.527234Z", "relationship_type": "indicates", "source_ref": "indicator--3b9e25d8-4a64-4302-8bfd-2b1088227290", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bc136208-400f-431a-9161-4b4318dddb31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.528353Z", "modified": "2026-06-02T15:57:34.528353Z", "relationship_type": "indicates", "source_ref": "indicator--4238f191-d585-4cda-83f5-c2f0b128e072", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f2d6c0b3-2931-4286-ac15-68fadd8d7281", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.529362Z", "modified": "2026-06-02T15:57:34.529362Z", "relationship_type": "indicates", "source_ref": "indicator--a0a5917d-bca1-4b0a-befa-0b0789672bf2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--79d51b64-9230-428e-b796-8693fb2b89b6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.530437Z", "modified": "2026-06-02T15:57:34.530437Z", "relationship_type": "indicates", "source_ref": "indicator--29f806d1-b550-4a4c-ab16-de1cd069bc6d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef03be71-1802-4526-8897-db67a9d96f9c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.531465Z", "modified": "2026-06-02T15:57:34.531465Z", "relationship_type": "indicates", "source_ref": "indicator--2bacbba9-1b0d-4b5c-8cde-180d19e3564d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d1046b2c-8dd2-41d0-9a96-aa8085b16f82", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.532458Z", "modified": "2026-06-02T15:57:34.532458Z", "relationship_type": "indicates", "source_ref": "indicator--a7d7fced-c1af-4e87-ad9a-2082cb0c25c9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--71d1d2fc-3a02-411e-8f60-d98bb6198b8c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.533464Z", "modified": "2026-06-02T15:57:34.533464Z", "relationship_type": "indicates", "source_ref": "indicator--52e00c87-67e2-4fcc-b80d-4fe844993269", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8ccd53ec-0d37-43fa-8fd2-eae4fb428c0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.534595Z", "modified": "2026-06-02T15:57:34.534595Z", "relationship_type": "indicates", "source_ref": "indicator--3cb32772-7656-4042-971c-6a4b5f195735", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--724b55d6-a353-420a-94fa-fad68c347643", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.535604Z", "modified": "2026-06-02T15:57:34.535604Z", "relationship_type": "indicates", "source_ref": "indicator--a8302d05-84f0-4034-8490-f9d53b856576", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--25ba88ac-bf2a-4349-8675-1dca23e5241d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.536603Z", "modified": "2026-06-02T15:57:34.536603Z", "relationship_type": "indicates", "source_ref": "indicator--43c03bb1-d951-4fa4-ac5f-3beb1346478a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f5e3d0bc-e0e0-4d74-9bec-9bceb5c37f92", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.537584Z", "modified": "2026-06-02T15:57:34.537584Z", "relationship_type": "indicates", "source_ref": "indicator--a88f6e57-923b-465f-8318-95722a3d8a76", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1dfb2207-1814-48a1-bf92-54da15a634c3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.53872Z", "modified": "2026-06-02T15:57:34.53872Z", "relationship_type": "indicates", "source_ref": "indicator--a13eecf3-ab5c-4f52-b374-0194403b180e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8b8f4f13-ec8d-41c9-8483-4bc77e1a620a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.539725Z", "modified": "2026-06-02T15:57:34.539725Z", "relationship_type": "indicates", "source_ref": "indicator--fd0433e2-1444-4a7c-9a9a-e43b8010137a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3959fb1a-a4bf-49ca-8ac5-5ff06d387e53", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.540732Z", "modified": "2026-06-02T15:57:34.540732Z", "relationship_type": "indicates", "source_ref": "indicator--a5836436-39ca-4f66-a77e-eddb9d657e66", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--54c512c0-e531-43fd-8d56-792d6dfe2462", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.541863Z", "modified": "2026-06-02T15:57:34.541863Z", "relationship_type": "indicates", "source_ref": "indicator--67f32c9c-b9ba-4c2c-a096-eddff67de666", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--29df6d0c-99ed-432a-8102-8087c3c4e4f6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.542889Z", "modified": "2026-06-02T15:57:34.542889Z", "relationship_type": "indicates", "source_ref": "indicator--e5378c93-94af-43f1-8776-a2fb4bf72344", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a9215e14-2a08-4d79-a952-afb963929f20", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.543914Z", "modified": "2026-06-02T15:57:34.543914Z", "relationship_type": "indicates", "source_ref": "indicator--5b674927-62ac-4cbe-9c21-a59964e8bf34", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8b76739b-4598-4b0b-8d07-6faedb1cbd4a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.544899Z", "modified": "2026-06-02T15:57:34.544899Z", "relationship_type": "indicates", "source_ref": "indicator--87a14c50-5824-4cb6-9db9-7b2e915c5fb3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ead1e0f2-246b-45dc-b51c-6e8f2ebb502c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.545879Z", "modified": "2026-06-02T15:57:34.545879Z", "relationship_type": "indicates", "source_ref": "indicator--845c7f10-89fc-41de-b4a9-3c4118baac63", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e02fed64-2bdb-4c78-80bf-b635e383aa1e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.546859Z", "modified": "2026-06-02T15:57:34.546859Z", "relationship_type": "indicates", "source_ref": "indicator--2f93d150-0d2f-40da-847b-c70dea74909b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a9b0c1b2-138a-419c-a88c-59bb956db0d5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.547862Z", "modified": "2026-06-02T15:57:34.547862Z", "relationship_type": "indicates", "source_ref": "indicator--d16eed3a-ddee-4f74-a823-d347a5cf2249", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--060a16b1-b44a-40ad-9fc3-c4dc8b376282", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.548995Z", "modified": "2026-06-02T15:57:34.548995Z", "relationship_type": "indicates", "source_ref": "indicator--e97befdd-095d-4980-92c0-5d06d71d3176", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b7f12e3d-eee1-4735-8c82-dfb8e3d5abd1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.549986Z", "modified": "2026-06-02T15:57:34.549986Z", "relationship_type": "indicates", "source_ref": "indicator--b6bfb479-b11b-4a1f-bcd4-f30e840419f9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b16c04c8-ff19-4893-bc4f-5e4532d64560", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.55097Z", "modified": "2026-06-02T15:57:34.55097Z", "relationship_type": "indicates", "source_ref": "indicator--5be36b9d-585e-49af-b38c-d4bd01a7e138", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--38965fad-8e24-4220-bf01-1c2c96c75208", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.551961Z", "modified": "2026-06-02T15:57:34.551961Z", "relationship_type": "indicates", "source_ref": "indicator--22a74f4f-6a23-4cd1-91ef-faf10140b08a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3eb31dd8-30a1-4cbc-88e1-e27b4849f832", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.552977Z", "modified": "2026-06-02T15:57:34.552977Z", "relationship_type": "indicates", "source_ref": "indicator--80685d9f-d86f-492f-8ea6-1e82a92c2d8d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e65d5614-6d08-4ea8-9249-aa0b01953fe1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.554102Z", "modified": "2026-06-02T15:57:34.554102Z", "relationship_type": "indicates", "source_ref": "indicator--f6bee44f-59b8-4480-b5c3-f231a5acd2d7", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7e1f3238-b196-4491-b590-8cdee06fd5ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.555132Z", "modified": "2026-06-02T15:57:34.555132Z", "relationship_type": "indicates", "source_ref": "indicator--9d82a888-bdcc-4111-bae0-ed0e31c0136f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b28cc8d8-fba4-40b1-abae-5000ad711e02", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.556294Z", "modified": "2026-06-02T15:57:34.556294Z", "relationship_type": "indicates", "source_ref": "indicator--32d9f244-156a-4080-a447-8a698ba9c220", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c6d93d01-61b9-4114-b536-ee33742cbd94", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.557297Z", "modified": "2026-06-02T15:57:34.557297Z", "relationship_type": "indicates", "source_ref": "indicator--fdc77387-3cfc-47bc-b36b-caa3525c5c03", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--27df4b1d-961b-4ecd-b610-130da866a559", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.558289Z", "modified": "2026-06-02T15:57:34.558289Z", "relationship_type": "indicates", "source_ref": "indicator--52ea8f2c-a793-487b-b1b9-8605abb8669b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8b7e4797-2320-4f57-86e7-1591ed5fbda3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.559288Z", "modified": "2026-06-02T15:57:34.559288Z", "relationship_type": "indicates", "source_ref": "indicator--c519f6ed-bce4-4807-b5a9-d6be1f3f77f7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8816b453-71a3-415b-85b0-bcc0dc518468", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.560275Z", "modified": "2026-06-02T15:57:34.560275Z", "relationship_type": "indicates", "source_ref": "indicator--b78aed1d-8381-4612-8ca5-aa4be578446a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2546e904-eab2-4704-8e07-45ae4f4ba435", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.56127Z", "modified": "2026-06-02T15:57:34.56127Z", "relationship_type": "indicates", "source_ref": "indicator--25b70e9c-77b1-4227-9701-0e3359488906", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--97d95beb-0fe9-4a01-9cd7-dd9d2d238597", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.56225Z", "modified": "2026-06-02T15:57:34.56225Z", "relationship_type": "indicates", "source_ref": "indicator--b4e93ab5-aa37-4c6f-9fb1-9dcc89b90cb3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8ece357e-a0fb-4cef-b36c-45d85c65126f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.563386Z", "modified": "2026-06-02T15:57:34.563386Z", "relationship_type": "indicates", "source_ref": "indicator--b7ad2fd8-4145-4cec-9ba5-5eef8ceeec5e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--59d0d150-9e9f-4683-b663-1188d107a365", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.564422Z", "modified": "2026-06-02T15:57:34.564422Z", "relationship_type": "indicates", "source_ref": "indicator--211e1636-485a-4ac5-9e92-ee2cfcbc98e2", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--368f9340-ae23-4966-a500-9019f6d4be0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.565425Z", "modified": "2026-06-02T15:57:34.565425Z", "relationship_type": "indicates", "source_ref": "indicator--dc62c94f-eeba-4a04-9979-27b0092fb525", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b4ff39e6-fe81-4a0c-95be-0977d0299e2c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.566411Z", "modified": "2026-06-02T15:57:34.566411Z", "relationship_type": "indicates", "source_ref": "indicator--9c6fa002-7701-4cd3-967b-3850e3bc5dfb", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--791744ce-d479-472d-88c3-4da96e29ba1d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.567424Z", "modified": "2026-06-02T15:57:34.567424Z", "relationship_type": "indicates", "source_ref": "indicator--d6819ffc-900c-46a4-8309-231effdaf560", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ec502e0a-4e1c-4c19-88a1-9313dfa51675", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.568416Z", "modified": "2026-06-02T15:57:34.568416Z", "relationship_type": "indicates", "source_ref": "indicator--03dd3212-b51a-4559-9ba6-25b292378b61", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3c057682-9222-4503-b489-20382e3c032d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.569395Z", "modified": "2026-06-02T15:57:34.569395Z", "relationship_type": "indicates", "source_ref": "indicator--bef44c6e-aec3-4313-be71-c943ff67b846", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--82a3bb74-893c-4ab3-803c-2b3672e4122d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.570515Z", "modified": "2026-06-02T15:57:34.570515Z", "relationship_type": "indicates", "source_ref": "indicator--acc39b54-5525-4638-8599-f59aeba7483f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6449dbb8-f705-43a0-b829-f51c98a4ae26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.571523Z", "modified": "2026-06-02T15:57:34.571523Z", "relationship_type": "indicates", "source_ref": "indicator--eed4ab24-021c-4cdb-bd48-d9db714e9c41", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fba4f2bc-6dd8-41a3-b278-b82b69b5f3a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.572509Z", "modified": "2026-06-02T15:57:34.572509Z", "relationship_type": "indicates", "source_ref": "indicator--3088e185-5d00-4f70-85ee-e495d46e6a73", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--231ff8ca-50cd-463a-82e6-897c31e5659e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.573495Z", "modified": "2026-06-02T15:57:34.573495Z", "relationship_type": "indicates", "source_ref": "indicator--5961838f-c40a-4160-b0c7-320b260d3b0f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--956e2886-827f-4ede-8fa4-f414aa119643", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.574487Z", "modified": "2026-06-02T15:57:34.574487Z", "relationship_type": "indicates", "source_ref": "indicator--02a0c099-543c-46dc-8995-a7d1d1924078", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5bd6d1ec-05be-46df-9cdd-33d7fb97af9a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.575495Z", "modified": "2026-06-02T15:57:34.575495Z", "relationship_type": "indicates", "source_ref": "indicator--cea3563e-7b63-4873-8a8e-314a69abf27a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--db2ca1de-ac0c-4a5c-b632-7d5d9a4a921f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.576484Z", "modified": "2026-06-02T15:57:34.576484Z", "relationship_type": "indicates", "source_ref": "indicator--7f113964-160d-4429-9be4-7e61b7a7ae87", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fa8632a7-6801-44cf-9725-c7b64ad1b3fe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.577604Z", "modified": "2026-06-02T15:57:34.577604Z", "relationship_type": "indicates", "source_ref": "indicator--5697a487-6f6f-444c-b3d8-ac0b39890921", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8fd48f07-fe94-4e0b-8764-733c0720aaf9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.578594Z", "modified": "2026-06-02T15:57:34.578594Z", "relationship_type": "indicates", "source_ref": "indicator--6d3a1054-8ea6-4065-bc61-46a37db02701", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--beca01a8-ed86-4377-96f5-a85a2a4f086b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.57959Z", "modified": "2026-06-02T15:57:34.57959Z", "relationship_type": "indicates", "source_ref": "indicator--5a8eda36-9346-487e-8359-917b64b457f0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a348e1c0-f4bd-4baa-966e-48c014953a80", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.580573Z", "modified": "2026-06-02T15:57:34.580573Z", "relationship_type": "indicates", "source_ref": "indicator--f9766a20-6acc-44d5-85de-31527925268b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f9c22b1d-097e-41c6-90b1-9eec79fa21fe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.581563Z", "modified": "2026-06-02T15:57:34.581563Z", "relationship_type": "indicates", "source_ref": "indicator--39222f89-9cef-41e3-a34d-51ac92eb26c5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f5647087-3236-45da-8a20-a42d4d192913", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.582537Z", "modified": "2026-06-02T15:57:34.582537Z", "relationship_type": "indicates", "source_ref": "indicator--5675558e-71d6-46a4-ba14-8693b5ba266a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8c39ac81-66a8-4681-94f6-cf51afd82f40", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.58352Z", "modified": "2026-06-02T15:57:34.58352Z", "relationship_type": "indicates", "source_ref": "indicator--a8e83ce4-79a1-424b-9f74-a9b74939287d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f3c5c023-c982-4fc8-87c7-d28928248c45", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.584641Z", "modified": "2026-06-02T15:57:34.584641Z", "relationship_type": "indicates", "source_ref": "indicator--2eae5690-94fb-4385-aede-567400859b04", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef33bd1e-6ce4-4aba-8deb-6427bc840b05", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.58565Z", "modified": "2026-06-02T15:57:34.58565Z", "relationship_type": "indicates", "source_ref": "indicator--1234fd80-2369-4cca-86d0-622441a79dcc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--35a0194d-d9dc-43b0-8f23-79eb0c091c06", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.586645Z", "modified": "2026-06-02T15:57:34.586645Z", "relationship_type": "indicates", "source_ref": "indicator--d499cabe-0be1-42bc-84d2-dcf72631487e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d35a76e0-b727-4322-bb1a-c6e3460005e9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.587666Z", "modified": "2026-06-02T15:57:34.587666Z", "relationship_type": "indicates", "source_ref": "indicator--95272097-0bdd-4fb8-b51b-9a63680e344f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef94c8ea-d5b0-4b1b-b563-7be56b2cc383", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.588661Z", "modified": "2026-06-02T15:57:34.588661Z", "relationship_type": "indicates", "source_ref": "indicator--9aebdefc-3928-490f-9e83-8fa31977fd9f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5667edce-9ba5-4783-88b0-fbf66c3e8eeb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.589642Z", "modified": "2026-06-02T15:57:34.589642Z", "relationship_type": "indicates", "source_ref": "indicator--23ca490a-562b-45eb-a254-5a98d2425c57", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--787cb93e-df1c-4b6d-b013-c26ec86952b8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.59063Z", "modified": "2026-06-02T15:57:34.59063Z", "relationship_type": "indicates", "source_ref": "indicator--17ca0968-59a6-4ea2-b594-8185f9a1f43e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e8196455-3e11-48c3-bf76-49c525363969", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.59179Z", "modified": "2026-06-02T15:57:34.59179Z", "relationship_type": "indicates", "source_ref": "indicator--6f06cab4-71e1-4376-8030-0a8923a3080d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ccdb51e3-f037-458e-bbc2-b2a399531a85", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.5928Z", "modified": "2026-06-02T15:57:34.5928Z", "relationship_type": "indicates", "source_ref": "indicator--169dc5b2-87a8-4f79-9fc2-7450172c4e57", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ce158a99-aaeb-4842-8c94-8ec482f4a751", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.593785Z", "modified": "2026-06-02T15:57:34.593785Z", "relationship_type": "indicates", "source_ref": "indicator--68f8486b-7f1c-49ce-b085-ee83a1e00ca7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4a51c7aa-b3eb-4f06-8535-51c5d902c187", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.594777Z", "modified": "2026-06-02T15:57:34.594777Z", "relationship_type": "indicates", "source_ref": "indicator--66bd7d1e-ac26-4e8a-a739-a41f4e10044a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--88733437-119e-4424-a955-e4a46f299ec6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.595771Z", "modified": "2026-06-02T15:57:34.595771Z", "relationship_type": "indicates", "source_ref": "indicator--c0b72120-9616-448a-a08d-58614c2fe5eb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--98a572d8-b813-482f-932f-18fcbe654604", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.596749Z", "modified": "2026-06-02T15:57:34.596749Z", "relationship_type": "indicates", "source_ref": "indicator--aea335e5-c6ac-491b-9dd1-8ad8bcc2bb26", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b58e9cfa-bcfe-4994-bdad-37029fc05b82", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.597742Z", "modified": "2026-06-02T15:57:34.597742Z", "relationship_type": "indicates", "source_ref": "indicator--de721d9f-fa3d-48d1-b38b-fdad00c168b3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--60278317-b4fd-4b35-b17c-6ac7a8d67ea7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.598868Z", "modified": "2026-06-02T15:57:34.598868Z", "relationship_type": "indicates", "source_ref": "indicator--a239c7f8-376e-4af7-b791-0d3ee295591a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4f4f257d-45c4-4262-92bf-71e452981ea0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.599875Z", "modified": "2026-06-02T15:57:34.599875Z", "relationship_type": "indicates", "source_ref": "indicator--12f383e4-f477-41d5-b5d6-f21877208037", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c81c38ac-00ba-472b-9ae1-4e57d5ff9cd9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.600857Z", "modified": "2026-06-02T15:57:34.600857Z", "relationship_type": "indicates", "source_ref": "indicator--de0a09dc-0036-4dfc-b29c-f21bd0942809", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--28b85e68-e298-4f93-bf04-38cae0038206", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.601839Z", "modified": "2026-06-02T15:57:34.601839Z", "relationship_type": "indicates", "source_ref": "indicator--cfff751d-7ab9-4a36-89eb-0b2bc95ae6aa", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3ca21f49-3ad8-48bc-a4da-d874cc816955", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.602809Z", "modified": "2026-06-02T15:57:34.602809Z", "relationship_type": "indicates", "source_ref": "indicator--5c102609-a8b9-4ef8-9f45-e6bea3442a7d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--06d83d78-7bf9-437a-9a8d-c3394e23210f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.603809Z", "modified": "2026-06-02T15:57:34.603809Z", "relationship_type": "indicates", "source_ref": "indicator--c46f003d-580b-4e66-89b9-0b216ecbb0a7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b0f57218-5be7-488e-be2f-cae14d6d43ee", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.604784Z", "modified": "2026-06-02T15:57:34.604784Z", "relationship_type": "indicates", "source_ref": "indicator--9f2cdeec-8c0e-4cff-83a6-2f072dc4f8f7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9ca987a0-bd06-4ff9-bba7-f025c0291625", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.605907Z", "modified": "2026-06-02T15:57:34.605907Z", "relationship_type": "indicates", "source_ref": "indicator--e8b33051-f93f-4f10-bbe2-edb0405fdd78", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--997075ee-2e67-48ad-b11d-ca7c9cbc52c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.606941Z", "modified": "2026-06-02T15:57:34.606941Z", "relationship_type": "indicates", "source_ref": "indicator--3d3c5788-3447-4606-8c25-ecc0fafe414f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3946ec1e-4a52-40fe-8eac-6bb970bfdee5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.607943Z", "modified": "2026-06-02T15:57:34.607943Z", "relationship_type": "indicates", "source_ref": "indicator--fc11791f-b64b-4491-ba58-6e95f7bb0fcf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c8c027aa-52cd-4348-9abd-76dfa5a989a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.608925Z", "modified": "2026-06-02T15:57:34.608925Z", "relationship_type": "indicates", "source_ref": "indicator--198dc93e-5e27-41cb-a388-8def99d33455", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2b1a122e-b2ea-4e8a-8f5c-2fbed9525886", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.609913Z", "modified": "2026-06-02T15:57:34.609913Z", "relationship_type": "indicates", "source_ref": "indicator--8c31dcdc-b3ba-4068-8c94-053b5048191a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e72fbecc-d5f7-43be-9f02-2f3eb10307fd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.610888Z", "modified": "2026-06-02T15:57:34.610888Z", "relationship_type": "indicates", "source_ref": "indicator--4161e8c5-61b3-43e5-a2e1-1d2c02826c1b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b27f2fc4-093d-4be2-8267-e0b0a4888eb9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.611886Z", "modified": "2026-06-02T15:57:34.611886Z", "relationship_type": "indicates", "source_ref": "indicator--42e2c6c4-0536-4293-bfb6-01e465f24611", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f9dba68f-a634-42ee-948e-e36ca8425898", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.613784Z", "modified": "2026-06-02T15:57:34.613784Z", "relationship_type": "indicates", "source_ref": "indicator--aa2bd075-6b8c-4973-97d4-114f9d023b09", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--15b37e40-5568-41bb-b4eb-b07c9919fc5c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.614872Z", "modified": "2026-06-02T15:57:34.614872Z", "relationship_type": "indicates", "source_ref": "indicator--0ec7473b-31e8-47c7-a3a4-867e2a0afa9e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--741d1475-e390-4af8-9f87-a829debcf7a2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.615902Z", "modified": "2026-06-02T15:57:34.615902Z", "relationship_type": "indicates", "source_ref": "indicator--95ad1be9-8506-4847-b517-a2b6c90ce2e1", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--077eb290-b8ad-4ffe-8f6c-fbed30ba61c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.616898Z", "modified": "2026-06-02T15:57:34.616898Z", "relationship_type": "indicates", "source_ref": "indicator--78e73785-1a75-4036-8068-34b880a9315d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--739e5581-874b-4411-81a1-c7b52024601a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.617877Z", "modified": "2026-06-02T15:57:34.617877Z", "relationship_type": "indicates", "source_ref": "indicator--84a1cb85-e946-4fe1-90c0-df247d54e6d9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2bda617c-d1e8-4ab5-9769-ca54aff8cf36", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.618861Z", "modified": "2026-06-02T15:57:34.618861Z", "relationship_type": "indicates", "source_ref": "indicator--0cc5042d-f192-4223-a442-4e13b6751dcc", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9863c0e2-effe-42a3-ad26-dc56c7833d97", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.619853Z", "modified": "2026-06-02T15:57:34.619853Z", "relationship_type": "indicates", "source_ref": "indicator--af8785e2-b0d9-4d38-8586-44f060af9307", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--257ec93a-771c-4203-b8bf-518de8e5aba3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.620991Z", "modified": "2026-06-02T15:57:34.620991Z", "relationship_type": "indicates", "source_ref": "indicator--f1382fcc-3e92-43bc-8d61-060fc0d4ee61", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--99aa8d59-2236-41f5-9066-5162203a2b4f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.62199Z", "modified": "2026-06-02T15:57:34.62199Z", "relationship_type": "indicates", "source_ref": "indicator--61de0beb-afd0-4275-9640-24f59d7d8d23", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--448fcc46-3178-4076-8ee3-f769ae44aafe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.622982Z", "modified": "2026-06-02T15:57:34.622982Z", "relationship_type": "indicates", "source_ref": "indicator--59ed22ae-29b5-4344-9905-d8a4f4c1ea26", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b00f8674-8bf2-429c-bb1f-73abfdf54e6f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.623981Z", "modified": "2026-06-02T15:57:34.623981Z", "relationship_type": "indicates", "source_ref": "indicator--2ec8b951-2476-423a-9544-0a20c912e842", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3260b829-52a0-4720-92af-222c30a53e91", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.624963Z", "modified": "2026-06-02T15:57:34.624963Z", "relationship_type": "indicates", "source_ref": "indicator--891a0b8b-8fe7-4e5f-b921-d1869206c864", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5aa08a6d-45ef-4c11-96a6-45a39fa1e9ab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.625959Z", "modified": "2026-06-02T15:57:34.625959Z", "relationship_type": "indicates", "source_ref": "indicator--3ee34333-c9ff-48ce-90fa-d077b1c88685", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d196536d-e847-4c7c-91cd-562c8d9c96e8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.626941Z", "modified": "2026-06-02T15:57:34.626941Z", "relationship_type": "indicates", "source_ref": "indicator--3567cffc-e9d6-4ab0-9e74-b180dd82b2df", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--65af18b9-dd18-4a47-8a36-a2d632c39099", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.628085Z", "modified": "2026-06-02T15:57:34.628085Z", "relationship_type": "indicates", "source_ref": "indicator--f1ab7f62-697a-4489-ad13-ef4b453e951a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--371c5fc7-ea42-4144-a444-2b696ca24fbf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.629089Z", "modified": "2026-06-02T15:57:34.629089Z", "relationship_type": "indicates", "source_ref": "indicator--7fd88a4e-f366-4a72-90bb-0c92eb595396", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b6415001-9ed6-4b10-af3d-50bb6deaa541", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.630074Z", "modified": "2026-06-02T15:57:34.630074Z", "relationship_type": "indicates", "source_ref": "indicator--47a4467e-611d-49fc-b9dd-1e0301edc774", "target_ref": "malware--8844a8fc-39a8-47b6-a7e7-a547bb298c48"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2a29f667-4956-4eb2-aabf-39aad36b5886", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.631056Z", "modified": "2026-06-02T15:57:34.631056Z", "relationship_type": "indicates", "source_ref": "indicator--e00d05c3-5943-464f-9428-542e280c77aa", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e53a8b1e-5e19-41f8-b030-77a977f88b6b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.632053Z", "modified": "2026-06-02T15:57:34.632053Z", "relationship_type": "indicates", "source_ref": "indicator--a2357c92-1168-4777-8705-0a7daa58bcaf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--60f81605-343b-4c48-986b-58f6aa832f27", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.633032Z", "modified": "2026-06-02T15:57:34.633032Z", "relationship_type": "indicates", "source_ref": "indicator--fbf295d4-af3a-40eb-b2a7-6aca53ee3fc7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e55a59cf-1209-43c1-9a36-6dfb863b40ec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.634026Z", "modified": "2026-06-02T15:57:34.634026Z", "relationship_type": "indicates", "source_ref": "indicator--605cfee1-6094-4ebc-b26e-ec027431ff8d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--69206b9a-f3ae-409c-b3dc-19f1ce24ab4d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.635175Z", "modified": "2026-06-02T15:57:34.635175Z", "relationship_type": "indicates", "source_ref": "indicator--b90b1b72-bcef-44af-a29a-9544b9f3af35", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--71aab292-9d0d-4e49-8ba8-1894c71a97e8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.636176Z", "modified": "2026-06-02T15:57:34.636176Z", "relationship_type": "indicates", "source_ref": "indicator--01db3bad-558c-4e84-8482-5cd100ef005e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ee0578af-137c-4825-8541-169b46a44b57", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.637162Z", "modified": "2026-06-02T15:57:34.637162Z", "relationship_type": "indicates", "source_ref": "indicator--e6079f1c-1c33-4965-90ba-48ff45db7a15", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9f62e557-a150-4b9d-b762-812da504ec25", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.638138Z", "modified": "2026-06-02T15:57:34.638138Z", "relationship_type": "indicates", "source_ref": "indicator--714c04f6-85f3-47ad-b833-618b19d29e86", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4f98cf40-4436-4b92-9a13-35a5139e0758", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.63912Z", "modified": "2026-06-02T15:57:34.63912Z", "relationship_type": "indicates", "source_ref": "indicator--79aff396-63cb-4ea0-b6ee-b2ad3f43d49c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f80d590-6a35-463e-a03f-53fab30ef05d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.640098Z", "modified": "2026-06-02T15:57:34.640098Z", "relationship_type": "indicates", "source_ref": "indicator--5c84a1ce-5be1-4090-89c9-f0ad6757c451", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4c7a072b-f17f-437b-bfc2-513202f01a17", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.64109Z", "modified": "2026-06-02T15:57:34.64109Z", "relationship_type": "indicates", "source_ref": "indicator--05ba9a4e-da31-47e5-b245-4a1fde295578", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c90f5952-90c5-4d68-8dc2-8e772e9d9413", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.642205Z", "modified": "2026-06-02T15:57:34.642205Z", "relationship_type": "indicates", "source_ref": "indicator--3649acab-bf74-4df5-8ad8-4235374c094a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--30f95d1f-4e7c-4a61-a5b1-63d38a2a43f7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.643253Z", "modified": "2026-06-02T15:57:34.643253Z", "relationship_type": "indicates", "source_ref": "indicator--acc30575-a289-4a32-9aed-ff8a12ef775d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--44ff2bc1-52fe-4fd4-85eb-f6b44e96947e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.644328Z", "modified": "2026-06-02T15:57:34.644328Z", "relationship_type": "indicates", "source_ref": "indicator--c0c5ad3d-d54d-4ac8-9ec1-05b97bd5905e", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4cf9c6f8-8cda-4ffa-b164-30e92824fa65", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.64531Z", "modified": "2026-06-02T15:57:34.64531Z", "relationship_type": "indicates", "source_ref": "indicator--7048006a-c9e7-472f-ab44-cf37c1f4bc5a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4734dbb4-bde6-4351-9aba-65dc53ff4133", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.646284Z", "modified": "2026-06-02T15:57:34.646284Z", "relationship_type": "indicates", "source_ref": "indicator--de9924f6-2986-45ab-916a-7ed01b6f799f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--06501cd3-f6ec-45ca-887f-be63abf20862", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.647293Z", "modified": "2026-06-02T15:57:34.647293Z", "relationship_type": "indicates", "source_ref": "indicator--9a8325ce-9ec2-4eed-8aef-6d77acb55098", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--834fbc2e-1523-4650-8fe3-23e337c7c3b4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.648314Z", "modified": "2026-06-02T15:57:34.648314Z", "relationship_type": "indicates", "source_ref": "indicator--0680a16c-7ae7-4fb4-869f-d7815e5f6445", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b45ac83d-795d-4d2b-96cf-63f9d862a912", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.64944Z", "modified": "2026-06-02T15:57:34.64944Z", "relationship_type": "indicates", "source_ref": "indicator--bac703b1-fa5c-44e3-b5de-ff44b5888e70", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f93686b7-8988-4c00-bd41-793af9222e0c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.650435Z", "modified": "2026-06-02T15:57:34.650435Z", "relationship_type": "indicates", "source_ref": "indicator--7b87b049-3206-4be8-93c9-c76bac2e9c59", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc2ae750-30c4-4b1b-bb20-988ac66224d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.651428Z", "modified": "2026-06-02T15:57:34.651428Z", "relationship_type": "indicates", "source_ref": "indicator--d58128e9-3a08-404a-a209-c585bda79f6c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6d5ec130-589d-44d3-bf26-5e00deaa7fa8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.652415Z", "modified": "2026-06-02T15:57:34.652415Z", "relationship_type": "indicates", "source_ref": "indicator--d471b995-31f0-469b-9ab3-0be3270b4dd6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--667ca962-8a26-484d-a26a-fb76c2a91c98", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.653406Z", "modified": "2026-06-02T15:57:34.653406Z", "relationship_type": "indicates", "source_ref": "indicator--8d739013-fc9b-473c-b141-b6f664e8c8c3", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a7f8d16f-2f34-481d-bc16-c2a089028dd9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.654408Z", "modified": "2026-06-02T15:57:34.654408Z", "relationship_type": "indicates", "source_ref": "indicator--876e2fcd-d562-4330-9413-50fd3cbe572d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2980553a-8b11-44bb-9a40-9479e56b56c7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.655408Z", "modified": "2026-06-02T15:57:34.655408Z", "relationship_type": "indicates", "source_ref": "indicator--342a8a86-3a67-413f-b295-04e175dc6591", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--adc956c8-0781-4f55-82a7-ffa60317af95", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.656541Z", "modified": "2026-06-02T15:57:34.656541Z", "relationship_type": "indicates", "source_ref": "indicator--84cde844-0820-400f-96cd-e1366b575e31", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b243f345-fd9a-4a5c-a410-81f5f40e03c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.657542Z", "modified": "2026-06-02T15:57:34.657542Z", "relationship_type": "indicates", "source_ref": "indicator--d78f5491-38f5-44b0-a773-d267c05e276d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--95abc5b6-9a5e-4b76-a812-d2b5ae206db2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.658531Z", "modified": "2026-06-02T15:57:34.658531Z", "relationship_type": "indicates", "source_ref": "indicator--5d1d22dd-f034-4885-b687-2e628d08e4ef", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7f5e3da5-c8b7-414e-9c0e-8b3fb2d91012", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.659533Z", "modified": "2026-06-02T15:57:34.659533Z", "relationship_type": "indicates", "source_ref": "indicator--85129370-7191-481d-a8bd-065b0c0bb3c2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--420972da-dfd9-41ac-bddf-94589e68e73d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.660527Z", "modified": "2026-06-02T15:57:34.660527Z", "relationship_type": "indicates", "source_ref": "indicator--c5429b47-1171-4fac-bbac-afac195b6ca0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--22f02ff4-da26-43d0-b0fd-f15bf77e0bd9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.661513Z", "modified": "2026-06-02T15:57:34.661513Z", "relationship_type": "indicates", "source_ref": "indicator--bcff8e5c-a20a-43be-b7e5-598c82c59a4a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--55ab5a2e-4c3e-49d1-8bd1-23fc0ab76a0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.662489Z", "modified": "2026-06-02T15:57:34.662489Z", "relationship_type": "indicates", "source_ref": "indicator--e4012f1b-38e3-4f84-8ea9-b14a5c1097cd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dcef3077-035b-4856-9734-f8bdaa4114b4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.66362Z", "modified": "2026-06-02T15:57:34.66362Z", "relationship_type": "indicates", "source_ref": "indicator--d395f2f0-10a2-4a4c-8c19-e587ac70d680", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc395906-9c24-457c-a94c-db8c36d5786c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.66464Z", "modified": "2026-06-02T15:57:34.66464Z", "relationship_type": "indicates", "source_ref": "indicator--104be811-6c84-458f-89b3-216d0c8a8206", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bd452682-572e-4ee3-9842-eedc07d14e6c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.665632Z", "modified": "2026-06-02T15:57:34.665632Z", "relationship_type": "indicates", "source_ref": "indicator--d3d26df8-8e76-4c87-9539-5a2187822c29", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--056de69b-379b-4785-bd51-1f847ce8a44e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.666612Z", "modified": "2026-06-02T15:57:34.666612Z", "relationship_type": "indicates", "source_ref": "indicator--23773df4-22ec-443f-8fea-0831a8e4b494", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ca0e02ba-d8b6-48c6-a5e8-1fc796e7fb98", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.667605Z", "modified": "2026-06-02T15:57:34.667605Z", "relationship_type": "indicates", "source_ref": "indicator--7c521b0d-6556-4a65-a97a-34de105cc233", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8f47076c-0639-4abb-b606-1c011bdb78e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.668583Z", "modified": "2026-06-02T15:57:34.668583Z", "relationship_type": "indicates", "source_ref": "indicator--9967f8bf-2967-4d20-96b0-84f1f7260d3f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bf9006e0-81cc-4c23-afc6-58e1dc52c1a1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.669556Z", "modified": "2026-06-02T15:57:34.669556Z", "relationship_type": "indicates", "source_ref": "indicator--d5a84a7a-59fb-43bb-86e3-252c2a648677", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8558574a-b8e3-4b4d-8b8e-86f681ec2827", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.670672Z", "modified": "2026-06-02T15:57:34.670672Z", "relationship_type": "indicates", "source_ref": "indicator--2c3a2e10-a733-43df-9e26-973bd528c677", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fcec11a9-9d57-4731-a3c3-b408c36703c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.6717Z", "modified": "2026-06-02T15:57:34.6717Z", "relationship_type": "indicates", "source_ref": "indicator--955648b7-acb1-4c4c-bbb8-4a2e6dc2cbad", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a1f87748-26c6-46eb-b6a1-92f827df0a6c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.672682Z", "modified": "2026-06-02T15:57:34.672682Z", "relationship_type": "indicates", "source_ref": "indicator--973e8952-8018-4ecd-88c2-080413b1f0ae", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0115d207-ea46-46d6-917c-c1f1e03beb83", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.673677Z", "modified": "2026-06-02T15:57:34.673677Z", "relationship_type": "indicates", "source_ref": "indicator--c6d5e3ff-7c5f-4cf8-a194-2a512cec1f5a", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c85e3253-3897-4e65-832a-cd7d53e0da9e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.674663Z", "modified": "2026-06-02T15:57:34.674663Z", "relationship_type": "indicates", "source_ref": "indicator--21cf6162-3220-4a96-8e5d-3d63b51a4f59", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1875362b-f137-445f-9dfc-6f3d58b57b5a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.675654Z", "modified": "2026-06-02T15:57:34.675654Z", "relationship_type": "indicates", "source_ref": "indicator--a6937546-54f6-4776-80b7-ddb0581c7914", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9c232f18-3eaf-4ae7-90f4-f2cbde69c716", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.676629Z", "modified": "2026-06-02T15:57:34.676629Z", "relationship_type": "indicates", "source_ref": "indicator--5632842f-7fe4-4831-af6b-8eab6e93e770", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b24fac4e-6353-4bd3-8886-6acf98ca8e7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.677748Z", "modified": "2026-06-02T15:57:34.677748Z", "relationship_type": "indicates", "source_ref": "indicator--5763f237-ed56-4f9c-bfc5-38c51b94cf29", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d268c0e7-3467-4f9e-99e2-eb6960de9929", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.678742Z", "modified": "2026-06-02T15:57:34.678742Z", "relationship_type": "indicates", "source_ref": "indicator--5238b69c-ea98-4e81-b88d-2733432e791f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b23eb652-c6a6-4446-a02e-360cebe39c6e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.679739Z", "modified": "2026-06-02T15:57:34.679739Z", "relationship_type": "indicates", "source_ref": "indicator--9c7cd9e0-3079-4af9-bbfe-a5ef86db0fbb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--66cc9c1e-df7e-4ed8-a054-afd9686217d3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.68073Z", "modified": "2026-06-02T15:57:34.68073Z", "relationship_type": "indicates", "source_ref": "indicator--f3744a76-c3e1-4b3b-a7a4-f66bc179b49d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--966aa40b-5ac5-471d-8945-1e868738ba90", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.681716Z", "modified": "2026-06-02T15:57:34.681716Z", "relationship_type": "indicates", "source_ref": "indicator--110f5902-7ad3-49d5-afb6-332c370c7cd6", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--65477316-9a3f-41cd-ac4f-8bd63bb62d55", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.682695Z", "modified": "2026-06-02T15:57:34.682695Z", "relationship_type": "indicates", "source_ref": "indicator--3ed3166b-aa36-4d69-99c9-f950ed2470df", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--64274896-de12-4c66-a4eb-9deb4a898af4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.6837Z", "modified": "2026-06-02T15:57:34.6837Z", "relationship_type": "indicates", "source_ref": "indicator--8aa33bf1-8d4c-41dc-af2e-9feda0e0bf6f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8901cd81-3a44-4b9f-862c-0c8a42d097d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.684825Z", "modified": "2026-06-02T15:57:34.684825Z", "relationship_type": "indicates", "source_ref": "indicator--77bf63c6-c51e-425b-9edc-de6a36dea57b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--15009adf-2bf8-49db-9946-409e94394477", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.68582Z", "modified": "2026-06-02T15:57:34.68582Z", "relationship_type": "indicates", "source_ref": "indicator--acdd89bf-2d28-4369-83d6-68af1c1790d8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f4a5a64d-dca5-4ef9-a952-cd2fd18e97bc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.686812Z", "modified": "2026-06-02T15:57:34.686812Z", "relationship_type": "indicates", "source_ref": "indicator--2c29aca3-ac35-4acc-aa83-7770e5dfa04b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5bef6c13-3020-4522-83cc-7a87121be2d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.68783Z", "modified": "2026-06-02T15:57:34.68783Z", "relationship_type": "indicates", "source_ref": "indicator--dee45bce-68ac-4c6a-a9aa-33baaf1e9f6a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bc98dbe8-a250-4352-b086-ea5e987ec51b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.688819Z", "modified": "2026-06-02T15:57:34.688819Z", "relationship_type": "indicates", "source_ref": "indicator--d0dcead5-1c5d-4f11-8429-719304902696", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fb561961-1a77-43d1-ab8a-713d4cf0623f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.689812Z", "modified": "2026-06-02T15:57:34.689812Z", "relationship_type": "indicates", "source_ref": "indicator--7dc2c398-fd38-4e56-9325-422cf0fd2b20", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e9b76e11-ea60-47eb-b320-ded73fc70e5c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.690785Z", "modified": "2026-06-02T15:57:34.690785Z", "relationship_type": "indicates", "source_ref": "indicator--d34dc709-1f86-4434-8e48-163e1df9d121", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d316897b-8148-4edb-a55c-df0cd6a3357e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.69193Z", "modified": "2026-06-02T15:57:34.69193Z", "relationship_type": "indicates", "source_ref": "indicator--eb4e527c-7006-4991-a5b8-b912491b489d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ec9aa1fd-122e-4f1b-9861-1467c22233d4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.692936Z", "modified": "2026-06-02T15:57:34.692936Z", "relationship_type": "indicates", "source_ref": "indicator--0b407f95-ba8b-4949-ac9d-f710295d46d8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--17782aad-9507-4dc9-af45-c14c0a023744", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.693919Z", "modified": "2026-06-02T15:57:34.693919Z", "relationship_type": "indicates", "source_ref": "indicator--89839be6-c9f6-4d35-9ce8-61d9122b26bf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6d555f6d-1e4b-4179-a240-e64d9643c758", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.694897Z", "modified": "2026-06-02T15:57:34.694897Z", "relationship_type": "indicates", "source_ref": "indicator--fbba8f14-3df8-4fbc-abeb-149fac83cf6b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--25a08c53-4bd5-447c-8f79-e6cd2bceea03", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.695905Z", "modified": "2026-06-02T15:57:34.695905Z", "relationship_type": "indicates", "source_ref": "indicator--1a37de3b-082b-4511-9b6e-e1de50f28d3b", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c090210a-b07e-442a-a494-5db90abe866e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.696888Z", "modified": "2026-06-02T15:57:34.696888Z", "relationship_type": "indicates", "source_ref": "indicator--19aed906-c4b2-41ab-b9df-60ba08e4e3ff", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3b09668b-f05e-4b42-b52c-21b4c2ddbe63", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.697866Z", "modified": "2026-06-02T15:57:34.697866Z", "relationship_type": "indicates", "source_ref": "indicator--3aaf6bfe-e61b-41e2-b248-3dbab3f45495", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dddb8371-539c-44fd-a821-3f5c48149488", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.699806Z", "modified": "2026-06-02T15:57:34.699806Z", "relationship_type": "indicates", "source_ref": "indicator--31f4d58d-f815-4b31-9ad8-2e66e49660f2", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0aa5b468-1028-4f44-8bff-c57195ed2395", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.700916Z", "modified": "2026-06-02T15:57:34.700916Z", "relationship_type": "indicates", "source_ref": "indicator--099bcabd-486f-4a3d-83ea-ad499b2cf80c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2495eb69-6fcc-4317-a1ee-702f79c0a492", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.701922Z", "modified": "2026-06-02T15:57:34.701922Z", "relationship_type": "indicates", "source_ref": "indicator--d49eda2b-ffb9-47f7-99c6-9d1cb6bf7e7d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--33f4b000-67aa-43a8-9e45-57bd127d1205", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.702916Z", "modified": "2026-06-02T15:57:34.702916Z", "relationship_type": "indicates", "source_ref": "indicator--bb3e860b-cb2f-4f6d-8f0b-ddf579909508", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aa76c95a-9d31-421a-9fba-ed6c1f9f9757", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.703913Z", "modified": "2026-06-02T15:57:34.703913Z", "relationship_type": "indicates", "source_ref": "indicator--f04a6d68-ed12-4de2-afa0-3f470be43356", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--df0e4078-52b6-42ba-8ad1-d4991c31f1aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.704954Z", "modified": "2026-06-02T15:57:34.704954Z", "relationship_type": "indicates", "source_ref": "indicator--eeb8e7fa-4a07-49c5-b86f-186a799bd6f1", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6255dc82-3b82-4707-8ac3-07809d5dac07", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.705936Z", "modified": "2026-06-02T15:57:34.705936Z", "relationship_type": "indicates", "source_ref": "indicator--59e945fc-61fe-4f0b-a36e-0a8c19faaa46", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4836b42d-b063-4247-a76c-65d49855d082", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.771959Z", "modified": "2026-06-02T15:57:34.771959Z", "relationship_type": "indicates", "source_ref": "indicator--6b6c042a-659f-47b9-bc11-ebf970ebe9ae", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e09daa33-7100-4a37-a7a3-9252e9a1b841", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.773363Z", "modified": "2026-06-02T15:57:34.773363Z", "relationship_type": "indicates", "source_ref": "indicator--5f81ab99-a20f-41a1-afe9-fece29eda429", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--33967d6d-2f0c-4fe7-8ee8-54a33274d243", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.77443Z", "modified": "2026-06-02T15:57:34.77443Z", "relationship_type": "indicates", "source_ref": "indicator--56a58014-046c-4911-b22f-83210335dab4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8aedf8c8-7244-45f7-8974-9eb138cd9a7b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.775493Z", "modified": "2026-06-02T15:57:34.775493Z", "relationship_type": "indicates", "source_ref": "indicator--b7be4521-b626-4ae6-9cdd-d8d33e937781", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c3831d90-b853-4cee-bbe3-f5ede87602ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.776544Z", "modified": "2026-06-02T15:57:34.776544Z", "relationship_type": "indicates", "source_ref": "indicator--cbb97b61-ad94-4141-a576-1d28df765f75", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--960368b9-e5ba-45e1-bc0a-1385edc1a84e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.777568Z", "modified": "2026-06-02T15:57:34.777568Z", "relationship_type": "indicates", "source_ref": "indicator--d2f8e704-ad4d-483f-896f-61e54bcea356", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3b6c0d34-ed03-4834-ab14-8f5ba6b13741", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.778705Z", "modified": "2026-06-02T15:57:34.778705Z", "relationship_type": "indicates", "source_ref": "indicator--89768a42-4c44-4dfb-8df9-f4820a90a022", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--42933e34-3a3c-4e38-a59e-6d01b9d6367d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.779728Z", "modified": "2026-06-02T15:57:34.779728Z", "relationship_type": "indicates", "source_ref": "indicator--a403a41d-78da-490e-8448-474831d6f09f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cefc9740-dcae-418b-b3b2-ff4a55da6d1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.780742Z", "modified": "2026-06-02T15:57:34.780742Z", "relationship_type": "indicates", "source_ref": "indicator--cc8083b1-5970-4d4a-99eb-47cd9adf33b9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--56614dba-6d3e-42d6-b7de-04ad28991733", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.781749Z", "modified": "2026-06-02T15:57:34.781749Z", "relationship_type": "indicates", "source_ref": "indicator--0b4c81af-5747-4798-9435-ede9dad38982", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--edbe975b-4a5d-42f6-84c0-24e25df18cfd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.782742Z", "modified": "2026-06-02T15:57:34.782742Z", "relationship_type": "indicates", "source_ref": "indicator--703872d6-5d44-420b-95f7-b539e6f140f6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a8cc7d44-1898-4332-aed5-defc0be42361", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.783759Z", "modified": "2026-06-02T15:57:34.783759Z", "relationship_type": "indicates", "source_ref": "indicator--a09ddee1-2730-4a60-9b8f-ffdf54f56ba1", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b15450ed-f395-4f69-832c-68bc3b57a9e4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.784748Z", "modified": "2026-06-02T15:57:34.784748Z", "relationship_type": "indicates", "source_ref": "indicator--15269d64-e8cc-419e-bf7e-4806aada0d79", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--47976236-238d-4a5f-8936-d336de65d4bf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.785881Z", "modified": "2026-06-02T15:57:34.785881Z", "relationship_type": "indicates", "source_ref": "indicator--83231eeb-e6eb-4891-99ec-a855d9192b19", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--befa5c7e-60dc-43fe-90f3-40adc957033e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.786906Z", "modified": "2026-06-02T15:57:34.786906Z", "relationship_type": "indicates", "source_ref": "indicator--0598e3a8-9d39-4259-bf4f-56feb8043e3b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7f3f85ec-6941-4342-a377-ec1a5c6376e5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.787917Z", "modified": "2026-06-02T15:57:34.787917Z", "relationship_type": "indicates", "source_ref": "indicator--b4760fd5-2cf4-4d1b-b6e0-47a0363b40d9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f8bdc675-4cb8-48fa-a750-cd2409a50e7b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.788921Z", "modified": "2026-06-02T15:57:34.788921Z", "relationship_type": "indicates", "source_ref": "indicator--8d5ae7e1-90e9-4184-9389-6a6e652da126", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cbd04170-43c8-402e-9780-a43a5f4e943a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.78991Z", "modified": "2026-06-02T15:57:34.78991Z", "relationship_type": "indicates", "source_ref": "indicator--03964732-c63f-4aef-acf7-c45a5607ae43", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--675a8d36-63ea-48a6-a231-66933dd7033f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.790893Z", "modified": "2026-06-02T15:57:34.790893Z", "relationship_type": "indicates", "source_ref": "indicator--cea57427-13e9-461e-9161-d14e15b85bac", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--346fe44c-8a94-4244-8331-c29d6f046053", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.79189Z", "modified": "2026-06-02T15:57:34.79189Z", "relationship_type": "indicates", "source_ref": "indicator--9ec4613b-b23a-41bc-9f72-58a84c99318d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a12dd9be-62d1-4223-9685-e28b67dc58cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.793029Z", "modified": "2026-06-02T15:57:34.793029Z", "relationship_type": "indicates", "source_ref": "indicator--d38d8962-34b2-4a26-be5e-6d2bc1ec6629", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--63934d08-5b85-43dd-999d-1f39ebcb7fbb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.794029Z", "modified": "2026-06-02T15:57:34.794029Z", "relationship_type": "indicates", "source_ref": "indicator--de0de826-01c0-473f-9934-3fa57f2baad0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aba1a17c-6b15-40e4-836e-6fac97e68ff0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.795032Z", "modified": "2026-06-02T15:57:34.795032Z", "relationship_type": "indicates", "source_ref": "indicator--a4d7d268-52bb-4c00-987b-030464871700", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f6fd9a77-e60c-4bf9-b03e-f145ffeb9b2b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.796042Z", "modified": "2026-06-02T15:57:34.796042Z", "relationship_type": "indicates", "source_ref": "indicator--7403d77a-bf98-4d88-ad60-01b9a07aaf9b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f7639fc0-339f-43be-8902-c8f0f00f0b38", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.797031Z", "modified": "2026-06-02T15:57:34.797031Z", "relationship_type": "indicates", "source_ref": "indicator--d41ca3ba-b580-4c0f-b3f5-af334aa7621e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f81d496c-a993-4f2f-8edf-2fe7cb68934a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.798027Z", "modified": "2026-06-02T15:57:34.798027Z", "relationship_type": "indicates", "source_ref": "indicator--c8f242be-4eaf-47db-aa7d-ee3c2fab3d7e", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c6645639-d5e3-4874-b85e-ffbb275ead1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.799016Z", "modified": "2026-06-02T15:57:34.799016Z", "relationship_type": "indicates", "source_ref": "indicator--7399fe23-3ab1-48e8-a8f9-a9f033a351cb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e2506665-1e33-4510-adcf-24b602d7785a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.80017Z", "modified": "2026-06-02T15:57:34.80017Z", "relationship_type": "indicates", "source_ref": "indicator--3d892efa-935f-4672-a5f9-f7fc71d17954", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e11f1472-c06a-4fcf-9dcf-689e77806187", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.801173Z", "modified": "2026-06-02T15:57:34.801173Z", "relationship_type": "indicates", "source_ref": "indicator--0fa3e248-0c67-4e6d-9d2c-385c98085f00", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6acaf239-c8fb-4c03-b37f-02a0952e83f5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.802163Z", "modified": "2026-06-02T15:57:34.802163Z", "relationship_type": "indicates", "source_ref": "indicator--4a25c238-6552-444b-b236-36f60a26cb71", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0846ac39-e6d1-4523-aaaf-219d235351ba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.803152Z", "modified": "2026-06-02T15:57:34.803152Z", "relationship_type": "indicates", "source_ref": "indicator--eafb4c1d-57b7-4711-8ea5-a7f4853751e0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--246c5fb3-9c83-4545-b53f-51a4b618a81c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.804134Z", "modified": "2026-06-02T15:57:34.804134Z", "relationship_type": "indicates", "source_ref": "indicator--39461792-071d-4001-81d5-2fe84660527c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8627ced1-1b9a-47c8-a0c4-7c1bc6aa490c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.805126Z", "modified": "2026-06-02T15:57:34.805126Z", "relationship_type": "indicates", "source_ref": "indicator--3ed19331-85d6-4a9b-a0d3-3fae2d38405b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--07210171-6eac-4f13-8e1b-6170db87cfd6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.806112Z", "modified": "2026-06-02T15:57:34.806112Z", "relationship_type": "indicates", "source_ref": "indicator--72ffa74c-9f8c-4483-9236-7b7522f8275a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--33a66a72-071d-4f47-b279-c2d0d7e58c59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.807261Z", "modified": "2026-06-02T15:57:34.807261Z", "relationship_type": "indicates", "source_ref": "indicator--ab882020-5173-40c9-9fc3-493b4889b1c1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--905af27f-e3c3-4564-9526-dc49eadfa59d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.808268Z", "modified": "2026-06-02T15:57:34.808268Z", "relationship_type": "indicates", "source_ref": "indicator--dab4e78d-1f66-4fb8-83e8-7e7cd9d12f59", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b1bfeed3-f727-4108-bb8d-9cc78f2a612c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.809257Z", "modified": "2026-06-02T15:57:34.809257Z", "relationship_type": "indicates", "source_ref": "indicator--5d346457-e743-400a-a75f-798c1c26e04c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--76842977-500c-4c37-bad6-dbc38a480bf8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.810242Z", "modified": "2026-06-02T15:57:34.810242Z", "relationship_type": "indicates", "source_ref": "indicator--cc7c2e21-1c6c-4c06-a4f2-d8cd16047f4f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9baf2965-9c42-4eae-8f7d-b7dc40fea23b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.811244Z", "modified": "2026-06-02T15:57:34.811244Z", "relationship_type": "indicates", "source_ref": "indicator--c541be83-e1cf-4dce-b524-b92c95da73b0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4d58f4e3-c321-4c1c-92e7-516a8ccfc6a4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.812228Z", "modified": "2026-06-02T15:57:34.812228Z", "relationship_type": "indicates", "source_ref": "indicator--adcd4741-65d9-434b-92fd-aac0a2d3ff5c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--34af1802-7fea-4ebc-8fcd-2bfbbddb8357", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.813213Z", "modified": "2026-06-02T15:57:34.813213Z", "relationship_type": "indicates", "source_ref": "indicator--7e82a2d8-d43e-44e6-a7f7-8f4f314e2a81", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1338f3fb-467f-4040-8919-bec72e891910", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.814338Z", "modified": "2026-06-02T15:57:34.814338Z", "relationship_type": "indicates", "source_ref": "indicator--1aa15a03-50a6-4319-ac26-81028156dbdf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7afa6128-d855-4fb3-849d-56bc26804791", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.81534Z", "modified": "2026-06-02T15:57:34.81534Z", "relationship_type": "indicates", "source_ref": "indicator--a168ff40-655f-47ea-9bbf-c1bddf214f2e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e45f542f-3ea1-40d2-95ec-60dafa03631a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.816329Z", "modified": "2026-06-02T15:57:34.816329Z", "relationship_type": "indicates", "source_ref": "indicator--0210dc9a-1cd1-4dd3-884c-be1d171a8a43", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--442a64df-437b-48e8-a065-947a66dc18f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.817317Z", "modified": "2026-06-02T15:57:34.817317Z", "relationship_type": "indicates", "source_ref": "indicator--31fcd257-c55d-4b3f-8179-60a2a0202db7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--296f2557-7525-4824-9ca9-6e6c0f8b8c0f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.818293Z", "modified": "2026-06-02T15:57:34.818293Z", "relationship_type": "indicates", "source_ref": "indicator--30606a1a-4309-4389-996d-8c0fa1908395", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f1576dde-bf28-4515-a6b5-410f09a4270a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.819286Z", "modified": "2026-06-02T15:57:34.819286Z", "relationship_type": "indicates", "source_ref": "indicator--5c983946-0b7b-4b4c-a91e-860ef5904a00", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--983d8322-33f6-422a-a33a-357e23216955", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.820295Z", "modified": "2026-06-02T15:57:34.820295Z", "relationship_type": "indicates", "source_ref": "indicator--3b06a120-3fdc-40ec-903e-b275eb455ed7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3dd7f9cf-afff-482c-b893-584a90de712f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.821425Z", "modified": "2026-06-02T15:57:34.821425Z", "relationship_type": "indicates", "source_ref": "indicator--6af0a62f-fbb8-41e1-be80-f9d1cdab6bbd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--496a52d7-6549-4f6a-a57a-1c90482ccb05", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.822425Z", "modified": "2026-06-02T15:57:34.822425Z", "relationship_type": "indicates", "source_ref": "indicator--1dff789a-4484-4901-b41d-221bd542b780", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8d6c75a0-3f5e-4b2c-9de2-91d2204f6789", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.823434Z", "modified": "2026-06-02T15:57:34.823434Z", "relationship_type": "indicates", "source_ref": "indicator--57a452e1-b246-447f-bce2-9cd5c8f09129", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e109e08a-8399-4780-a3e1-0ddbc5a375be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.824423Z", "modified": "2026-06-02T15:57:34.824423Z", "relationship_type": "indicates", "source_ref": "indicator--476e3368-adbf-429a-ac81-b66bc80c279e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e2659ac2-cf5e-4a11-8225-190757ff63be", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.825406Z", "modified": "2026-06-02T15:57:34.825406Z", "relationship_type": "indicates", "source_ref": "indicator--13b0a65a-5ce6-4bfc-a1b8-acd8f20dd20e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--333f2f3c-a479-4b8a-a4ca-d635c98084f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.826383Z", "modified": "2026-06-02T15:57:34.826383Z", "relationship_type": "indicates", "source_ref": "indicator--c117fc76-1e23-4cee-bba6-653468fa8e45", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--96c138a6-8187-4c70-8031-cf760ad8a154", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.82739Z", "modified": "2026-06-02T15:57:34.82739Z", "relationship_type": "indicates", "source_ref": "indicator--30df86a7-4db1-48f7-9d46-50b5b227ebaf", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a7a86a80-3c3c-4eb3-9beb-18b36fb021af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.828512Z", "modified": "2026-06-02T15:57:34.828512Z", "relationship_type": "indicates", "source_ref": "indicator--0c8b9890-a357-4f4b-bb93-d247d68c573d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--74dce16e-7d52-447f-baa9-c9ecdd0625d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.82952Z", "modified": "2026-06-02T15:57:34.82952Z", "relationship_type": "indicates", "source_ref": "indicator--7983996b-ffef-46e8-812f-a2c002f866c5", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b35f0b04-444a-4d82-8fa1-fc08f856342c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.830506Z", "modified": "2026-06-02T15:57:34.830506Z", "relationship_type": "indicates", "source_ref": "indicator--1a114c66-7d00-485a-ad3b-db77d98095f0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--910eba9e-f01c-436c-b54b-dd4933eac64d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.831506Z", "modified": "2026-06-02T15:57:34.831506Z", "relationship_type": "indicates", "source_ref": "indicator--dff09ee2-6cd6-459e-8a15-77fb4e762c32", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--43b60cb9-20bc-4eed-aaa7-dd6c2750fdaf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.832491Z", "modified": "2026-06-02T15:57:34.832491Z", "relationship_type": "indicates", "source_ref": "indicator--66f6c16d-8f04-4177-bfa0-3036ebf6f6fd", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c126fdbe-e534-47b8-ba32-dc03d17a65fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.833486Z", "modified": "2026-06-02T15:57:34.833486Z", "relationship_type": "indicates", "source_ref": "indicator--11c6a866-515b-4f00-ab94-99031eb84b64", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--167479e8-6e4c-4acf-8a95-fd0765c0a188", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.834464Z", "modified": "2026-06-02T15:57:34.834464Z", "relationship_type": "indicates", "source_ref": "indicator--2d69c71b-6f4c-4354-bdf4-17e152fe4175", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9f71a7a3-277b-4323-8a44-e73f6857234c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.835653Z", "modified": "2026-06-02T15:57:34.835653Z", "relationship_type": "indicates", "source_ref": "indicator--af4f5331-db0c-40c8-b1f4-48435b357d4a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4fd8e3c1-7024-4334-b1cb-0ce38bd66981", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.836661Z", "modified": "2026-06-02T15:57:34.836661Z", "relationship_type": "indicates", "source_ref": "indicator--23c9a10b-86bc-4987-be6f-a0c521ecb680", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--046f1103-4898-4048-a625-5ecd8f3636dc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.837667Z", "modified": "2026-06-02T15:57:34.837667Z", "relationship_type": "indicates", "source_ref": "indicator--97423172-849e-4dc8-bb0b-e6b6dc6020cf", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0d17704f-bd11-4567-b86e-df66c2134b8a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.83865Z", "modified": "2026-06-02T15:57:34.83865Z", "relationship_type": "indicates", "source_ref": "indicator--b199b3d4-83bd-4628-942c-f723dafcbe70", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--86e7c26c-c25a-42b3-8563-3d295a131deb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.839643Z", "modified": "2026-06-02T15:57:34.839643Z", "relationship_type": "indicates", "source_ref": "indicator--5c417bef-32c5-4b80-8269-d288537ccb6a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4506ef5d-2f71-43fe-9c3a-6ed0f4890e28", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.840637Z", "modified": "2026-06-02T15:57:34.840637Z", "relationship_type": "indicates", "source_ref": "indicator--a2f47bc1-1b73-44a6-ad62-023bda7d0bfe", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c8ba4d1f-329a-4493-8e61-e481799ee58a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.841621Z", "modified": "2026-06-02T15:57:34.841621Z", "relationship_type": "indicates", "source_ref": "indicator--d31290f4-103a-42d7-8f07-c20201c254de", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ea7e0e88-590b-45d0-b29e-a6b653257440", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.842736Z", "modified": "2026-06-02T15:57:34.842736Z", "relationship_type": "indicates", "source_ref": "indicator--9fd9eb15-7a22-449a-8d54-c1b9df3601f0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bd44c269-70e1-4229-81c3-affbed0c04b7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.843745Z", "modified": "2026-06-02T15:57:34.843745Z", "relationship_type": "indicates", "source_ref": "indicator--d5d17004-6f08-4afc-91e7-b0db38984967", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--436a894a-7357-4fd9-bcb6-177d2a824394", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.844728Z", "modified": "2026-06-02T15:57:34.844728Z", "relationship_type": "indicates", "source_ref": "indicator--962cbb15-d555-4199-a43f-fc376d00d178", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--66245607-663e-4bf0-91d6-5ec9d19360c6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.845727Z", "modified": "2026-06-02T15:57:34.845727Z", "relationship_type": "indicates", "source_ref": "indicator--d232fe2d-32b2-41b8-8847-7a373b909547", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1197bc6e-ea83-4fd2-a7eb-ebc03bbc0291", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.846732Z", "modified": "2026-06-02T15:57:34.846732Z", "relationship_type": "indicates", "source_ref": "indicator--3d124576-8830-4431-ac93-685e66941fe5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b8ddcd88-7f96-4b3d-9495-2d657c4294fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.847746Z", "modified": "2026-06-02T15:57:34.847746Z", "relationship_type": "indicates", "source_ref": "indicator--88b52964-44c3-4462-82b5-7ac1688b9fd5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2e590d4a-d80a-40d5-94d8-58a43a701327", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.848727Z", "modified": "2026-06-02T15:57:34.848727Z", "relationship_type": "indicates", "source_ref": "indicator--de65199a-b137-45b7-bf79-937a59188978", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--05627380-6e1c-4a01-abfa-9fd20a6a1f9c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.849854Z", "modified": "2026-06-02T15:57:34.849854Z", "relationship_type": "indicates", "source_ref": "indicator--7c01811c-efc4-4f80-b528-1c0e552459f2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ff9e86c2-4205-4986-9a44-725027dc7e76", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.850855Z", "modified": "2026-06-02T15:57:34.850855Z", "relationship_type": "indicates", "source_ref": "indicator--7b2ef57d-5a96-424e-9b6f-cce75355157d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e7f67791-4c18-4653-ad5b-7ed191cbf1a3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.851853Z", "modified": "2026-06-02T15:57:34.851853Z", "relationship_type": "indicates", "source_ref": "indicator--b2355aba-70f3-4232-9b03-744d590c3e59", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b7993d9d-affc-41c3-b537-1e41222f170a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.852838Z", "modified": "2026-06-02T15:57:34.852838Z", "relationship_type": "indicates", "source_ref": "indicator--3ceedc5a-2cc0-480e-b662-15775d7cb434", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d8000c0b-7875-4240-8067-d18de9d851fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.853831Z", "modified": "2026-06-02T15:57:34.853831Z", "relationship_type": "indicates", "source_ref": "indicator--7278be11-7c59-4bfc-9e32-9245b0b41dd3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e5d0cf24-97ab-48fc-a70a-fec22e6d1223", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.854819Z", "modified": "2026-06-02T15:57:34.854819Z", "relationship_type": "indicates", "source_ref": "indicator--e76419f0-bdd6-4f98-a5f7-b6fec23bc29f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4b7b6fa7-52ab-42a5-9936-94283a20de35", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.855819Z", "modified": "2026-06-02T15:57:34.855819Z", "relationship_type": "indicates", "source_ref": "indicator--18c1ce9d-bd68-418e-bf4e-79217d4ead2c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8c7413f5-3949-47da-a778-cdfad5587c08", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.857774Z", "modified": "2026-06-02T15:57:34.857774Z", "relationship_type": "indicates", "source_ref": "indicator--bfc1d659-9f7d-4dcf-a203-50694edc6cbf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6b53527c-5eef-4ad1-86c5-6427ef88fb35", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.858877Z", "modified": "2026-06-02T15:57:34.858877Z", "relationship_type": "indicates", "source_ref": "indicator--f63e8b8c-e4f6-4632-b116-758787d9e75e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3423519f-c803-4308-8c61-a8889959abf4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.859914Z", "modified": "2026-06-02T15:57:34.859914Z", "relationship_type": "indicates", "source_ref": "indicator--23f0b051-f904-43c8-b757-754a62884caa", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b4c46ad1-bc06-41a6-ab91-19807994883e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.860916Z", "modified": "2026-06-02T15:57:34.860916Z", "relationship_type": "indicates", "source_ref": "indicator--ec14419d-c203-4edc-9a4d-5ce61f541aab", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4e79c49b-7825-4e85-a836-960d4ede8fb8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.861912Z", "modified": "2026-06-02T15:57:34.861912Z", "relationship_type": "indicates", "source_ref": "indicator--13d7c6f0-aa67-491a-94b0-a4d5586eaf99", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--03c03eb0-e570-471f-a5d1-83aa83165834", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.862897Z", "modified": "2026-06-02T15:57:34.862897Z", "relationship_type": "indicates", "source_ref": "indicator--910de9fc-53f3-4b1c-adeb-3244f1fa0dbb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7e356be3-5484-4882-8cbb-650eead427d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.863901Z", "modified": "2026-06-02T15:57:34.863901Z", "relationship_type": "indicates", "source_ref": "indicator--ce77f0eb-ccc7-4cf8-80c2-5fd40634e8e5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e372daa5-53e4-4fe1-8e2e-b7da5b1fcea7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.865028Z", "modified": "2026-06-02T15:57:34.865028Z", "relationship_type": "indicates", "source_ref": "indicator--c31da4ac-44c8-4030-b063-861e576e6828", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--56f8c516-32ff-46c1-874e-81dd5ed4465c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.86603Z", "modified": "2026-06-02T15:57:34.86603Z", "relationship_type": "indicates", "source_ref": "indicator--faf5978e-22a8-4446-ab84-6ececb9a0be9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0dd76cad-56a9-410a-9e0e-ba304b47a203", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.86703Z", "modified": "2026-06-02T15:57:34.86703Z", "relationship_type": "indicates", "source_ref": "indicator--d58b7b58-a9e7-41ea-b84a-0121ad3f8b24", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1317f604-e585-48a6-99c3-442f9167b246", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.868029Z", "modified": "2026-06-02T15:57:34.868029Z", "relationship_type": "indicates", "source_ref": "indicator--9d23b026-f460-4c1f-bf3e-c923623f246e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d618b7b6-aea6-4b55-80b2-86aeb64eef51", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.869017Z", "modified": "2026-06-02T15:57:34.869017Z", "relationship_type": "indicates", "source_ref": "indicator--e09aab98-bf8a-4ff7-a9f6-68ddfd5f2e95", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--df6661cd-e679-4339-823f-9b53cb514266", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.869991Z", "modified": "2026-06-02T15:57:34.869991Z", "relationship_type": "indicates", "source_ref": "indicator--8e5823e1-87c4-4388-a1d7-6690309c9811", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f4294db7-4ee3-43d6-aebc-60839a609aed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.870965Z", "modified": "2026-06-02T15:57:34.870965Z", "relationship_type": "indicates", "source_ref": "indicator--f6f9c52c-b086-4638-b92d-a8ef3f513c1a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f0d20f51-de97-4993-a596-25b374ee654e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.872091Z", "modified": "2026-06-02T15:57:34.872091Z", "relationship_type": "indicates", "source_ref": "indicator--3a86b0ed-ef3a-436a-8989-6eec24fedcb5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--29fe2040-c792-411a-95f4-954c46b7df48", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.873098Z", "modified": "2026-06-02T15:57:34.873098Z", "relationship_type": "indicates", "source_ref": "indicator--bf317105-6993-416d-aba3-48e522f92504", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9132263a-2055-45e0-ae52-12a87459a772", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.874084Z", "modified": "2026-06-02T15:57:34.874084Z", "relationship_type": "indicates", "source_ref": "indicator--992d45ed-0d37-4224-a3b7-4b46e245244d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a9bb6f6a-c747-495f-bad8-c610828778b5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.875083Z", "modified": "2026-06-02T15:57:34.875083Z", "relationship_type": "indicates", "source_ref": "indicator--72153d33-01aa-4d8e-9c82-19f85966dbbc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--485a9ca3-890d-4dca-852e-3c2135c1eccd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.876078Z", "modified": "2026-06-02T15:57:34.876078Z", "relationship_type": "indicates", "source_ref": "indicator--cf22e261-1d30-411f-9bd1-8a137e055a79", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2087a9c5-5b43-431f-b436-c05b7b4d8019", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.877068Z", "modified": "2026-06-02T15:57:34.877068Z", "relationship_type": "indicates", "source_ref": "indicator--4daf7e7b-3bcc-4a79-a6f3-a8eae58bb552", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5e5c8529-c2c1-4bb0-932e-506df1fdaa84", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.878074Z", "modified": "2026-06-02T15:57:34.878074Z", "relationship_type": "indicates", "source_ref": "indicator--0a66f230-ec6c-4869-8400-be88dac07ae9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ea7f0dcb-e855-4769-b0aa-9559ab89282a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.879227Z", "modified": "2026-06-02T15:57:34.879227Z", "relationship_type": "indicates", "source_ref": "indicator--eb95c28c-bb97-44b8-a543-d58e10b9d0ff", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--644b1cad-fccd-4f1c-898c-1f8128c4c9a0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.880228Z", "modified": "2026-06-02T15:57:34.880228Z", "relationship_type": "indicates", "source_ref": "indicator--7fdff431-1a00-4d74-b348-ca116c4790a2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8bcbcad4-8e12-4b06-9f55-1685192cfc0b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.881211Z", "modified": "2026-06-02T15:57:34.881211Z", "relationship_type": "indicates", "source_ref": "indicator--6dc62a16-51b1-41c6-ba68-d44931bdb8e2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3ee058a7-f0fb-4664-894a-8b9b1274f606", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.882203Z", "modified": "2026-06-02T15:57:34.882203Z", "relationship_type": "indicates", "source_ref": "indicator--4d7aa986-4bee-4c4f-a079-d6972cd82725", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c5f975bb-3952-42d8-987e-08ef550f9de7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.883197Z", "modified": "2026-06-02T15:57:34.883197Z", "relationship_type": "indicates", "source_ref": "indicator--a8a4a96a-9600-4609-8e75-d2303621f705", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6dbf313f-8731-49d1-83c2-571b4b1ebd6e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.884193Z", "modified": "2026-06-02T15:57:34.884193Z", "relationship_type": "indicates", "source_ref": "indicator--45b6e8f1-7c41-410c-977f-b497e172d749", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6cf77d2a-c6a0-45ec-98e7-a3985b3d8c0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.88518Z", "modified": "2026-06-02T15:57:34.88518Z", "relationship_type": "indicates", "source_ref": "indicator--9b5d390d-c442-4a5e-bcc2-ea3af2228a77", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e8b83f93-9c76-4d85-827d-6abf0c2fe29f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.886305Z", "modified": "2026-06-02T15:57:34.886305Z", "relationship_type": "indicates", "source_ref": "indicator--5585e26d-73b2-476a-8130-0a5860e40f20", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c9280fe6-6ff9-4f1a-985a-7af9c5df3547", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.88732Z", "modified": "2026-06-02T15:57:34.88732Z", "relationship_type": "indicates", "source_ref": "indicator--fa179902-742e-4267-9177-04b871031439", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--167820d1-2014-46de-8060-41a63e8e27dc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.888324Z", "modified": "2026-06-02T15:57:34.888324Z", "relationship_type": "indicates", "source_ref": "indicator--977135fb-f0f3-42ce-90a0-3600b3b62d29", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--807c9355-2fc1-400b-98b5-eb890531abf8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.889309Z", "modified": "2026-06-02T15:57:34.889309Z", "relationship_type": "indicates", "source_ref": "indicator--5cd945f4-38fb-43c8-b478-8e1e5cff88b8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0ef5f3fa-3ef8-4ae9-8b63-ab709f94bc0a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.890287Z", "modified": "2026-06-02T15:57:34.890287Z", "relationship_type": "indicates", "source_ref": "indicator--363fd7b2-0d39-42c0-abc7-dab28ff1d1d0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cf470ac9-047d-44cc-8bd8-3afb157b140a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.891282Z", "modified": "2026-06-02T15:57:34.891282Z", "relationship_type": "indicates", "source_ref": "indicator--72cd87e5-d81c-4fe8-ba79-231e52da4179", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--70ce288f-ae3e-407f-98e3-697bd731084a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.892263Z", "modified": "2026-06-02T15:57:34.892263Z", "relationship_type": "indicates", "source_ref": "indicator--156258c9-aa56-43c8-b4c9-ee6f83c51856", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4958c7b6-8149-45c2-8b2f-8db7b16030ea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.893391Z", "modified": "2026-06-02T15:57:34.893391Z", "relationship_type": "indicates", "source_ref": "indicator--fdd1723c-4569-4cc0-a9c5-4c5737d48781", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5f217ba1-b9ae-4935-bd70-80bb984626fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.894382Z", "modified": "2026-06-02T15:57:34.894382Z", "relationship_type": "indicates", "source_ref": "indicator--b546a7ef-7aeb-4192-9ae0-e7abf1b37a93", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7bc2af26-99cf-4c63-9748-cbd66b04bc91", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.895372Z", "modified": "2026-06-02T15:57:34.895372Z", "relationship_type": "indicates", "source_ref": "indicator--b260bc25-b41b-4657-8d38-a8ef443cd1fb", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc5924c6-ab4d-4f4d-a224-5a7050ce32b4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.896379Z", "modified": "2026-06-02T15:57:34.896379Z", "relationship_type": "indicates", "source_ref": "indicator--5e5dd9f9-53a7-4af1-b2aa-1c687dd8006c", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fc1f8be5-1f2a-47d7-b2cd-90a229177920", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.897365Z", "modified": "2026-06-02T15:57:34.897365Z", "relationship_type": "indicates", "source_ref": "indicator--5ce3e036-2947-4d02-9526-f18dc0caeb4c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0e16ed92-2020-4d10-b935-d94b5eb463cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.89834Z", "modified": "2026-06-02T15:57:34.89834Z", "relationship_type": "indicates", "source_ref": "indicator--14c13fa9-3844-4a99-b06c-57fb1674d90e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8ad1800d-125b-4383-b955-1a8dde73e85f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.899327Z", "modified": "2026-06-02T15:57:34.899327Z", "relationship_type": "indicates", "source_ref": "indicator--72026279-a6d6-439a-823e-15ef400d2f24", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--48f512d3-91d5-4b6c-b07f-953d48855ef8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.90046Z", "modified": "2026-06-02T15:57:34.90046Z", "relationship_type": "indicates", "source_ref": "indicator--f9b9cccf-7597-46a2-9ebe-a8143c453cf5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9c34bb2e-696d-4a65-87df-9273e8794d95", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.901455Z", "modified": "2026-06-02T15:57:34.901455Z", "relationship_type": "indicates", "source_ref": "indicator--cb945242-bf3f-4ac8-9868-2c9cd003259a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2b0daddc-6b06-4b5d-803e-820cd7af426d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.902438Z", "modified": "2026-06-02T15:57:34.902438Z", "relationship_type": "indicates", "source_ref": "indicator--bd22ba50-f077-4633-82a5-ae3f44926e69", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--313d8b82-d83c-4403-88fb-c14a293e5d99", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.903434Z", "modified": "2026-06-02T15:57:34.903434Z", "relationship_type": "indicates", "source_ref": "indicator--f337650f-7d3e-4130-8618-6dc30edfb17f", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6e1b180b-84a2-428b-bef2-176d76bb08cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.904412Z", "modified": "2026-06-02T15:57:34.904412Z", "relationship_type": "indicates", "source_ref": "indicator--95910da3-be93-4618-a94c-28b2ec4253a1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--41f1c44b-f29d-446d-bc91-d20838ca41ea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.905383Z", "modified": "2026-06-02T15:57:34.905383Z", "relationship_type": "indicates", "source_ref": "indicator--2f51c920-ee2b-4cfc-a0cc-edeb8fc5db0d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7946db31-9228-4c1c-964e-4e2d15411ea1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.906366Z", "modified": "2026-06-02T15:57:34.906366Z", "relationship_type": "indicates", "source_ref": "indicator--e6a34517-405a-4a6e-8e29-16e65efbf7a7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e7ca0281-5b97-46b6-99a5-9c9c9c769865", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.907542Z", "modified": "2026-06-02T15:57:34.907542Z", "relationship_type": "indicates", "source_ref": "indicator--9fb80214-c871-4dbe-9909-10182c4aaa03", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e6015bcb-c82c-403d-ae42-d56c1af4e83f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.908575Z", "modified": "2026-06-02T15:57:34.908575Z", "relationship_type": "indicates", "source_ref": "indicator--f2f7ea7d-0664-4545-b437-91d53b65c71b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--77de43d9-156f-48e2-ae4e-5b14c3e19841", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.909601Z", "modified": "2026-06-02T15:57:34.909601Z", "relationship_type": "indicates", "source_ref": "indicator--31b8a910-8552-4add-b43a-2a7ea83ede28", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3eb1360d-206e-4ca2-95e7-4f6be335116f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.91059Z", "modified": "2026-06-02T15:57:34.91059Z", "relationship_type": "indicates", "source_ref": "indicator--0fef10d6-c945-4ddc-b8d8-8bb75221923f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d4400ae1-1af2-47d7-b95c-d34029484f64", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.911593Z", "modified": "2026-06-02T15:57:34.911593Z", "relationship_type": "indicates", "source_ref": "indicator--d03ba1c7-ee04-4465-af90-a28055a27bbe", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1a2f8da7-ab0b-4b87-8446-067f4e9534f5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.912589Z", "modified": "2026-06-02T15:57:34.912589Z", "relationship_type": "indicates", "source_ref": "indicator--eec150b6-2db2-4000-bba9-0e759f15f0d3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7644f299-d543-4384-bacc-5f892cc2b2cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.913621Z", "modified": "2026-06-02T15:57:34.913621Z", "relationship_type": "indicates", "source_ref": "indicator--34cbbccf-81d8-4b9f-8a96-67a76b8a194c", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6204f8f7-eb4d-425b-8ee1-1f660727de5c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.914752Z", "modified": "2026-06-02T15:57:34.914752Z", "relationship_type": "indicates", "source_ref": "indicator--68956b00-198d-4a53-8b7e-8837d971538f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--19a5fb2c-5e16-4369-8f64-1f9a5d8990ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.915772Z", "modified": "2026-06-02T15:57:34.915772Z", "relationship_type": "indicates", "source_ref": "indicator--a642e8cd-4574-4c03-a5ab-d2c249943433", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a9618225-da9f-440c-b29f-b8607cae2fa6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.916761Z", "modified": "2026-06-02T15:57:34.916761Z", "relationship_type": "indicates", "source_ref": "indicator--15904379-4aae-4296-8fea-4968b80c7bb0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1219d83a-7576-43a5-8e48-6bd68add7652", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.91778Z", "modified": "2026-06-02T15:57:34.91778Z", "relationship_type": "indicates", "source_ref": "indicator--1beba500-9d6e-4b4a-af6d-f889cda89587", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4a9c0a5b-44a5-4b79-8deb-49f7e8509056", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.918792Z", "modified": "2026-06-02T15:57:34.918792Z", "relationship_type": "indicates", "source_ref": "indicator--dafb65dd-58f6-4362-85c8-0c12719cd37a", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c356c6ac-d981-424b-9929-a98b5a464ce3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.919805Z", "modified": "2026-06-02T15:57:34.919805Z", "relationship_type": "indicates", "source_ref": "indicator--00869646-a915-46f2-adc0-ee10cd2a328d", "target_ref": "malware--8844a8fc-39a8-47b6-a7e7-a547bb298c48"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6f0c5914-0e0e-4b80-b985-7775c3884259", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.920795Z", "modified": "2026-06-02T15:57:34.920795Z", "relationship_type": "indicates", "source_ref": "indicator--82ee4818-b2c4-4400-911c-9b861b23b0ee", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--85d12273-c4fe-4d1e-904d-000c9a89d770", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.921921Z", "modified": "2026-06-02T15:57:34.921921Z", "relationship_type": "indicates", "source_ref": "indicator--f5a47755-a321-4e2f-b27d-ce7d76571bf0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--806cfad4-237d-49cb-bf54-cda194172181", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.922914Z", "modified": "2026-06-02T15:57:34.922914Z", "relationship_type": "indicates", "source_ref": "indicator--cf7e2a18-ae24-48f9-8b11-d13badd38bab", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a60bf7ef-811c-4768-9b08-35ddcf334261", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.92392Z", "modified": "2026-06-02T15:57:34.92392Z", "relationship_type": "indicates", "source_ref": "indicator--4f8d5c60-6d90-4d3a-97ec-0dfbfc897339", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1f434c87-852a-41ae-9ead-f6bdad39edae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.924902Z", "modified": "2026-06-02T15:57:34.924902Z", "relationship_type": "indicates", "source_ref": "indicator--45b27ef7-c2a2-4496-8512-5b4f6370de12", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0248a624-5023-40ec-a02b-ac2af03459fe", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.925891Z", "modified": "2026-06-02T15:57:34.925891Z", "relationship_type": "indicates", "source_ref": "indicator--6f24012d-28a4-4618-a878-38918b61794d", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--16bacdd3-c7f5-4a8a-b0f6-e87b5505a729", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.926883Z", "modified": "2026-06-02T15:57:34.926883Z", "relationship_type": "indicates", "source_ref": "indicator--1f31c387-c4cc-41cd-8e1f-19f921e2cf8c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3fa94e37-e30b-4eed-b5e7-439566ca7b9d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.927885Z", "modified": "2026-06-02T15:57:34.927885Z", "relationship_type": "indicates", "source_ref": "indicator--dee75eea-0218-4813-be2e-15476969e300", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f1debb12-27ef-4a17-90d5-36e2599f5e13", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.929004Z", "modified": "2026-06-02T15:57:34.929004Z", "relationship_type": "indicates", "source_ref": "indicator--11a7665a-ae24-47cc-a917-9be8b2ed31e5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e7e9d9f1-2968-4c3a-8620-bc639e9de91f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.929997Z", "modified": "2026-06-02T15:57:34.929997Z", "relationship_type": "indicates", "source_ref": "indicator--5219dd9e-97b6-46e0-b557-fa48746ba559", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--160a5694-6ff3-4588-b75a-e493aa8e33f9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.930979Z", "modified": "2026-06-02T15:57:34.930979Z", "relationship_type": "indicates", "source_ref": "indicator--7e4d3ed4-51ce-4d18-8ac9-9a612a6143b6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1d37e332-810b-4ef3-bf30-68372267bf2b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.932083Z", "modified": "2026-06-02T15:57:34.932083Z", "relationship_type": "indicates", "source_ref": "indicator--c1255fc4-9c26-4e21-8e71-47eb259653bb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3aaddf3e-eaeb-48a8-be21-806dc78d4247", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.933091Z", "modified": "2026-06-02T15:57:34.933091Z", "relationship_type": "indicates", "source_ref": "indicator--ef568e29-b329-45ad-b624-dbced8daede3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--13081fed-773c-4c45-b403-fa68ba7f06a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.934088Z", "modified": "2026-06-02T15:57:34.934088Z", "relationship_type": "indicates", "source_ref": "indicator--81634cd4-fdfa-4e7a-a3c0-7119998bcf1d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9e2b7bd2-4b5f-42ce-80fb-a5d5006bed6c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.935063Z", "modified": "2026-06-02T15:57:34.935063Z", "relationship_type": "indicates", "source_ref": "indicator--da8dd170-b78e-4b23-9e0e-4435d4fd7bd9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7441df73-bc1c-43a1-8140-0df6367cedb8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.936212Z", "modified": "2026-06-02T15:57:34.936212Z", "relationship_type": "indicates", "source_ref": "indicator--1bb839ee-4583-48e9-abf0-109327109b25", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--78f82bbe-1aa0-4a5a-b23c-511feec742eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.937207Z", "modified": "2026-06-02T15:57:34.937207Z", "relationship_type": "indicates", "source_ref": "indicator--58048c28-423f-409a-a790-51b3e0acd494", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d5bfa779-7630-4084-9d0f-e816c6b7d209", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.938185Z", "modified": "2026-06-02T15:57:34.938185Z", "relationship_type": "indicates", "source_ref": "indicator--9932a6dc-577d-4490-8751-0c864861b24b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9c11c2cd-3149-48bc-bbb9-9cee1f1f1cc0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.939175Z", "modified": "2026-06-02T15:57:34.939175Z", "relationship_type": "indicates", "source_ref": "indicator--5c24580c-2592-4c2b-9117-f250f52441c3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8a674f41-cdeb-4aaa-b382-fd3412e0c166", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.94018Z", "modified": "2026-06-02T15:57:34.94018Z", "relationship_type": "indicates", "source_ref": "indicator--e5540244-e90d-43a6-9325-36fd36a051cc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--58c13e6d-d131-4359-b0a1-c83e285977ba", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.941171Z", "modified": "2026-06-02T15:57:34.941171Z", "relationship_type": "indicates", "source_ref": "indicator--36c24c8b-a71f-46f2-9a55-112519b98279", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--437f33d6-3892-4764-9340-c71957800396", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.94218Z", "modified": "2026-06-02T15:57:34.94218Z", "relationship_type": "indicates", "source_ref": "indicator--735dd066-deae-4170-97ce-65717d036cbf", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4840ab2a-a941-4e4c-a90e-9dd22368cafb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.944136Z", "modified": "2026-06-02T15:57:34.944136Z", "relationship_type": "indicates", "source_ref": "indicator--8ba3854a-16a8-40c8-a2e4-b403be9e891f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5eed0a56-adbc-47f7-a102-176135c14aa3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.94524Z", "modified": "2026-06-02T15:57:34.94524Z", "relationship_type": "indicates", "source_ref": "indicator--33efb430-a8ba-4975-8180-8f9f3265e902", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2ddfe8d1-6fbc-4295-9f75-3b14bcdc0349", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.946246Z", "modified": "2026-06-02T15:57:34.946246Z", "relationship_type": "indicates", "source_ref": "indicator--d48bb4a4-6849-4061-88bd-82e34f88ee26", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--91b41453-94f6-4701-998d-8ddf302a417c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.947261Z", "modified": "2026-06-02T15:57:34.947261Z", "relationship_type": "indicates", "source_ref": "indicator--27ce90b7-5afa-4259-82be-65ea7b54d763", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cbbcac8c-bbf7-4f1f-8a7b-16468270b0ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.948263Z", "modified": "2026-06-02T15:57:34.948263Z", "relationship_type": "indicates", "source_ref": "indicator--7da5a9ff-1f21-49dc-879f-b51966e750b8", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2ea657bc-35ea-4522-9ed7-8e636ea5da3c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.949241Z", "modified": "2026-06-02T15:57:34.949241Z", "relationship_type": "indicates", "source_ref": "indicator--a1b7fb59-77a6-481c-a7fd-63c0db4fa18d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--215d8109-d625-46ee-9b53-7425e83540a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.950219Z", "modified": "2026-06-02T15:57:34.950219Z", "relationship_type": "indicates", "source_ref": "indicator--8394f5d5-505d-4382-af22-68d46909ee7b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc8a3727-7fd7-4a7e-9dd5-c1d0030c03bf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.95137Z", "modified": "2026-06-02T15:57:34.95137Z", "relationship_type": "indicates", "source_ref": "indicator--52aa75ef-6c64-4600-8705-72331dd59d0b", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--71563947-e7d4-42a6-8f17-bf29db7f46b8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.952376Z", "modified": "2026-06-02T15:57:34.952376Z", "relationship_type": "indicates", "source_ref": "indicator--8f48ba74-8612-429f-96ba-e1e0dd34ca60", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--589311cf-d756-4ab7-b4e1-34e6053176f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.953379Z", "modified": "2026-06-02T15:57:34.953379Z", "relationship_type": "indicates", "source_ref": "indicator--0beb9ca3-146a-4493-b965-4c12ed1dff37", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7a4ce4aa-6bd4-461d-b9a7-42afb450d774", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.954387Z", "modified": "2026-06-02T15:57:34.954387Z", "relationship_type": "indicates", "source_ref": "indicator--6b63051a-a50b-4852-b1ee-6521292e9e7a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e9f3f8a3-02e6-41c6-9ef0-f41e9def4a25", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.955411Z", "modified": "2026-06-02T15:57:34.955411Z", "relationship_type": "indicates", "source_ref": "indicator--aec8a095-ff13-4a55-b64d-5729901d3d0a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4d515a35-fc47-448a-8bad-5390db0ca577", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.956405Z", "modified": "2026-06-02T15:57:34.956405Z", "relationship_type": "indicates", "source_ref": "indicator--e97a5cfa-8cbf-46d0-82df-7804fc1b1e9b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--72f3259a-da44-4423-a84a-cbbb8e695a25", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.957393Z", "modified": "2026-06-02T15:57:34.957393Z", "relationship_type": "indicates", "source_ref": "indicator--01ff7a2b-105f-4e84-9e8b-2367a81932a5", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a7a10330-cb4d-47d2-aee7-5d5b03898776", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.958536Z", "modified": "2026-06-02T15:57:34.958536Z", "relationship_type": "indicates", "source_ref": "indicator--1ecc51e9-b647-4cf3-aadf-6510b2dcbd1b", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--35f0b133-13bf-4f5d-acea-e4efa0c5619e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.959568Z", "modified": "2026-06-02T15:57:34.959568Z", "relationship_type": "indicates", "source_ref": "indicator--0a2d9443-5d89-48ff-822a-dd02c8886bca", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3547ac94-fcd4-4bae-b6c8-4d1ba2baaab2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.960557Z", "modified": "2026-06-02T15:57:34.960557Z", "relationship_type": "indicates", "source_ref": "indicator--e7b13dde-3baa-4b2b-90c8-dbff283ff222", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6d8ba8b6-db66-4d7e-a052-21aea0d576fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.961545Z", "modified": "2026-06-02T15:57:34.961545Z", "relationship_type": "indicates", "source_ref": "indicator--2b9106fd-2c0c-4d15-8dee-99b47cbe3396", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bd10beed-fa52-4294-9cd8-324c39b13356", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.962527Z", "modified": "2026-06-02T15:57:34.962527Z", "relationship_type": "indicates", "source_ref": "indicator--37a5df00-91ee-497a-9256-ef71a863cc2d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cd9fe24d-1458-4691-98a2-8ed0bd17e91a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.963548Z", "modified": "2026-06-02T15:57:34.963548Z", "relationship_type": "indicates", "source_ref": "indicator--99c3148b-1d81-4113-9902-258f627b5bd4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a9df8884-eee2-41d4-8e5c-e64f65e6fb8d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.964559Z", "modified": "2026-06-02T15:57:34.964559Z", "relationship_type": "indicates", "source_ref": "indicator--1784f784-eee2-43a1-9420-db593b099f5c", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4c9ee333-dc24-45b2-b178-fe0e15216bfa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.965697Z", "modified": "2026-06-02T15:57:34.965697Z", "relationship_type": "indicates", "source_ref": "indicator--c7240809-fa7e-463a-ba30-099dab0b756f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e684260c-43bb-4a4b-85c8-7be30fbaa33e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.966691Z", "modified": "2026-06-02T15:57:34.966691Z", "relationship_type": "indicates", "source_ref": "indicator--1bd7d452-a023-464a-b521-db2f3c3096b5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--089e6688-0fea-4194-84ed-7ce261680299", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.967696Z", "modified": "2026-06-02T15:57:34.967696Z", "relationship_type": "indicates", "source_ref": "indicator--d5aa7848-c079-4a81-9acc-047988fddf12", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aca7d572-9641-4eba-a4a7-0f8db7ded61b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.968694Z", "modified": "2026-06-02T15:57:34.968694Z", "relationship_type": "indicates", "source_ref": "indicator--9d1c970d-d1fe-4755-916a-b4ba0fcc741b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e9a9f631-1446-4185-a60a-caac2c8e6d59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.969685Z", "modified": "2026-06-02T15:57:34.969685Z", "relationship_type": "indicates", "source_ref": "indicator--a0ee20a4-4914-4d3e-ac65-8586c266bbde", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3d4eeec9-6112-44ab-b05d-e608ad9b9350", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.970662Z", "modified": "2026-06-02T15:57:34.970662Z", "relationship_type": "indicates", "source_ref": "indicator--817f8f33-c75c-4731-b586-c921c497e856", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--451852a3-618a-40db-909c-e8f416fcdd30", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.971657Z", "modified": "2026-06-02T15:57:34.971657Z", "relationship_type": "indicates", "source_ref": "indicator--e2af8b97-d34a-435b-aed0-67772a943b8a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e102594d-248b-4230-8402-d0ff0979e33c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.972801Z", "modified": "2026-06-02T15:57:34.972801Z", "relationship_type": "indicates", "source_ref": "indicator--ab744487-51fb-4fd9-a187-adce57664910", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--df2a7364-c093-4e2a-a585-53e52fcc9257", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.973808Z", "modified": "2026-06-02T15:57:34.973808Z", "relationship_type": "indicates", "source_ref": "indicator--62dea49b-4e0c-4ee5-ae87-4c660c32845b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8d71bcc5-772d-4693-bee3-2c678134e63f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.974802Z", "modified": "2026-06-02T15:57:34.974802Z", "relationship_type": "indicates", "source_ref": "indicator--6888a1ef-cd04-4f59-9198-a43a4fc79a30", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--18551989-3449-4a8a-beac-73c7ca3521a3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.975807Z", "modified": "2026-06-02T15:57:34.975807Z", "relationship_type": "indicates", "source_ref": "indicator--0a4882d8-24b8-43ba-8512-bc087757b109", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aebc1389-c063-48df-9d24-5568d95c118d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.976786Z", "modified": "2026-06-02T15:57:34.976786Z", "relationship_type": "indicates", "source_ref": "indicator--aa09a752-2a2e-45ba-a940-1a4034020905", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--edaaf089-b377-4b74-b7a0-965790d88a76", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.977774Z", "modified": "2026-06-02T15:57:34.977774Z", "relationship_type": "indicates", "source_ref": "indicator--df313b5c-9f83-4a54-b721-d7acafd255a2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--89f6b304-2fcb-4a9a-9e9e-0e186e2f14c2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.978765Z", "modified": "2026-06-02T15:57:34.978765Z", "relationship_type": "indicates", "source_ref": "indicator--bb04accb-d0d7-4529-b395-e4830a0aa4c6", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--70736df1-7dfc-4ea6-93cb-454fd10291ef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.979914Z", "modified": "2026-06-02T15:57:34.979914Z", "relationship_type": "indicates", "source_ref": "indicator--573efbf3-60f7-4132-bfc7-1e1ff341dcc0", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a661e596-66e4-4ed1-a8a4-650e09e0169a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.980948Z", "modified": "2026-06-02T15:57:34.980948Z", "relationship_type": "indicates", "source_ref": "indicator--16fca6ff-57ea-4dcd-b0b4-8ac7fc18434f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4959d99b-34b9-4cd7-9bcc-29544bf7ab40", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.981951Z", "modified": "2026-06-02T15:57:34.981951Z", "relationship_type": "indicates", "source_ref": "indicator--69ac9a35-2e4a-4fcc-9cf7-e24b3e546120", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--da2f15ab-5c3f-49d4-a133-c404799f8ed0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.98295Z", "modified": "2026-06-02T15:57:34.98295Z", "relationship_type": "indicates", "source_ref": "indicator--7121045d-2b90-4dfa-b0cb-ac3356d376c6", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--95c087b5-bf41-4df3-9b75-ea363e4daa31", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.984009Z", "modified": "2026-06-02T15:57:34.984009Z", "relationship_type": "indicates", "source_ref": "indicator--690aafd1-831c-4ea7-91fd-b614a302d33f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--53e22414-52c4-488a-ab81-7da6a5508706", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.985023Z", "modified": "2026-06-02T15:57:34.985023Z", "relationship_type": "indicates", "source_ref": "indicator--f02851b4-de45-4cf4-b585-aacf87455221", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--88a2bb2b-3146-491a-9f0a-4729dd38c380", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.986037Z", "modified": "2026-06-02T15:57:34.986037Z", "relationship_type": "indicates", "source_ref": "indicator--dc130d74-f359-4eed-be6b-92359bf645bb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2dd6ae89-f957-4866-839e-63f132dec55c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.987208Z", "modified": "2026-06-02T15:57:34.987208Z", "relationship_type": "indicates", "source_ref": "indicator--57fcb244-38a4-4805-b56f-fcd81efa5865", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--34e9cc71-f6c2-40d8-8064-5d835eae3fb4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.988221Z", "modified": "2026-06-02T15:57:34.988221Z", "relationship_type": "indicates", "source_ref": "indicator--30157229-4726-414f-b5da-2998bde30768", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c30c88f8-af52-4b7d-a6ac-0c5a6553d855", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.989214Z", "modified": "2026-06-02T15:57:34.989214Z", "relationship_type": "indicates", "source_ref": "indicator--6163e9ba-bbe0-43ca-b0e2-d4c0834fc215", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--03f0f047-6649-490c-9610-3593bc630e9f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.990218Z", "modified": "2026-06-02T15:57:34.990218Z", "relationship_type": "indicates", "source_ref": "indicator--8b43a78d-f1b1-4474-9f14-343e502d7a93", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--60642f01-90df-424c-84c7-546a55add58d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.991208Z", "modified": "2026-06-02T15:57:34.991208Z", "relationship_type": "indicates", "source_ref": "indicator--910b73c8-ce8f-4d4a-9b91-dee31730e094", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6caa86e6-ad6c-4d14-a18f-2fddc461ed65", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.992198Z", "modified": "2026-06-02T15:57:34.992198Z", "relationship_type": "indicates", "source_ref": "indicator--63bb7657-00ca-4880-8e48-87f012ed6657", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3fb4ba1b-e0d1-476d-8f6e-9d560628fdb8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.993195Z", "modified": "2026-06-02T15:57:34.993195Z", "relationship_type": "indicates", "source_ref": "indicator--b54939cd-749f-470c-996c-250ef856a11b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--437c0117-749f-413a-9995-e6974546007c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.994326Z", "modified": "2026-06-02T15:57:34.994326Z", "relationship_type": "indicates", "source_ref": "indicator--364d0347-3f08-4c4b-9374-345abd897b24", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fb8cecb4-8b6c-443b-af7b-86bc4f2f7208", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.995347Z", "modified": "2026-06-02T15:57:34.995347Z", "relationship_type": "indicates", "source_ref": "indicator--9ed8e8c9-f1bd-478a-9ebc-359081c3e38c", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fa7f9ba4-7773-4d24-a212-78d6f4aad155", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.996346Z", "modified": "2026-06-02T15:57:34.996346Z", "relationship_type": "indicates", "source_ref": "indicator--66669671-76e5-428f-8307-d6ff59c1532c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef352155-9613-4397-99fb-ce488436fa78", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.997329Z", "modified": "2026-06-02T15:57:34.997329Z", "relationship_type": "indicates", "source_ref": "indicator--8b83f965-d140-4001-b175-5f063ec72e80", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d8b817d0-a77b-49c8-87a1-07adb2bf5a61", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.998306Z", "modified": "2026-06-02T15:57:34.998306Z", "relationship_type": "indicates", "source_ref": "indicator--78bbc384-2d06-426c-8a78-88e97a143287", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3e6488c5-a4cc-4921-b02a-51e8db4225c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:34.999302Z", "modified": "2026-06-02T15:57:34.999302Z", "relationship_type": "indicates", "source_ref": "indicator--43a07f2f-5834-4a31-b8a3-9327a568a835", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b435245a-e8c1-4c98-abaa-f6311ea616e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.000316Z", "modified": "2026-06-02T15:57:35.000316Z", "relationship_type": "indicates", "source_ref": "indicator--e3d3262f-8e1e-4476-bbf9-a74cf6e7fbb3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1cbcf93a-5668-4cca-aa84-4dbb6386b083", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.001813Z", "modified": "2026-06-02T15:57:35.001813Z", "relationship_type": "indicates", "source_ref": "indicator--1e6b5ea3-21bd-48ba-b548-9843d23ca914", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8a8a2af8-c32b-4431-bb74-7a4a7ec3a5ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.003984Z", "modified": "2026-06-02T15:57:35.003984Z", "relationship_type": "indicates", "source_ref": "indicator--96ac7f38-c7c1-467d-9ada-07ff02cfe78b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bd0681a1-eee2-4557-b65e-6c3e8e3de814", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.006364Z", "modified": "2026-06-02T15:57:35.006364Z", "relationship_type": "indicates", "source_ref": "indicator--d82cb709-68b5-4c54-af9c-8f366796476b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--058a9bd3-ed17-4297-8bd8-1175cd385805", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.008008Z", "modified": "2026-06-02T15:57:35.008008Z", "relationship_type": "indicates", "source_ref": "indicator--9c688098-cdea-4863-be53-b5e0827d0a04", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ea9315ec-2f62-4957-b052-0f82f368589a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.009286Z", "modified": "2026-06-02T15:57:35.009286Z", "relationship_type": "indicates", "source_ref": "indicator--576c6db2-1a81-415c-9c5c-50c5b601e490", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cac34993-717b-4164-b401-1d9e91dff123", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.010409Z", "modified": "2026-06-02T15:57:35.010409Z", "relationship_type": "indicates", "source_ref": "indicator--f5499380-c669-49e8-b09d-91e4ed985555", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ac36a647-0fdd-4014-a88b-7022888d60c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.011573Z", "modified": "2026-06-02T15:57:35.011573Z", "relationship_type": "indicates", "source_ref": "indicator--605ecf77-07ed-4114-ae60-9d8fcecfdfba", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--68831598-e15d-4900-88fd-da974e00886e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.012893Z", "modified": "2026-06-02T15:57:35.012893Z", "relationship_type": "indicates", "source_ref": "indicator--ceb1f847-01c3-412e-b0f3-1a22086a646d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2215755d-522f-4618-af4d-ad803a8a318a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.014078Z", "modified": "2026-06-02T15:57:35.014078Z", "relationship_type": "indicates", "source_ref": "indicator--6e2f6859-648c-462f-868f-8c6f1e7c47e5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--25048a97-af6e-4f22-89b2-3b062d2b819e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.015308Z", "modified": "2026-06-02T15:57:35.015308Z", "relationship_type": "indicates", "source_ref": "indicator--8d7923a3-102b-42db-82dd-4634feb716a9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c3e37ad0-a03d-481c-a6e6-efccbb3f1525", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.016403Z", "modified": "2026-06-02T15:57:35.016403Z", "relationship_type": "indicates", "source_ref": "indicator--1e335de2-849a-4ba1-b612-cda2c17cfb76", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c97d8786-d735-40ad-8d24-584209e62032", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.017419Z", "modified": "2026-06-02T15:57:35.017419Z", "relationship_type": "indicates", "source_ref": "indicator--a395a8cd-5d14-4c3d-b9e8-08af4ae0bac1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a6b7ade4-5f58-4260-a61c-d5ea068c967c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.018443Z", "modified": "2026-06-02T15:57:35.018443Z", "relationship_type": "indicates", "source_ref": "indicator--2d0ca266-2127-47c3-bb3e-7949f8116c7c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--81e96356-b706-43e9-82b0-6b30a4bf97c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.019471Z", "modified": "2026-06-02T15:57:35.019471Z", "relationship_type": "indicates", "source_ref": "indicator--8039e6a3-fc5a-4894-b25a-3dffb63d8024", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c8ca8053-19a5-40ca-a456-56efefd6a4c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.020657Z", "modified": "2026-06-02T15:57:35.020657Z", "relationship_type": "indicates", "source_ref": "indicator--c5eab9f5-36f2-423a-ba3c-90812a6c4e67", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--168ebe74-45c8-4db4-86ae-b7f2b922270f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.02166Z", "modified": "2026-06-02T15:57:35.02166Z", "relationship_type": "indicates", "source_ref": "indicator--773e2f3b-0bae-4b4d-bf73-f225a265856f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--aa238c16-2ffd-4a41-8d06-6296d3fc6434", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.022641Z", "modified": "2026-06-02T15:57:35.022641Z", "relationship_type": "indicates", "source_ref": "indicator--7de9df6c-cf60-4afc-9717-22d425ebb8fc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3407cad2-6a66-4a2e-a935-c276e7f82c1c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.023635Z", "modified": "2026-06-02T15:57:35.023635Z", "relationship_type": "indicates", "source_ref": "indicator--ced2eb99-2db0-4246-95df-2ba9c0050870", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5f7e9a71-c000-40b0-9026-fe721d74bd0e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.024625Z", "modified": "2026-06-02T15:57:35.024625Z", "relationship_type": "indicates", "source_ref": "indicator--463baab1-2621-4c7a-895f-1c737fccc4f2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--472098ae-014e-4bb4-8c66-71ee9129fd6d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.025618Z", "modified": "2026-06-02T15:57:35.025618Z", "relationship_type": "indicates", "source_ref": "indicator--09645be8-7bf5-4ff4-8998-47b59f2d5f96", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0ae6c709-bec1-44e0-bd0f-5bbaa4293433", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.026595Z", "modified": "2026-06-02T15:57:35.026595Z", "relationship_type": "indicates", "source_ref": "indicator--6a211097-07ee-4d1e-866e-81039cfc12aa", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--502d6146-b484-44f8-9117-4d15cb6dfb14", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.027728Z", "modified": "2026-06-02T15:57:35.027728Z", "relationship_type": "indicates", "source_ref": "indicator--f6b8caba-f917-4d55-82df-51ad42cc20e2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7561ce9c-d298-41df-9028-6f3570269459", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.028731Z", "modified": "2026-06-02T15:57:35.028731Z", "relationship_type": "indicates", "source_ref": "indicator--af4e20c3-30f8-49d7-9fb2-efdf4db2ba00", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7d438990-5c49-46c6-bb66-a0f2122444e5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.029776Z", "modified": "2026-06-02T15:57:35.029776Z", "relationship_type": "indicates", "source_ref": "indicator--1f9f7b36-d5be-401c-b63e-9470d5d0af78", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5dfea9db-57b6-4a8c-978d-5e820656453c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.030758Z", "modified": "2026-06-02T15:57:35.030758Z", "relationship_type": "indicates", "source_ref": "indicator--37f2125e-1110-4f19-afc9-b35eec44b057", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--10925815-de81-4970-bc8c-5648e92227c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.03177Z", "modified": "2026-06-02T15:57:35.03177Z", "relationship_type": "indicates", "source_ref": "indicator--6a854c92-3a2a-4436-ab0e-3b9c86cb8ac6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--346007cd-ff26-48e7-912d-53ec401de0c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.032754Z", "modified": "2026-06-02T15:57:35.032754Z", "relationship_type": "indicates", "source_ref": "indicator--6ba4e57d-ee14-49f5-b2c7-256d7fd73d0c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8194eb6b-5de6-4873-8087-03fcc93c3118", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.033731Z", "modified": "2026-06-02T15:57:35.033731Z", "relationship_type": "indicates", "source_ref": "indicator--2224a201-2c07-40f4-98c2-39241b0fc1f1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f009e571-070a-4a10-90b5-34b104687802", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.03567Z", "modified": "2026-06-02T15:57:35.03567Z", "relationship_type": "indicates", "source_ref": "indicator--0e9d9df2-1f16-43dd-9913-50a397af8d2d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ce936209-975d-40dc-b7c4-80c2cafa3544", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.036768Z", "modified": "2026-06-02T15:57:35.036768Z", "relationship_type": "indicates", "source_ref": "indicator--537c9bf9-3b38-4493-953d-268a26b9f7a8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--47e529f2-4cf0-4e09-bd8e-bca2e1cecf51", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.037778Z", "modified": "2026-06-02T15:57:35.037778Z", "relationship_type": "indicates", "source_ref": "indicator--6447a0c2-0837-480f-91e2-868b53f023c3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--962c72d6-7553-4de7-9831-b700f7de5c9c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.038778Z", "modified": "2026-06-02T15:57:35.038778Z", "relationship_type": "indicates", "source_ref": "indicator--016d6650-94dd-4993-99f0-3e07b6c7747b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dee96f6e-918d-4863-950b-f3f29c28c557", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.039785Z", "modified": "2026-06-02T15:57:35.039785Z", "relationship_type": "indicates", "source_ref": "indicator--5f0bbaaf-c796-402e-a90c-3a2b571f82b7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--682f2d20-038f-49ac-896b-733a6a3039e6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.040768Z", "modified": "2026-06-02T15:57:35.040768Z", "relationship_type": "indicates", "source_ref": "indicator--110f46ae-b792-4895-8007-e28adb8bd52d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8ffe2443-2b03-4781-8dfd-e940a4704203", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.041751Z", "modified": "2026-06-02T15:57:35.041751Z", "relationship_type": "indicates", "source_ref": "indicator--d36e14dc-afdf-4f55-9833-8d8505c1a8fb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cfaa91c6-8c58-4498-8938-c281098f3e73", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.042876Z", "modified": "2026-06-02T15:57:35.042876Z", "relationship_type": "indicates", "source_ref": "indicator--526ab91a-b256-4caa-946a-3df36098a22f", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--542bcb23-8dbe-4b92-83b0-f0f27cff2f7d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.043899Z", "modified": "2026-06-02T15:57:35.043899Z", "relationship_type": "indicates", "source_ref": "indicator--5c799829-12af-47bf-8d98-053501250f22", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--db795e1d-7897-4476-9daa-cffce845031c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.0449Z", "modified": "2026-06-02T15:57:35.0449Z", "relationship_type": "indicates", "source_ref": "indicator--65bbce73-0afa-4dab-993b-49d8a5842801", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9f728787-4892-4818-b432-c0ff27816758", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.045882Z", "modified": "2026-06-02T15:57:35.045882Z", "relationship_type": "indicates", "source_ref": "indicator--13d44d90-e4bf-4678-b3f4-549439be778a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0ce71d90-15b5-4319-884f-ce946627f823", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.046884Z", "modified": "2026-06-02T15:57:35.046884Z", "relationship_type": "indicates", "source_ref": "indicator--4fc13c81-1dbd-42f6-b981-53754913508e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c0416bdf-3aeb-482f-b5c8-d6b9181e798c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.047903Z", "modified": "2026-06-02T15:57:35.047903Z", "relationship_type": "indicates", "source_ref": "indicator--38a95f35-83ce-40b1-9275-8e7201ea2b21", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2efeb335-8ec1-43bb-8934-a6a66c43212b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.048881Z", "modified": "2026-06-02T15:57:35.048881Z", "relationship_type": "indicates", "source_ref": "indicator--d98bf4d2-44ed-4b09-a2f2-825d92619f1a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6c542c0f-2375-4a46-a535-362ee82e7082", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.049996Z", "modified": "2026-06-02T15:57:35.049996Z", "relationship_type": "indicates", "source_ref": "indicator--6191d30d-6427-4bbb-a33a-3841455a5b18", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c1e76371-4945-41b9-b19f-fee386cb893a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.051006Z", "modified": "2026-06-02T15:57:35.051006Z", "relationship_type": "indicates", "source_ref": "indicator--66db73ec-be2b-4c6c-8f8d-4f9f0ce19555", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--07bdd76c-a0b7-4f2d-98a3-4d7e1eb69291", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.052018Z", "modified": "2026-06-02T15:57:35.052018Z", "relationship_type": "indicates", "source_ref": "indicator--f09370ff-9633-441c-a61a-c87c4bad2cfe", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b42d57aa-3ecd-48d8-8357-3c87c1ef12ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.053014Z", "modified": "2026-06-02T15:57:35.053014Z", "relationship_type": "indicates", "source_ref": "indicator--a2072dca-181c-4452-996b-6ddfb2f13901", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c9dd5370-2e0d-451f-a40e-948a2d5bdf15", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.054004Z", "modified": "2026-06-02T15:57:35.054004Z", "relationship_type": "indicates", "source_ref": "indicator--50e98b2a-99ea-4a19-8d20-aa0f0b6652df", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--211d0a0d-9133-435c-98af-c895d6b154f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.05499Z", "modified": "2026-06-02T15:57:35.05499Z", "relationship_type": "indicates", "source_ref": "indicator--0f229c35-5be1-4f71-ab1b-27ff4de69d0a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0a3aa2a4-a832-42ed-8fdd-3311a0ad35eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.056002Z", "modified": "2026-06-02T15:57:35.056002Z", "relationship_type": "indicates", "source_ref": "indicator--a577acdd-8a6b-4757-ac29-4b52fc371163", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dc1429a1-2c7d-4d2e-9b2c-76b393e0890e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.057172Z", "modified": "2026-06-02T15:57:35.057172Z", "relationship_type": "indicates", "source_ref": "indicator--34e0b8f7-3d62-426e-a53f-d29ee5b88d1d", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--774bc5da-c455-4abc-b093-6621d8776fc7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.058177Z", "modified": "2026-06-02T15:57:35.058177Z", "relationship_type": "indicates", "source_ref": "indicator--cc7d1c8c-591b-4908-a593-6d8c08b33c76", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--12d0475d-1d59-4832-b3d9-d7ecd4cd65c3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.05919Z", "modified": "2026-06-02T15:57:35.05919Z", "relationship_type": "indicates", "source_ref": "indicator--76c188f8-02dd-459b-8db9-84d0cf1de809", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f31def80-ebd4-4cd8-9b8b-7212f88ba3e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.060222Z", "modified": "2026-06-02T15:57:35.060222Z", "relationship_type": "indicates", "source_ref": "indicator--e71238ca-bacb-4320-90d0-0a22c32379b1", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--857bb106-a377-4670-9e9a-374790435c34", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.061213Z", "modified": "2026-06-02T15:57:35.061213Z", "relationship_type": "indicates", "source_ref": "indicator--a1fcbdec-7512-4020-bbac-db7d86c1cf20", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d116901e-769c-4156-bd1c-38e05bb1aa12", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.062216Z", "modified": "2026-06-02T15:57:35.062216Z", "relationship_type": "indicates", "source_ref": "indicator--0e530950-8442-4bda-bdd2-2d86684177c9", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--24c12586-554b-4fc4-a99b-0aa35f480a98", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.063231Z", "modified": "2026-06-02T15:57:35.063231Z", "relationship_type": "indicates", "source_ref": "indicator--97d8bed2-735f-4eed-a8e9-ab26b122a12d", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b32c1088-ff98-427e-b328-852b78b5fa21", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.064367Z", "modified": "2026-06-02T15:57:35.064367Z", "relationship_type": "indicates", "source_ref": "indicator--953f0ad5-8e0a-4877-b026-44cf242c8af4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3ef24b1b-db2f-4bd9-9ed9-aabbfa50c2b8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.065384Z", "modified": "2026-06-02T15:57:35.065384Z", "relationship_type": "indicates", "source_ref": "indicator--f6dbe19e-9197-41eb-9db7-520bf3f0c3f8", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--047dc7c5-8fe3-40bf-a4f8-c3b5eef41763", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.066379Z", "modified": "2026-06-02T15:57:35.066379Z", "relationship_type": "indicates", "source_ref": "indicator--0f204461-9606-40ea-a903-6caa62e6ce1b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d76bffab-3b60-42d1-aa86-f542d56e37cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.067385Z", "modified": "2026-06-02T15:57:35.067385Z", "relationship_type": "indicates", "source_ref": "indicator--d5820fea-50e9-40f6-a0eb-538f131534da", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8837c5f1-b525-44b7-8d1c-56fbd0391a06", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.068379Z", "modified": "2026-06-02T15:57:35.068379Z", "relationship_type": "indicates", "source_ref": "indicator--95b43434-2586-429d-808b-b7c5af98d9f8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c3da7bd5-77b5-4a7a-a17c-44bb5b092663", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.069366Z", "modified": "2026-06-02T15:57:35.069366Z", "relationship_type": "indicates", "source_ref": "indicator--600070c2-6d5e-48bd-a664-8e2aaaa4d5b9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a00ff831-d8f2-43a0-879b-4b082f1ba8c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.070357Z", "modified": "2026-06-02T15:57:35.070357Z", "relationship_type": "indicates", "source_ref": "indicator--3cc889a0-9d2a-42c3-a894-366f4b01a03a", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f6dbba84-15eb-4d2e-964e-7bdc21971c65", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.071508Z", "modified": "2026-06-02T15:57:35.071508Z", "relationship_type": "indicates", "source_ref": "indicator--b1618aaa-fee6-480d-9c99-d88bd23c0654", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--88e02f50-a1f4-4f8e-a336-1e49129bb8f4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.072523Z", "modified": "2026-06-02T15:57:35.072523Z", "relationship_type": "indicates", "source_ref": "indicator--1c95c695-c8b6-492d-bc56-67f815946455", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f6ab4853-605e-493a-ad40-bb576d052632", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.073506Z", "modified": "2026-06-02T15:57:35.073506Z", "relationship_type": "indicates", "source_ref": "indicator--7e84f21f-7bd8-4b3a-8261-65f536bf5167", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--92f5aacb-aece-42ef-8b5f-73de1ce6dae1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.074494Z", "modified": "2026-06-02T15:57:35.074494Z", "relationship_type": "indicates", "source_ref": "indicator--fae84f4e-272a-4af7-968a-26c04b262af1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--28e197e4-5f1b-44d9-813a-f827cee7956e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.0755Z", "modified": "2026-06-02T15:57:35.0755Z", "relationship_type": "indicates", "source_ref": "indicator--a1f73ca6-f4d7-4dc8-b356-d4222c53fc39", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8539d576-dd2f-4668-ba76-2d7c3985b94f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.076487Z", "modified": "2026-06-02T15:57:35.076487Z", "relationship_type": "indicates", "source_ref": "indicator--b5b26951-6aa1-4865-b575-3c2e2183a743", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d1c94685-2909-42ab-9a1f-5b322cb4d637", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.077465Z", "modified": "2026-06-02T15:57:35.077465Z", "relationship_type": "indicates", "source_ref": "indicator--dd22ed87-3857-46a4-aa10-a4bb6a646389", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bfda4552-aa02-4958-a463-789abd4ccb4d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.078589Z", "modified": "2026-06-02T15:57:35.078589Z", "relationship_type": "indicates", "source_ref": "indicator--716f1398-db78-44a1-9e59-99ce177a8f4c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a04e2c8b-fe7e-4640-9800-e4f79ea5d5e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.079605Z", "modified": "2026-06-02T15:57:35.079605Z", "relationship_type": "indicates", "source_ref": "indicator--02525f38-7721-4717-860d-3dd3f64b2c33", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b820281f-aa67-4d0f-a6cc-b0b78096eb7a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.080596Z", "modified": "2026-06-02T15:57:35.080596Z", "relationship_type": "indicates", "source_ref": "indicator--559ffe85-0815-43c4-b37d-01525b808d60", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--79761be2-1f5a-412a-9269-994c256853db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.081593Z", "modified": "2026-06-02T15:57:35.081593Z", "relationship_type": "indicates", "source_ref": "indicator--11307692-aebd-4440-a780-06b300bf9ad2", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a168f9de-1493-4c54-b508-cea02c7948cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.082571Z", "modified": "2026-06-02T15:57:35.082571Z", "relationship_type": "indicates", "source_ref": "indicator--ff3b3a0e-e475-4802-92a6-5d8a703e4125", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f6d6cd06-11d3-48c4-8ea0-a64bdbd6e356", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.083565Z", "modified": "2026-06-02T15:57:35.083565Z", "relationship_type": "indicates", "source_ref": "indicator--ca019813-dfdf-4207-9ad6-2d09ca1ec309", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2adbc6f5-33fe-458e-afc7-b5c9bc2a36a5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.084549Z", "modified": "2026-06-02T15:57:35.084549Z", "relationship_type": "indicates", "source_ref": "indicator--1afb0029-0073-45f2-b7ec-2fb9a03fd8ea", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--43dd87b8-991e-4f66-aa42-3f1ddfe24b25", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.085676Z", "modified": "2026-06-02T15:57:35.085676Z", "relationship_type": "indicates", "source_ref": "indicator--1382ddea-7c8b-433d-9864-596b60b33833", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--35d4f367-1844-4858-a5a8-89ddb8e5c13b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.086682Z", "modified": "2026-06-02T15:57:35.086682Z", "relationship_type": "indicates", "source_ref": "indicator--15fa3ce9-f146-4506-9dc2-180a4f064b56", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f124bf91-3a08-4fc6-b148-aa8f995f6c5b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.087704Z", "modified": "2026-06-02T15:57:35.087704Z", "relationship_type": "indicates", "source_ref": "indicator--a980180d-ad2d-4ea7-8e3f-96b803c66739", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b733512e-0266-422d-97b4-928832a6175f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.088721Z", "modified": "2026-06-02T15:57:35.088721Z", "relationship_type": "indicates", "source_ref": "indicator--be4c9851-81ad-4649-8a1d-c3b12ea2ca9e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--201c309f-cb77-4a09-8431-a2c80745a008", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.089706Z", "modified": "2026-06-02T15:57:35.089706Z", "relationship_type": "indicates", "source_ref": "indicator--ea32111f-58ae-473e-a936-dba6b37bf9c5", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d58d899c-b410-4125-9269-b60ab460c5d1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.090688Z", "modified": "2026-06-02T15:57:35.090688Z", "relationship_type": "indicates", "source_ref": "indicator--d5d8b873-1518-4281-9232-feee5233a799", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--78743101-98e7-420a-a912-7471308d0231", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.09169Z", "modified": "2026-06-02T15:57:35.09169Z", "relationship_type": "indicates", "source_ref": "indicator--81e6deaf-22db-4eb6-936d-26e1a99d496e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f143f52e-209d-424b-ba99-aaea0c4e1446", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.092831Z", "modified": "2026-06-02T15:57:35.092831Z", "relationship_type": "indicates", "source_ref": "indicator--5563d4b1-3a3c-4788-a8ee-9e93cd151d45", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a8ba82c5-fb81-4e65-b936-5f9b49a51346", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.093833Z", "modified": "2026-06-02T15:57:35.093833Z", "relationship_type": "indicates", "source_ref": "indicator--7316f8a8-9d3c-408d-8dfb-ba438ceddb07", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b20f39fa-eafd-4b73-bd07-9df57ee66f97", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.094817Z", "modified": "2026-06-02T15:57:35.094817Z", "relationship_type": "indicates", "source_ref": "indicator--50a6542a-5a11-4f10-a01b-3cdc71c3a8db", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1e52dacf-aba0-4e5f-b63d-db424e2fdfe1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.095816Z", "modified": "2026-06-02T15:57:35.095816Z", "relationship_type": "indicates", "source_ref": "indicator--f26fc0ec-a64e-4f83-acad-2119cde9cd5b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e0fe4033-59e5-4d57-9114-6cd2a402e145", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.096802Z", "modified": "2026-06-02T15:57:35.096802Z", "relationship_type": "indicates", "source_ref": "indicator--81871b01-4e01-4236-a3bd-c6caad2f8706", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c8dc6c74-3c77-4cc2-a8d7-d55035da85c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.097794Z", "modified": "2026-06-02T15:57:35.097794Z", "relationship_type": "indicates", "source_ref": "indicator--cc631bed-95ed-4f36-9303-807f8af9a1dc", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--044a3425-c271-450f-bf62-25f7222d9f60", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.098781Z", "modified": "2026-06-02T15:57:35.098781Z", "relationship_type": "indicates", "source_ref": "indicator--bc465e0f-96c5-42ac-a504-a8c7b8ef181b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--763051cf-3f4a-45b0-bded-577129b4d526", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.099955Z", "modified": "2026-06-02T15:57:35.099955Z", "relationship_type": "indicates", "source_ref": "indicator--d03368f5-0cc0-47e5-b85e-6915d88f903b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--76046501-74da-46f2-b31e-db92888127a6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.100956Z", "modified": "2026-06-02T15:57:35.100956Z", "relationship_type": "indicates", "source_ref": "indicator--90975f84-aa80-4bf6-ae5a-90419426e9e2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2d69fcae-6147-4e7d-b2aa-18710b754738", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.101941Z", "modified": "2026-06-02T15:57:35.101941Z", "relationship_type": "indicates", "source_ref": "indicator--7d689cb4-2f38-4acd-a128-372f09cf97c8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6f7d5ca4-b82f-45ae-8169-791134e1a4ab", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.102919Z", "modified": "2026-06-02T15:57:35.102919Z", "relationship_type": "indicates", "source_ref": "indicator--f5296590-02a2-42aa-b440-4e9912c7175e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b7e494ff-914a-47db-8b2f-48add3c21b7c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.103913Z", "modified": "2026-06-02T15:57:35.103913Z", "relationship_type": "indicates", "source_ref": "indicator--8c53b85d-c74e-4195-ab70-23150aba3b71", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f4b069c9-b0c7-4c02-8490-2790e8cd5467", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.104907Z", "modified": "2026-06-02T15:57:35.104907Z", "relationship_type": "indicates", "source_ref": "indicator--471df396-48f6-4684-9c8e-007598eaa038", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--47c1b924-afcb-4d7d-bec8-f4832ad7c932", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.1059Z", "modified": "2026-06-02T15:57:35.1059Z", "relationship_type": "indicates", "source_ref": "indicator--240d49c0-bb01-472f-9e7c-abef628778f9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dde087fa-2943-4f00-93d3-350e7c229b79", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.107034Z", "modified": "2026-06-02T15:57:35.107034Z", "relationship_type": "indicates", "source_ref": "indicator--16abc5cc-8772-403d-8b69-c89eba63abaf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9f26b4d3-9927-4671-8369-419aaad00677", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.108049Z", "modified": "2026-06-02T15:57:35.108049Z", "relationship_type": "indicates", "source_ref": "indicator--3f967f22-ff86-4653-a68c-024f1850da34", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bfc979c1-821b-4c79-ac50-ead9a0612b1d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.109056Z", "modified": "2026-06-02T15:57:35.109056Z", "relationship_type": "indicates", "source_ref": "indicator--0c55038d-db72-4c6d-b16b-6ccfe1552a9d", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--33a7c3ad-77a9-44a6-bc53-cf6acd34db6e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.11004Z", "modified": "2026-06-02T15:57:35.11004Z", "relationship_type": "indicates", "source_ref": "indicator--42a86b2e-90b9-4362-a5f7-fbe58a0bb713", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f9897e8b-4311-4797-8cb4-27f88662415b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.111039Z", "modified": "2026-06-02T15:57:35.111039Z", "relationship_type": "indicates", "source_ref": "indicator--88d33cb7-ffe6-4e86-9b1c-3a285e1923ae", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--995d52f9-c39a-4857-93eb-95d52d530818", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.112049Z", "modified": "2026-06-02T15:57:35.112049Z", "relationship_type": "indicates", "source_ref": "indicator--f2e742ff-7912-4827-9a0b-83aed42a6ce4", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5f59a07b-f060-4956-b9d1-79275e7601f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.113035Z", "modified": "2026-06-02T15:57:35.113035Z", "relationship_type": "indicates", "source_ref": "indicator--94c096c7-73c4-44b8-990c-47364bce85d2", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f0accdc8-3085-40ca-8035-2e56568ba19c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.114156Z", "modified": "2026-06-02T15:57:35.114156Z", "relationship_type": "indicates", "source_ref": "indicator--84469982-c0a3-4823-8c4a-c80fff024c7f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b3d13b17-6851-4364-931f-aab3395e9f50", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.115159Z", "modified": "2026-06-02T15:57:35.115159Z", "relationship_type": "indicates", "source_ref": "indicator--13a960ff-63ae-4ac7-9893-b2b88c90e0f1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4bfdbd3f-fc14-41da-8939-37f56481f034", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.116146Z", "modified": "2026-06-02T15:57:35.116146Z", "relationship_type": "indicates", "source_ref": "indicator--2eab1244-ad1d-407c-9116-0308c348db77", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a0087f5a-6396-4b19-bf54-750a0558e6c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.117149Z", "modified": "2026-06-02T15:57:35.117149Z", "relationship_type": "indicates", "source_ref": "indicator--42ab5d82-0a1d-4609-bfd5-bb0064e123d4", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f93db03c-9795-427a-83c0-b2440b466d24", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.118136Z", "modified": "2026-06-02T15:57:35.118136Z", "relationship_type": "indicates", "source_ref": "indicator--073a3e90-6393-4103-827e-77e0ae92607c", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3e887502-3609-4ce9-be0e-310012f40ef2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.119137Z", "modified": "2026-06-02T15:57:35.119137Z", "relationship_type": "indicates", "source_ref": "indicator--d451922c-089a-487c-9a81-8802cae1d245", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--34ab6f1b-b8cc-45ed-a6dd-5077976cc1a0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.120141Z", "modified": "2026-06-02T15:57:35.120141Z", "relationship_type": "indicates", "source_ref": "indicator--e6a79e07-12b3-4912-8d3f-1e2210b232ca", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dd068d46-8e86-48b3-a62b-124cbda34724", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.122073Z", "modified": "2026-06-02T15:57:35.122073Z", "relationship_type": "indicates", "source_ref": "indicator--31d98fef-f866-453f-9bf1-000d64488ecd", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8ddadb00-28a1-48c3-82ef-b509ba8ec469", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.123194Z", "modified": "2026-06-02T15:57:35.123194Z", "relationship_type": "indicates", "source_ref": "indicator--089cc78f-2561-421f-aad2-f0d42047e0a2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d80860e4-e414-4203-8347-8e69f9415186", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.124219Z", "modified": "2026-06-02T15:57:35.124219Z", "relationship_type": "indicates", "source_ref": "indicator--6892c903-5550-42ad-8fd2-e602a2ad0630", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4905562b-49b1-44ec-b9c5-af220f8b9f94", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.125238Z", "modified": "2026-06-02T15:57:35.125238Z", "relationship_type": "indicates", "source_ref": "indicator--88d39398-f971-43a3-b297-1243437ddf7a", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9c1adc7d-240e-460f-a64b-033680094c7a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.126225Z", "modified": "2026-06-02T15:57:35.126225Z", "relationship_type": "indicates", "source_ref": "indicator--b8fe3290-cd2b-4f99-8a40-071c0b925345", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--10520f07-b526-4f21-8c09-12417286567b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.127224Z", "modified": "2026-06-02T15:57:35.127224Z", "relationship_type": "indicates", "source_ref": "indicator--2374b51f-9a6c-46c8-9974-1548212ba053", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1dcd8890-bbd7-4918-9a41-d336f94420ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.128212Z", "modified": "2026-06-02T15:57:35.128212Z", "relationship_type": "indicates", "source_ref": "indicator--c5fa8693-dd25-4db5-bf4a-64e6686b9215", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7f9e62a0-8410-4411-99e1-a95041558f25", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.129345Z", "modified": "2026-06-02T15:57:35.129345Z", "relationship_type": "indicates", "source_ref": "indicator--36727634-9a00-4788-af83-e4269a777916", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--78ec5664-c1d2-4c4c-b166-d529b72af800", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.130349Z", "modified": "2026-06-02T15:57:35.130349Z", "relationship_type": "indicates", "source_ref": "indicator--eb415253-127f-40c7-a823-420c08d1cee9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--00f7a671-6eb7-4184-9ffe-e82843a39829", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.131361Z", "modified": "2026-06-02T15:57:35.131361Z", "relationship_type": "indicates", "source_ref": "indicator--9d75dbe6-5ccc-4626-8b57-011c82b65eed", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f34274fe-0707-4ac0-9552-30849c9fdb1a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.132461Z", "modified": "2026-06-02T15:57:35.132461Z", "relationship_type": "indicates", "source_ref": "indicator--c17571f7-ce52-451c-89f0-0911cd290d31", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7fd7b15a-8826-4578-a311-5ca680c68d14", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.133463Z", "modified": "2026-06-02T15:57:35.133463Z", "relationship_type": "indicates", "source_ref": "indicator--4f5f6765-bbbc-4b2e-be67-610a52a81196", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4c4915e4-33c4-4cb3-b18f-f75f8f05df65", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.134447Z", "modified": "2026-06-02T15:57:35.134447Z", "relationship_type": "indicates", "source_ref": "indicator--89a1e7b1-444e-4158-8131-1057ffbff595", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e029e0ce-33b8-4c24-b281-84b370609f01", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.135436Z", "modified": "2026-06-02T15:57:35.135436Z", "relationship_type": "indicates", "source_ref": "indicator--34b50e1f-9176-4521-a8b0-7a0dd99f82fc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c44712b5-18fd-44d8-9de2-63db30bc2db8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.136557Z", "modified": "2026-06-02T15:57:35.136557Z", "relationship_type": "indicates", "source_ref": "indicator--0cea6dc5-9a3d-448f-bef4-20a1000d1b5e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--255d7500-86db-4691-9fa5-9320761cf064", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.137565Z", "modified": "2026-06-02T15:57:35.137565Z", "relationship_type": "indicates", "source_ref": "indicator--f5c467c0-8f2d-4168-ba6e-5db32e7200ee", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--07a31bc1-c01e-497e-adba-c663685fefb4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.138547Z", "modified": "2026-06-02T15:57:35.138547Z", "relationship_type": "indicates", "source_ref": "indicator--a45e9903-e119-4d83-ae6c-e9ead49789db", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dd1bf6dc-eb29-439d-b692-77b3b2d48c48", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.139542Z", "modified": "2026-06-02T15:57:35.139542Z", "relationship_type": "indicates", "source_ref": "indicator--1f6122e3-ee1e-44d1-a72a-cd32bd1b1b73", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8722a3dc-e43c-4608-ae99-fb313df6b58f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.140533Z", "modified": "2026-06-02T15:57:35.140533Z", "relationship_type": "indicates", "source_ref": "indicator--145d4d52-91f3-4252-aaf7-8e11f2793910", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fe274d44-5254-40c4-8d3f-8c997416926e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.141511Z", "modified": "2026-06-02T15:57:35.141511Z", "relationship_type": "indicates", "source_ref": "indicator--0b907127-b235-4fa8-b25d-69f607d6e253", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c7a0c18d-3741-4880-a664-de3fdb776129", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.142494Z", "modified": "2026-06-02T15:57:35.142494Z", "relationship_type": "indicates", "source_ref": "indicator--d1255ac8-6341-4d6b-baf8-f21112e1fd01", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--517bd6cd-8c25-4807-8ee5-dbdc8b646071", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.143642Z", "modified": "2026-06-02T15:57:35.143642Z", "relationship_type": "indicates", "source_ref": "indicator--5c5d643a-44a5-4aae-aa63-edb826e1aca9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0f8fe511-e2cc-4efa-9503-33c35be011d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.144636Z", "modified": "2026-06-02T15:57:35.144636Z", "relationship_type": "indicates", "source_ref": "indicator--84cdd6c1-4a77-41f1-859b-5dc257923f06", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e31f05b2-75a7-4e1f-9cc6-1c463e2cdaa8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.145622Z", "modified": "2026-06-02T15:57:35.145622Z", "relationship_type": "indicates", "source_ref": "indicator--74ae382e-2f61-41e7-8661-e464aea425cf", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--02b3ce33-44b1-459b-a77c-df3cd07c4de1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.146617Z", "modified": "2026-06-02T15:57:35.146617Z", "relationship_type": "indicates", "source_ref": "indicator--1035b86c-723b-4767-8310-3941fa4ec64e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b6831e96-a058-4cc8-9ead-470a71d27517", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.147621Z", "modified": "2026-06-02T15:57:35.147621Z", "relationship_type": "indicates", "source_ref": "indicator--4211d9f6-cfa9-4c4f-856a-c0f9d199b825", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--622c3f5f-4dd2-4de0-b30b-7314213dca1b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.148622Z", "modified": "2026-06-02T15:57:35.148622Z", "relationship_type": "indicates", "source_ref": "indicator--c485f60d-d78c-4d77-b849-036f02bb9e61", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e6fe2660-0c2e-46f3-a3cb-f1389998452c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.149605Z", "modified": "2026-06-02T15:57:35.149605Z", "relationship_type": "indicates", "source_ref": "indicator--12b67d9d-c11f-429a-b6dd-129c70f77821", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3d08b2fa-98b9-4ab4-a18d-ed57b21f2431", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.15073Z", "modified": "2026-06-02T15:57:35.15073Z", "relationship_type": "indicates", "source_ref": "indicator--2475fd04-332b-465d-8225-599f90c9f50b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2f3db87d-2e25-49fa-b7c3-1cad77428e91", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.151739Z", "modified": "2026-06-02T15:57:35.151739Z", "relationship_type": "indicates", "source_ref": "indicator--e107a1f3-33d2-407c-b60d-d6c18ca9264b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7266956a-65bd-4162-8ca7-23522d5711ff", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.152725Z", "modified": "2026-06-02T15:57:35.152725Z", "relationship_type": "indicates", "source_ref": "indicator--90aade87-401b-4e3a-821c-22b168c16b05", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--54ddf097-d537-4235-b0a4-8d70b879a6a1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.153725Z", "modified": "2026-06-02T15:57:35.153725Z", "relationship_type": "indicates", "source_ref": "indicator--114c6939-f631-403e-a33f-5875998d6e1d", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4edf3b4c-f5d4-44d7-bd85-51700a1bfe4c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.154701Z", "modified": "2026-06-02T15:57:35.154701Z", "relationship_type": "indicates", "source_ref": "indicator--3d181837-e63d-4225-bc5a-9e60f326904a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7f1e4cc8-cb3b-4e06-913f-a42a971464d6", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.155803Z", "modified": "2026-06-02T15:57:35.155803Z", "relationship_type": "indicates", "source_ref": "indicator--93a7c321-fb09-40f8-a8e7-28cf050a82c2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e1d5a770-94ac-4a43-8116-7bf9009dc56c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.156839Z", "modified": "2026-06-02T15:57:35.156839Z", "relationship_type": "indicates", "source_ref": "indicator--8258ad17-b70e-4cad-9afa-d7ef6744e2ff", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--237964aa-6d5d-4977-a333-f37d2e53f99d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.158023Z", "modified": "2026-06-02T15:57:35.158023Z", "relationship_type": "indicates", "source_ref": "indicator--47495d44-1d6c-4901-a64a-549ffd8c6228", "target_ref": "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5a5d8a74-8f9c-4593-af5e-328802598244", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.159027Z", "modified": "2026-06-02T15:57:35.159027Z", "relationship_type": "indicates", "source_ref": "indicator--716d986b-846d-4a20-aef5-ad19d9e7c2d6", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0d1087a5-5a31-40f6-bb0c-51f96e13f6c9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.160044Z", "modified": "2026-06-02T15:57:35.160044Z", "relationship_type": "indicates", "source_ref": "indicator--46d424d3-200c-4f8c-825d-a3b69381a179", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--46f7e0a0-db74-442c-86ce-49051414c055", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.16103Z", "modified": "2026-06-02T15:57:35.16103Z", "relationship_type": "indicates", "source_ref": "indicator--e71cfd40-7ea4-45b2-a02e-0b47c9f9e5bc", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6bfaee44-f842-42e1-b549-460fe6449291", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.162014Z", "modified": "2026-06-02T15:57:35.162014Z", "relationship_type": "indicates", "source_ref": "indicator--05b8ad9b-8e67-403c-8d87-f2da7b4deb17", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6efa2af8-3ee2-4eec-aeb1-79b1c0d6a027", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.162989Z", "modified": "2026-06-02T15:57:35.162989Z", "relationship_type": "indicates", "source_ref": "indicator--0e7d6e4c-2118-448f-8c86-fb94f75c828a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8bed13f0-60f8-4fb6-b6e5-4dad03c9b5dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.16399Z", "modified": "2026-06-02T15:57:35.16399Z", "relationship_type": "indicates", "source_ref": "indicator--3bdf9adf-b859-4d96-9534-ba20f4caccd7", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--75c826c1-2027-4e49-8cc5-8bfc13d5d93c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.16518Z", "modified": "2026-06-02T15:57:35.16518Z", "relationship_type": "indicates", "source_ref": "indicator--136caa46-2d6c-49ce-8cd5-c77942ca7491", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5eba95a8-4e38-4d6f-bfa1-63627e05666b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.166183Z", "modified": "2026-06-02T15:57:35.166183Z", "relationship_type": "indicates", "source_ref": "indicator--cc0874dd-547d-4caa-86cb-41993a2ace9a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dee394e6-b08b-45ca-9533-6849291cc4b3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.167184Z", "modified": "2026-06-02T15:57:35.167184Z", "relationship_type": "indicates", "source_ref": "indicator--10dc76f6-9a78-4832-8cf9-8c31e9cd2a22", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ee9971c2-bbea-43f8-9440-7de3a8583e49", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.168183Z", "modified": "2026-06-02T15:57:35.168183Z", "relationship_type": "indicates", "source_ref": "indicator--66536ef8-ed9a-4944-9957-36090a80757d", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0b40f653-3ba0-4d78-85c9-d47c0b8c3dc0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.16918Z", "modified": "2026-06-02T15:57:35.16918Z", "relationship_type": "indicates", "source_ref": "indicator--c15e3fcf-653f-4268-b835-2a2307635a23", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4e8fee04-9dde-44e1-9514-6a3074846064", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.170175Z", "modified": "2026-06-02T15:57:35.170175Z", "relationship_type": "indicates", "source_ref": "indicator--9103abef-0b3c-4a8b-a3d5-a38329eae1df", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a4a7e109-bc93-4bdb-be22-598a27605594", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.171174Z", "modified": "2026-06-02T15:57:35.171174Z", "relationship_type": "indicates", "source_ref": "indicator--d03642ef-24d4-47ce-9ca1-64f044603d16", "target_ref": "malware--7c1a1e38-e78a-455f-be97-baedc4781596"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3a5fbef5-6627-4b4f-9d26-b153d5ea84c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.172309Z", "modified": "2026-06-02T15:57:35.172309Z", "relationship_type": "indicates", "source_ref": "indicator--c560d897-444f-4c52-b01d-0f23e7f6fb93", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4756daf3-96e0-4368-bf28-0db3ebeef773", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.173318Z", "modified": "2026-06-02T15:57:35.173318Z", "relationship_type": "indicates", "source_ref": "indicator--2ee83a2c-a472-4661-b095-6144b8498c57", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--06c9234a-ede6-459c-a225-72670c898161", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.174319Z", "modified": "2026-06-02T15:57:35.174319Z", "relationship_type": "indicates", "source_ref": "indicator--0de146ef-f70c-4010-935f-d9dea9da4845", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--455dac45-0e5e-4977-b64a-c601dc3bac59", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.175312Z", "modified": "2026-06-02T15:57:35.175312Z", "relationship_type": "indicates", "source_ref": "indicator--ba4dd57e-53c3-43c9-ba10-43d61c579d28", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9582fa49-ca67-4dd0-9d40-685fa3423c39", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.176295Z", "modified": "2026-06-02T15:57:35.176295Z", "relationship_type": "indicates", "source_ref": "indicator--ebe45629-7081-439b-b18b-55bb2118fcf1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--477b7cdd-8234-4479-9e6a-e52336f303f2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.177275Z", "modified": "2026-06-02T15:57:35.177275Z", "relationship_type": "indicates", "source_ref": "indicator--f352acef-1eb9-46ad-9936-fd1ddb310e34", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c70329f8-e531-4241-9f57-d5a696dd4296", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.178261Z", "modified": "2026-06-02T15:57:35.178261Z", "relationship_type": "indicates", "source_ref": "indicator--29fa4761-aa50-4e9d-8252-63058dfa468f", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bd15748a-966d-49b4-b398-3c14f4383bdd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.179414Z", "modified": "2026-06-02T15:57:35.179414Z", "relationship_type": "indicates", "source_ref": "indicator--a88f3f8b-c299-452d-be45-7473071643cd", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a87978bd-0032-42e4-a9ae-3fc5e36310b0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.180427Z", "modified": "2026-06-02T15:57:35.180427Z", "relationship_type": "indicates", "source_ref": "indicator--04f06712-3f70-49a0-8a48-23d733844046", "target_ref": "malware--339c3bfb-7658-4812-b20e-7a366b67e97c"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2c39a97e-3142-4ce0-b5b5-6c4f23a22c67", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.181413Z", "modified": "2026-06-02T15:57:35.181413Z", "relationship_type": "indicates", "source_ref": "indicator--f5f9a7f8-3eb2-47e5-b470-13471446a1a2", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1312645d-b242-468d-b33c-c5f35c90cc2e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.182387Z", "modified": "2026-06-02T15:57:35.182387Z", "relationship_type": "indicates", "source_ref": "indicator--ed69a5ae-0d1c-4e61-8bd9-a6b36dc0956a", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f0d7839c-06b1-473e-a90f-5c4fb512d681", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.183386Z", "modified": "2026-06-02T15:57:35.183386Z", "relationship_type": "indicates", "source_ref": "indicator--3bd5df7e-3007-44a2-a830-90af983195cb", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--509ce010-02b5-4c53-874e-52f345b0450d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.184369Z", "modified": "2026-06-02T15:57:35.184369Z", "relationship_type": "indicates", "source_ref": "indicator--44fc4c48-9c1d-4a90-ac84-37857d54067e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--617d9868-3a87-4109-85f9-438d0c1af1e3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.185354Z", "modified": "2026-06-02T15:57:35.185354Z", "relationship_type": "indicates", "source_ref": "indicator--8ce56343-e1d3-486e-a936-d28afea28ad1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a154e4fe-200f-4136-8fc7-28acedf0068e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.186486Z", "modified": "2026-06-02T15:57:35.186486Z", "relationship_type": "indicates", "source_ref": "indicator--c70bbe11-b1f0-43c2-b0fe-5b52d8d77cb9", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--54ee966b-3900-40d9-913a-59ef9879aa9b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.1875Z", "modified": "2026-06-02T15:57:35.1875Z", "relationship_type": "indicates", "source_ref": "indicator--82618f15-7b07-4db4-aaf7-0c7bab8a7fd8", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a13e2ef1-e3d9-4739-80ea-967bf3ebf19e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.188493Z", "modified": "2026-06-02T15:57:35.188493Z", "relationship_type": "indicates", "source_ref": "indicator--d38cd569-6abf-4076-9757-aff8feee15a1", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6394d3f5-4428-468b-acb3-03001322333e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.189477Z", "modified": "2026-06-02T15:57:35.189477Z", "relationship_type": "indicates", "source_ref": "indicator--f878aa43-5775-40e9-a7ab-6d95956e750b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c6f7dd09-99ca-49cb-8e31-74dd60404309", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.190454Z", "modified": "2026-06-02T15:57:35.190454Z", "relationship_type": "indicates", "source_ref": "indicator--07479c6d-4824-48fc-9af7-9dd0dd346935", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--503bbea5-150b-4417-ae90-e8d36d737f26", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.191469Z", "modified": "2026-06-02T15:57:35.191469Z", "relationship_type": "indicates", "source_ref": "indicator--a8d97666-1a18-4a60-a1da-e9b2dfb3af79", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1b50729b-30c5-4ecd-99f0-f9921cfc9907", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.192462Z", "modified": "2026-06-02T15:57:35.192462Z", "relationship_type": "indicates", "source_ref": "indicator--651b939e-fafa-44f8-b8d5-82099f759876", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3dd1b81b-df95-4906-9fc6-a18cfbdec03f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.193589Z", "modified": "2026-06-02T15:57:35.193589Z", "relationship_type": "indicates", "source_ref": "indicator--02060e42-1c1e-4709-bfcc-7c07ff8fb03e", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3f7a6b81-b6b7-4639-8792-d0544b74856f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.194586Z", "modified": "2026-06-02T15:57:35.194586Z", "relationship_type": "indicates", "source_ref": "indicator--e8be14c3-1d3b-4c33-b861-f09a275ed853", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3a56b153-acfd-4ce9-a177-1bd058a5b599", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.195585Z", "modified": "2026-06-02T15:57:35.195585Z", "relationship_type": "indicates", "source_ref": "indicator--7a1143a7-bc47-4ffa-b257-9464ee804071", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c6f00007-9788-4e9c-ab78-deae53d4cb09", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.196574Z", "modified": "2026-06-02T15:57:35.196574Z", "relationship_type": "indicates", "source_ref": "indicator--0e164fc3-2067-4903-97c2-e725ec658b8b", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--178c5de6-2596-4f0e-aaac-290e45f5a13d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.197551Z", "modified": "2026-06-02T15:57:35.197551Z", "relationship_type": "indicates", "source_ref": "indicator--d0db37db-f6d5-47f5-9ba0-17fc8f72d0b3", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--422eed9d-3783-468d-a554-185b94fb77d0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.198543Z", "modified": "2026-06-02T15:57:35.198543Z", "relationship_type": "indicates", "source_ref": "indicator--8f0bd091-a849-4635-8221-d9e8c341da85", "target_ref": "malware--3e32a746-53d1-4e22-8134-da6d47b1945b"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--68af8418-833f-4c01-adb8-fa7e06068417", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.199586Z", "modified": "2026-06-02T15:57:35.199586Z", "relationship_type": "indicates", "source_ref": "indicator--fd4b7d5e-c702-43d0-8628-dabf8e49f57d", "target_ref": "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7e4dfc14-5314-4923-9b27-b77a8031e831", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.201021Z", "modified": "2026-06-02T15:57:35.201021Z", "relationship_type": "indicates", "source_ref": "indicator--407551ef-831d-4882-af92-616a59dab00e", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3543fc13-943c-4988-b06a-d708bc301f9f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.202021Z", "modified": "2026-06-02T15:57:35.202021Z", "relationship_type": "indicates", "source_ref": "indicator--9ed6d345-fc65-4b16-a281-f141795453bd", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e9ce87cc-784e-4465-8634-6378b1f54fd4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.203005Z", "modified": "2026-06-02T15:57:35.203005Z", "relationship_type": "indicates", "source_ref": "indicator--e980c1a2-2225-4a7e-a3c1-f19ff29eb1d9", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--39601039-0ff7-4b64-b765-ceb829a01824", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.20406Z", "modified": "2026-06-02T15:57:35.20406Z", "relationship_type": "indicates", "source_ref": "indicator--00e3ec6f-a8e1-4aa7-a412-22c53828e2bb", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--777ef914-4a83-4cc2-ae9d-81785d16c5d9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.205071Z", "modified": "2026-06-02T15:57:35.205071Z", "relationship_type": "indicates", "source_ref": "indicator--91fe30fa-bc91-440e-9318-51f3b67d6867", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cc59a142-fe55-4623-a881-a211ca360b8a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.206089Z", "modified": "2026-06-02T15:57:35.206089Z", "relationship_type": "indicates", "source_ref": "indicator--42cc398f-4ba3-4602-af1c-4a3a5504c765", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bfc37462-892f-41eb-b3df-c9bf77dd8252", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.207077Z", "modified": "2026-06-02T15:57:35.207077Z", "relationship_type": "indicates", "source_ref": "indicator--3b3d4fdc-06e1-455b-9183-641ff3283ab0", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1a9b268c-2a79-49e4-82f5-681c9764ee94", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.209016Z", "modified": "2026-06-02T15:57:35.209016Z", "relationship_type": "indicates", "source_ref": "indicator--09fc0763-50f4-492e-9a51-8abbfb06ffdd", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--39abf1b2-11ae-4363-8adc-c59d71c0e26e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.210113Z", "modified": "2026-06-02T15:57:35.210113Z", "relationship_type": "indicates", "source_ref": "indicator--3bce6def-8acf-4631-8f7f-a04f2749badd", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d237965e-b403-4254-8601-9c59df12456e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.211165Z", "modified": "2026-06-02T15:57:35.211165Z", "relationship_type": "indicates", "source_ref": "indicator--23b74ab0-e219-47d3-bcce-ddc39e7fed2c", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--42f59cca-fe3f-4d93-853c-a9507cb8d24c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.212161Z", "modified": "2026-06-02T15:57:35.212161Z", "relationship_type": "indicates", "source_ref": "indicator--84adb9b5-6df8-4750-9d2f-41d033f65de5", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--581f9a89-d5eb-4f55-941f-f5ee9352ad0c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.213144Z", "modified": "2026-06-02T15:57:35.213144Z", "relationship_type": "indicates", "source_ref": "indicator--040070c6-7cac-4b65-a83c-e36d1c4199c0", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--84e2e177-b6f4-4854-abf7-ecb82ede9b2f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.214135Z", "modified": "2026-06-02T15:57:35.214135Z", "relationship_type": "indicates", "source_ref": "indicator--e4434b6b-6c0e-4860-be68-be5f8016b0fa", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c1ebcbdc-1f47-43fe-b79d-83da15ad19fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.215121Z", "modified": "2026-06-02T15:57:35.215121Z", "relationship_type": "indicates", "source_ref": "indicator--7e22377d-3a46-477a-adf9-5d2f2d1047e6", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5b234b2a-d658-4e81-8531-12b32493e000", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.216255Z", "modified": "2026-06-02T15:57:35.216255Z", "relationship_type": "indicates", "source_ref": "indicator--1c1fa945-460d-4ad5-848a-7aae4cbb2669", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--31f4a958-c811-46c4-9ae0-183cf8df2576", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.21727Z", "modified": "2026-06-02T15:57:35.21727Z", "relationship_type": "indicates", "source_ref": "indicator--c3f26963-5881-46d9-9459-2d3c880653e8", "target_ref": "malware--744c4cab-28c2-4214-af55-1ac117bbe58f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7432dbc7-9d05-480e-9acb-e11314116096", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.21868Z", "modified": "2026-06-02T15:57:35.21868Z", "relationship_type": "indicates", "source_ref": "indicator--d44a7858-c8f2-48ba-911a-4e877ad2258a", "target_ref": "malware--fd1fe44f-7eeb-4e9c-9024-9b480cfc75cb"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5f0c327c-357f-4dbc-a8af-7ff776e154ca", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.220025Z", "modified": "2026-06-02T15:57:35.220025Z", "relationship_type": "indicates", "source_ref": "indicator--3fe3eddf-e03b-46b2-948f-da77e403d503", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0b24a21f-514d-4d27-8d2c-32156d043184", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.221036Z", "modified": "2026-06-02T15:57:35.221036Z", "relationship_type": "indicates", "source_ref": "indicator--24d66a27-e070-4290-b3d2-d01712b60860", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a27342ab-a03e-4757-ae89-2ffde0b8f402", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.222042Z", "modified": "2026-06-02T15:57:35.222042Z", "relationship_type": "indicates", "source_ref": "indicator--b3ce8b52-1d77-4596-ab71-4419fa5c7636", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dad801a3-5baf-4f0f-9fcd-c7d9a378b02e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.223052Z", "modified": "2026-06-02T15:57:35.223052Z", "relationship_type": "indicates", "source_ref": "indicator--8c7d675f-9fef-4e6d-bf2d-4a87d9e03cd0", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f464a841-d58a-4be6-bdc9-3372f278b3ae", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.224221Z", "modified": "2026-06-02T15:57:35.224221Z", "relationship_type": "indicates", "source_ref": "indicator--16628916-4497-4c46-a600-c6e267d6f526", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ce9e79f6-ebe3-47ec-91ef-74d826c4e4e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.22524Z", "modified": "2026-06-02T15:57:35.22524Z", "relationship_type": "indicates", "source_ref": "indicator--44ed8751-bed6-4f7b-bce2-d964797a052a", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c0afcece-4624-4c69-b428-32eba071bf5d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.226241Z", "modified": "2026-06-02T15:57:35.226241Z", "relationship_type": "indicates", "source_ref": "indicator--6126f193-9e8b-40b6-a78a-0f1c69a81556", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1362b621-5bc5-4af1-9d28-9f541d9ad97e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.227303Z", "modified": "2026-06-02T15:57:35.227303Z", "relationship_type": "indicates", "source_ref": "indicator--dd729e1d-4d4e-4f01-bee4-8cc7136be09d", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--11fc50c8-9227-40ff-89ce-e8e08e89f435", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.228322Z", "modified": "2026-06-02T15:57:35.228322Z", "relationship_type": "indicates", "source_ref": "indicator--e9f83e7c-7bbc-4554-b955-0c08c35f9dd9", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--403c223a-39ce-4b24-8b03-c2055d878357", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.229334Z", "modified": "2026-06-02T15:57:35.229334Z", "relationship_type": "indicates", "source_ref": "indicator--ea782101-2211-4758-8ab9-f1da963246a0", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--031ea36e-e31b-462f-a08f-ddc067288a55", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.230342Z", "modified": "2026-06-02T15:57:35.230342Z", "relationship_type": "indicates", "source_ref": "indicator--000eb2ef-6acc-4c39-9491-4dc36cdbfd4c", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9d72ba49-aa01-4db4-977e-7090b453ee2b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.231732Z", "modified": "2026-06-02T15:57:35.231732Z", "relationship_type": "indicates", "source_ref": "indicator--39bb5862-b491-4ad1-99e0-df752a7df0ae", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--de88036c-1754-4c3b-acfe-a8f209229e1e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.2328Z", "modified": "2026-06-02T15:57:35.2328Z", "relationship_type": "indicates", "source_ref": "indicator--81561b75-38b1-4ce3-8ba4-255b5caec78c", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--865c7419-790b-44e5-87cd-939635f4f76c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.233821Z", "modified": "2026-06-02T15:57:35.233821Z", "relationship_type": "indicates", "source_ref": "indicator--68eacc1e-bec6-4f3c-b162-44dffeea74f0", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3f570861-1177-4610-b488-0d40f23165f8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.235139Z", "modified": "2026-06-02T15:57:35.235139Z", "relationship_type": "indicates", "source_ref": "indicator--d14dad19-ebdf-40e3-a592-1986b2a7d329", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--31900f12-df88-477e-bdea-fa1b10490b27", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.23615Z", "modified": "2026-06-02T15:57:35.23615Z", "relationship_type": "indicates", "source_ref": "indicator--0f7a2eca-3b32-4548-b2df-fb1b229779df", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--47bf8bd2-1d09-4221-88f3-bd6d735a72d7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.237148Z", "modified": "2026-06-02T15:57:35.237148Z", "relationship_type": "indicates", "source_ref": "indicator--adf48176-c5a0-48d6-965e-f28d71978dfe", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d68bc9bb-86d0-4531-bc14-d25671cd70cd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.23844Z", "modified": "2026-06-02T15:57:35.23844Z", "relationship_type": "indicates", "source_ref": "indicator--b2b419f1-0150-4809-8625-0c22be40209b", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c9d04d43-5625-48d2-9e92-2e4f67532957", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.239644Z", "modified": "2026-06-02T15:57:35.239644Z", "relationship_type": "indicates", "source_ref": "indicator--c8c99364-33ce-4c6f-9ccc-dcdbf676db47", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--402a0993-14bf-45b1-9060-d850f933cc8c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.240668Z", "modified": "2026-06-02T15:57:35.240668Z", "relationship_type": "indicates", "source_ref": "indicator--32cae595-c497-410f-92fd-525dfebd7f4e", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e183fc83-eca6-46d8-aa06-6e8c2bd7777a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.241682Z", "modified": "2026-06-02T15:57:35.241682Z", "relationship_type": "indicates", "source_ref": "indicator--0bffe0fe-3f31-4795-aa17-c7c322ae4aba", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--09be1e3b-f167-4a33-a1f7-e6039d124823", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.242687Z", "modified": "2026-06-02T15:57:35.242687Z", "relationship_type": "indicates", "source_ref": "indicator--c196a983-2d47-4719-932c-b121a649dd27", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f18295ab-8b3e-4acc-b341-3369b2cb90ed", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.243706Z", "modified": "2026-06-02T15:57:35.243706Z", "relationship_type": "indicates", "source_ref": "indicator--a966e298-46c7-4700-94cf-106a2cdbd9cd", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3ad80f94-7857-477e-ae9e-175d6a444c28", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.244716Z", "modified": "2026-06-02T15:57:35.244716Z", "relationship_type": "indicates", "source_ref": "indicator--015dc84d-16b3-4a1a-94d5-be9d6e256203", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef1ca125-8fe8-4a9e-b2e8-de554c0e6053", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.245724Z", "modified": "2026-06-02T15:57:35.245724Z", "relationship_type": "indicates", "source_ref": "indicator--1e5c7732-c315-4c2f-a6e3-724110bfb7cd", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7d9b76e2-fe2e-4384-aa20-7d5947e703a9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.246868Z", "modified": "2026-06-02T15:57:35.246868Z", "relationship_type": "indicates", "source_ref": "indicator--f322edd6-c627-4ca4-87fd-289f3467abe1", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6b75d960-172e-4117-b337-cf04acd9414a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.247904Z", "modified": "2026-06-02T15:57:35.247904Z", "relationship_type": "indicates", "source_ref": "indicator--bce7178d-effb-4dc3-84b9-33f95fb255c5", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--43c71e87-b6da-48bb-8aed-a928458a68b8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.248905Z", "modified": "2026-06-02T15:57:35.248905Z", "relationship_type": "indicates", "source_ref": "indicator--34064c3f-6357-4fe8-8388-2134b8ef228c", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ca07f65e-101e-4b18-9cf2-79a920eae532", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.249909Z", "modified": "2026-06-02T15:57:35.249909Z", "relationship_type": "indicates", "source_ref": "indicator--0b5a8fad-e8b5-4f99-8a73-b93d71d2fa1e", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eb73c002-7b2e-4a8b-b82b-2ed2670a4415", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.250905Z", "modified": "2026-06-02T15:57:35.250905Z", "relationship_type": "indicates", "source_ref": "indicator--88ec0d64-c402-4271-bca7-b0b98b6d4c53", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b19eec31-e04e-474c-8d85-f57dce1302c2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.251963Z", "modified": "2026-06-02T15:57:35.251963Z", "relationship_type": "indicates", "source_ref": "indicator--dad47242-0508-4096-bbf3-a578878a7c75", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--86fef05a-b8a1-49ba-96b7-ea302b571e27", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.252975Z", "modified": "2026-06-02T15:57:35.252975Z", "relationship_type": "indicates", "source_ref": "indicator--d9b4664c-17a9-4f38-b098-f3c0c4c4bef5", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7b8a5b46-1285-437d-b4c2-71d73ae36f62", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.25412Z", "modified": "2026-06-02T15:57:35.25412Z", "relationship_type": "indicates", "source_ref": "indicator--e120d40b-8a1b-43f7-8037-43e2bfb1b0b7", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a29e4db3-9460-4d22-833a-a730573d243d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.255146Z", "modified": "2026-06-02T15:57:35.255146Z", "relationship_type": "indicates", "source_ref": "indicator--bd693d99-e9f5-46d9-aacd-e5ab291fe9b3", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8dd194ee-1c6f-4d1f-bcf3-91717fd914b7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.256166Z", "modified": "2026-06-02T15:57:35.256166Z", "relationship_type": "indicates", "source_ref": "indicator--58791127-124c-4ca1-8e5e-ee6d5d34175c", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bbb4804c-da20-4d70-8189-c6ce9bb1f0ef", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.25718Z", "modified": "2026-06-02T15:57:35.25718Z", "relationship_type": "indicates", "source_ref": "indicator--94f43881-0ba4-480c-956a-807fe8f87ed8", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a9ea3fe9-10be-4056-8d50-91b48687152d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.258209Z", "modified": "2026-06-02T15:57:35.258209Z", "relationship_type": "indicates", "source_ref": "indicator--b56f41fb-184d-4b59-afcb-99557f1abc09", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--dd1253a9-98a4-4934-a9c3-22a9d009c71c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.259237Z", "modified": "2026-06-02T15:57:35.259237Z", "relationship_type": "indicates", "source_ref": "indicator--44b3c33b-1c3a-44e1-b0da-fbc45d94522c", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a2c771fd-56a2-466b-8220-606409603525", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.260272Z", "modified": "2026-06-02T15:57:35.260272Z", "relationship_type": "indicates", "source_ref": "indicator--9c25ce8c-bd26-48e9-9f89-ac1ca3d0c805", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d1ba8c49-8eca-4e30-95c9-8472fe4d2ab7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.261426Z", "modified": "2026-06-02T15:57:35.261426Z", "relationship_type": "indicates", "source_ref": "indicator--318ac25d-149a-4c23-8a90-ea544a88b514", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--862dc0d3-decb-4ac0-81e2-b03bc0d836cf", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.262447Z", "modified": "2026-06-02T15:57:35.262447Z", "relationship_type": "indicates", "source_ref": "indicator--c84f79ff-7a74-4b47-9fe8-a8e1516fc517", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0bd633e3-ddcc-4b38-b6e0-4772cab3d85d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.263465Z", "modified": "2026-06-02T15:57:35.263465Z", "relationship_type": "indicates", "source_ref": "indicator--c8e249f9-61ec-4be0-9e2e-11cd6e3da606", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9ecd7295-71dd-402c-ae39-f3cca2b110f3", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.264479Z", "modified": "2026-06-02T15:57:35.264479Z", "relationship_type": "indicates", "source_ref": "indicator--8f554885-6e9c-4a04-bbd1-60f3ca1cc6c0", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9a944d4d-d08b-4870-b888-10aa82d4ec0f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.265482Z", "modified": "2026-06-02T15:57:35.265482Z", "relationship_type": "indicates", "source_ref": "indicator--9c195d26-674e-4cce-a9a0-a4eab3e5d60a", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7ac2b0c1-f811-408f-8861-ef464c173b96", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.266498Z", "modified": "2026-06-02T15:57:35.266498Z", "relationship_type": "indicates", "source_ref": "indicator--362b7558-7265-44c6-8570-206a4a0fe268", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2ccbdab4-d714-4726-bdc0-250f777d66db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.267508Z", "modified": "2026-06-02T15:57:35.267508Z", "relationship_type": "indicates", "source_ref": "indicator--282d389a-53d2-4a31-8bbd-d9f2df636e27", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9f2cdce3-ddf2-44a4-8852-4d2031598efa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.268659Z", "modified": "2026-06-02T15:57:35.268659Z", "relationship_type": "indicates", "source_ref": "indicator--d491ae50-7630-4444-9795-0e427cfa7224", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d3f49444-0e60-43f6-a6de-0c2da6c37243", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.269678Z", "modified": "2026-06-02T15:57:35.269678Z", "relationship_type": "indicates", "source_ref": "indicator--f7a80e0a-1285-4d8d-98eb-e81591f52b38", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--852300be-74dc-4c38-92eb-3b97b402112a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.270677Z", "modified": "2026-06-02T15:57:35.270677Z", "relationship_type": "indicates", "source_ref": "indicator--eb868fd1-80ab-48d0-b9d8-3ada37db3664", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c45477ca-d27b-4103-8400-b49af8f75c07", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.271689Z", "modified": "2026-06-02T15:57:35.271689Z", "relationship_type": "indicates", "source_ref": "indicator--9a782714-6f1e-455f-b799-04211a4b5273", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--09ccac59-c56a-4dd0-8ad6-c82aac63f353", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.272694Z", "modified": "2026-06-02T15:57:35.272694Z", "relationship_type": "indicates", "source_ref": "indicator--a503c36a-ff35-494e-9aae-ea1a9fc8994b", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a8684ae1-7f54-4817-ba3b-ba1260ee81dd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.273701Z", "modified": "2026-06-02T15:57:35.273701Z", "relationship_type": "indicates", "source_ref": "indicator--f2d458ed-df6a-4911-8038-bfbf522fc0c0", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--091a5a67-5346-4faa-9e23-438a19704ee2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.274693Z", "modified": "2026-06-02T15:57:35.274693Z", "relationship_type": "indicates", "source_ref": "indicator--a38f4c90-dd44-435a-8d06-8f78f9f48abd", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a308f46c-45bc-48fa-9157-4708834e2f0f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.275842Z", "modified": "2026-06-02T15:57:35.275842Z", "relationship_type": "indicates", "source_ref": "indicator--d9f3bef9-5c6a-46de-bc5f-48305af8897b", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7f3ede63-9a24-47aa-9d4a-8429f39de152", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.276862Z", "modified": "2026-06-02T15:57:35.276862Z", "relationship_type": "indicates", "source_ref": "indicator--85613216-c165-430e-aba7-685f5dc15d01", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ba283e30-9171-465b-bca8-0e1de809da46", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.277865Z", "modified": "2026-06-02T15:57:35.277865Z", "relationship_type": "indicates", "source_ref": "indicator--c4b51421-1c3b-4327-96c9-1bc0d12f18e1", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ecaa0207-dc6c-499a-9664-f972f3c1e7e2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.278868Z", "modified": "2026-06-02T15:57:35.278868Z", "relationship_type": "indicates", "source_ref": "indicator--3e8de584-e363-4699-bf2a-4e55e141f84f", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9a676f84-491d-48b4-9adb-b6cd0647cd6a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.279883Z", "modified": "2026-06-02T15:57:35.279883Z", "relationship_type": "indicates", "source_ref": "indicator--9a88d234-98aa-4f57-8262-219dfa6bfb24", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--81436ad3-e4bc-436e-83d6-21ae8114b718", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.280882Z", "modified": "2026-06-02T15:57:35.280882Z", "relationship_type": "indicates", "source_ref": "indicator--69f66b00-e05e-49b1-b78a-665cf8a0d250", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3b49aacf-6125-431f-8f92-58e14c203dbd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.281889Z", "modified": "2026-06-02T15:57:35.281889Z", "relationship_type": "indicates", "source_ref": "indicator--8bcda954-73aa-4960-9dd4-f2b630dfbcf3", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--20bff1a8-0d7f-41bd-b828-454440ce268c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.283023Z", "modified": "2026-06-02T15:57:35.283023Z", "relationship_type": "indicates", "source_ref": "indicator--7e575e7e-c895-4da3-bb1c-98dab36e6f1e", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--374eca1d-b26c-4bc2-8b8d-dfb6bc0fb5aa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.284053Z", "modified": "2026-06-02T15:57:35.284053Z", "relationship_type": "indicates", "source_ref": "indicator--66970b35-ac44-4227-9b38-9e6fb0011802", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--788cf373-684f-4778-936e-78e951de236e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.285059Z", "modified": "2026-06-02T15:57:35.285059Z", "relationship_type": "indicates", "source_ref": "indicator--8c088146-4b34-412a-83b6-14b351beb87d", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7bbf38e1-9647-441b-a60f-1c28c13b8e84", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.286059Z", "modified": "2026-06-02T15:57:35.286059Z", "relationship_type": "indicates", "source_ref": "indicator--6c521f47-e68f-4315-ba38-d4a7e41e9e13", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0036c408-abb0-4b50-8b3a-614024e492af", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.287062Z", "modified": "2026-06-02T15:57:35.287062Z", "relationship_type": "indicates", "source_ref": "indicator--6eac807e-c57a-4d51-9c12-78e98691900e", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e28817a5-d950-4a02-8c93-a0137b0a409c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.288085Z", "modified": "2026-06-02T15:57:35.288085Z", "relationship_type": "indicates", "source_ref": "indicator--2c2a5c6f-9328-4481-a155-1c8a2b8c9987", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6774241d-9748-4a6e-b26d-fcb18048635e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.289099Z", "modified": "2026-06-02T15:57:35.289099Z", "relationship_type": "indicates", "source_ref": "indicator--df063083-0548-454b-8143-e8cde29bdddb", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b1953fad-3a01-42ba-9780-c5850d6c10db", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.290248Z", "modified": "2026-06-02T15:57:35.290248Z", "relationship_type": "indicates", "source_ref": "indicator--2a6e87e3-7a13-48d4-a1c6-3736ed1bc288", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9a73f904-1258-4482-b205-7f9a445aab4b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.29129Z", "modified": "2026-06-02T15:57:35.29129Z", "relationship_type": "indicates", "source_ref": "indicator--474a34f8-618b-48f3-8f06-ed58ad245b80", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a22e73d9-91bb-4bbc-8720-4c1a6f277a3d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.292297Z", "modified": "2026-06-02T15:57:35.292297Z", "relationship_type": "indicates", "source_ref": "indicator--3c5ee532-3074-433b-b5fd-f33e2320cc3d", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--bd5d7683-4d33-460b-ab60-5cd1a5f1e014", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.293314Z", "modified": "2026-06-02T15:57:35.293314Z", "relationship_type": "indicates", "source_ref": "indicator--e20d0a7a-dc57-486c-851f-dbd5bf432b55", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4a88cc28-95c2-4d99-a18a-fab30259d28d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.294317Z", "modified": "2026-06-02T15:57:35.294317Z", "relationship_type": "indicates", "source_ref": "indicator--7e94e5f5-7be6-45b7-b3ff-d3b88f2a77e6", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3097aa76-4892-4e43-b98c-fb8ce2044532", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.295331Z", "modified": "2026-06-02T15:57:35.295331Z", "relationship_type": "indicates", "source_ref": "indicator--c06d8a86-3621-4ea1-a123-ef0d8b7b1d0b", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7bae7be3-8f6f-4def-aa3a-ab424c7c71f1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.296334Z", "modified": "2026-06-02T15:57:35.296334Z", "relationship_type": "indicates", "source_ref": "indicator--4e018c3b-89f9-4458-861d-112bea7267d7", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--48b8e0c3-bbcd-4bf3-9453-f54f740b88c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.298337Z", "modified": "2026-06-02T15:57:35.298337Z", "relationship_type": "indicates", "source_ref": "indicator--d47944a4-25e2-415c-bd70-16e9cc46e52c", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6811d53f-2905-4e93-93d7-4d8d0693a4ce", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.299508Z", "modified": "2026-06-02T15:57:35.299508Z", "relationship_type": "indicates", "source_ref": "indicator--1ed1b847-10c1-4cfe-bf9f-1e4ccc858cb1", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2493a49f-b277-4475-a44d-498ea77d5cbc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.300558Z", "modified": "2026-06-02T15:57:35.300558Z", "relationship_type": "indicates", "source_ref": "indicator--09f016c1-f587-40f2-b227-daec2772fde2", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--01e265c8-8e79-4845-97ef-0180efac9e0c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.301569Z", "modified": "2026-06-02T15:57:35.301569Z", "relationship_type": "indicates", "source_ref": "indicator--820af94b-c159-4456-879b-9387ebc6ac10", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7a22ec34-24f4-468b-90d5-39dc637874cc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.302574Z", "modified": "2026-06-02T15:57:35.302574Z", "relationship_type": "indicates", "source_ref": "indicator--7a0cff43-326c-472d-b38d-ac5d0f8fe83c", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2aafd984-9a94-4ca2-9b4f-43cf28ac044a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.303597Z", "modified": "2026-06-02T15:57:35.303597Z", "relationship_type": "indicates", "source_ref": "indicator--10017df3-27c5-4391-8631-896a1cf5f376", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--46ec3d17-2a89-4ceb-b9d4-e1c4cfd04446", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.304616Z", "modified": "2026-06-02T15:57:35.304616Z", "relationship_type": "indicates", "source_ref": "indicator--bbc99d18-f30a-489c-bef3-513e4f859472", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6c4d3635-ccf6-4d31-ad15-cd43e13075b1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.305761Z", "modified": "2026-06-02T15:57:35.305761Z", "relationship_type": "indicates", "source_ref": "indicator--39334a01-ad7e-464c-b3ed-73f29b15a4ca", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9ff66be1-5525-4a4e-b640-8faae6747973", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.306779Z", "modified": "2026-06-02T15:57:35.306779Z", "relationship_type": "indicates", "source_ref": "indicator--c5823556-2629-4d99-9add-b1692c106052", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0c0c8233-de3b-4664-8bb1-c0cdfaafeffa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.307809Z", "modified": "2026-06-02T15:57:35.307809Z", "relationship_type": "indicates", "source_ref": "indicator--513c7906-bb82-42c7-8a5e-39ef01f39fcc", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5d989b2e-4fe6-47ce-8ea0-f2ba0de9f785", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.308822Z", "modified": "2026-06-02T15:57:35.308822Z", "relationship_type": "indicates", "source_ref": "indicator--287be981-61ef-485b-ae0b-4f1886a36ec6", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4276b979-6678-4948-b77b-1c88122ab4b8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.309823Z", "modified": "2026-06-02T15:57:35.309823Z", "relationship_type": "indicates", "source_ref": "indicator--a5692d53-d594-4723-947c-6bb8db6f6e7c", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6cbee07a-c7b5-4c55-a070-8c84a79fc18e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.310826Z", "modified": "2026-06-02T15:57:35.310826Z", "relationship_type": "indicates", "source_ref": "indicator--8ddae9bf-e9ac-4bc3-8c00-997e18ebf789", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--33d23f94-1a65-4354-b242-fe72387f4557", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.311841Z", "modified": "2026-06-02T15:57:35.311841Z", "relationship_type": "indicates", "source_ref": "indicator--374b9bea-34c1-42c8-86f9-88122eb5aa3d", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cddac6c0-932f-438a-bad1-636f3068c905", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.312991Z", "modified": "2026-06-02T15:57:35.312991Z", "relationship_type": "indicates", "source_ref": "indicator--01bf3441-fa87-4040-a726-bafaca60a8f3", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--faf5fde3-4f94-475e-9209-3100c426ece9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.314008Z", "modified": "2026-06-02T15:57:35.314008Z", "relationship_type": "indicates", "source_ref": "indicator--949750d6-519f-461f-b93b-4afd86338446", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--461f43bb-3c4b-4980-9393-0f405e7e84d5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.315015Z", "modified": "2026-06-02T15:57:35.315015Z", "relationship_type": "indicates", "source_ref": "indicator--af0842bc-efa4-4df6-9717-986065f9a0f1", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1d48ad60-24ba-4cc1-bbb1-24e0cbbc1ad2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.316069Z", "modified": "2026-06-02T15:57:35.316069Z", "relationship_type": "indicates", "source_ref": "indicator--250126c8-2fa1-4945-8590-fb33f2c672e2", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--be943cab-1f23-4003-9650-21740ff3b12a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.317086Z", "modified": "2026-06-02T15:57:35.317086Z", "relationship_type": "indicates", "source_ref": "indicator--f629e1a1-2516-40e1-bae7-984765c3b663", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--35151e0a-de27-440d-9793-cbb59d8a9420", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.318136Z", "modified": "2026-06-02T15:57:35.318136Z", "relationship_type": "indicates", "source_ref": "indicator--f37f1473-2fe5-4de5-bb4c-74671884e2e0", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c5e04c0f-ee65-4826-82e7-bd605fdec241", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.319166Z", "modified": "2026-06-02T15:57:35.319166Z", "relationship_type": "indicates", "source_ref": "indicator--7295834b-6478-4004-908e-0ddfdce9e5ec", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4a6fa64a-9bb7-4ed2-b0b2-7d84d61bdb32", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.320329Z", "modified": "2026-06-02T15:57:35.320329Z", "relationship_type": "indicates", "source_ref": "indicator--bfc8d91c-3b5d-4d99-a927-bdc87aebaa36", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4928ce85-7571-473a-a176-1854f1976526", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.321346Z", "modified": "2026-06-02T15:57:35.321346Z", "relationship_type": "indicates", "source_ref": "indicator--4518fa51-5d00-4d06-a5d0-067d54a0e10a", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3ff673f0-b07e-471a-a508-b4b591b398bc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.322356Z", "modified": "2026-06-02T15:57:35.322356Z", "relationship_type": "indicates", "source_ref": "indicator--75a21f3b-8801-4de0-9793-82de100665c1", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--90f0845e-0e57-4946-af64-577f02918f13", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.323382Z", "modified": "2026-06-02T15:57:35.323382Z", "relationship_type": "indicates", "source_ref": "indicator--817ce363-bc5a-4df4-a64c-e561fde5951d", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5ea7f910-86e1-4aa9-89a7-35ebbc3cbe86", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.324397Z", "modified": "2026-06-02T15:57:35.324397Z", "relationship_type": "indicates", "source_ref": "indicator--01535de5-2916-4d45-a1fb-ebae1bd9146c", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d142e4f4-d781-4a40-91f9-ad6974744a97", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.325398Z", "modified": "2026-06-02T15:57:35.325398Z", "relationship_type": "indicates", "source_ref": "indicator--40bdd963-d3e2-4969-8068-5b8d7e61e707", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9db1dac5-0631-4524-9603-9b12d0520c55", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.326401Z", "modified": "2026-06-02T15:57:35.326401Z", "relationship_type": "indicates", "source_ref": "indicator--79633a2e-e5a7-47a0-8f2d-4b521079114e", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--646269d3-2d93-454a-8db2-e893ad0dd0a8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.327626Z", "modified": "2026-06-02T15:57:35.327626Z", "relationship_type": "indicates", "source_ref": "indicator--507e357e-7323-4e29-a870-0a3a147ccf5c", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0e4a144b-88b6-42e3-9c00-c2722d25c86b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.328775Z", "modified": "2026-06-02T15:57:35.328775Z", "relationship_type": "indicates", "source_ref": "indicator--bff2a864-5b4e-4457-b833-89638e2c0726", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--70176638-d91e-4e04-b2d8-e5f582d74797", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.329862Z", "modified": "2026-06-02T15:57:35.329862Z", "relationship_type": "indicates", "source_ref": "indicator--cdd12f20-c663-4476-9b18-7c8bfc5a53ce", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e3eaac81-9201-49d2-b0e0-fea7734199ea", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.330881Z", "modified": "2026-06-02T15:57:35.330881Z", "relationship_type": "indicates", "source_ref": "indicator--d96f339c-abf1-45bf-beba-697ba7e7dc36", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d87425e5-1c19-48a2-9460-f3375ac57ff2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.331966Z", "modified": "2026-06-02T15:57:35.331966Z", "relationship_type": "indicates", "source_ref": "indicator--ca03f43d-aa48-4b30-a1af-cbc435cc0a5e", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f34137ba-6a9c-48eb-9271-3d3b5a398822", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.333077Z", "modified": "2026-06-02T15:57:35.333077Z", "relationship_type": "indicates", "source_ref": "indicator--e7bffb80-e25d-4248-8eaf-7beadbd9fd74", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7c60fe7c-4d31-42d5-934d-b5bfb211f024", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.334113Z", "modified": "2026-06-02T15:57:35.334113Z", "relationship_type": "indicates", "source_ref": "indicator--52b54fe1-718f-4a76-bc8d-a9d48270e924", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--39bcbaba-1980-4271-b353-30cd9a6c2dac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.335321Z", "modified": "2026-06-02T15:57:35.335321Z", "relationship_type": "indicates", "source_ref": "indicator--87eff9c9-8d72-4714-baf9-c4c0d2c7b3b3", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--811ff14b-87b5-4250-83a6-40aaf86d8cb1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.336363Z", "modified": "2026-06-02T15:57:35.336363Z", "relationship_type": "indicates", "source_ref": "indicator--a13a9ef0-900c-4998-bbab-7e7735d66387", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f77ce733-4153-4ea6-b31b-24beb34311f9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.337373Z", "modified": "2026-06-02T15:57:35.337373Z", "relationship_type": "indicates", "source_ref": "indicator--99954ff5-edad-4eaa-80f5-a4f2ec6dbb83", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--003f7d7c-7fe1-412f-90a0-5adfc10e44c2", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.338378Z", "modified": "2026-06-02T15:57:35.338378Z", "relationship_type": "indicates", "source_ref": "indicator--2f857ee8-5ecd-41d3-9655-c99ecf4a0c27", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ba7e9b3a-168b-49f9-bf3f-48f03829e5fb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.340798Z", "modified": "2026-06-02T15:57:35.340798Z", "relationship_type": "indicates", "source_ref": "indicator--5446679b-9f85-40a4-82a3-41878b856c21", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b6f6af79-3a7c-4e8a-bbfc-1babef4ac925", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.342041Z", "modified": "2026-06-02T15:57:35.342041Z", "relationship_type": "indicates", "source_ref": "indicator--e809be5e-6dc1-4a87-bfa2-2045ed2b2c69", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--572dd252-ca29-44aa-827c-693f2efc5ba7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.34308Z", "modified": "2026-06-02T15:57:35.34308Z", "relationship_type": "indicates", "source_ref": "indicator--e5d41c96-a3cc-45d2-b675-6c083b74a31b", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e2a724ee-0527-4215-9a3e-4e6714c77435", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.344295Z", "modified": "2026-06-02T15:57:35.344295Z", "relationship_type": "indicates", "source_ref": "indicator--1a80bdd6-1173-4861-980a-13a383fb3164", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--669efbed-b50d-47c7-8caa-a043c16defa8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.345317Z", "modified": "2026-06-02T15:57:35.345317Z", "relationship_type": "indicates", "source_ref": "indicator--92934abe-06d9-40f8-b5b0-fa1541917202", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a270bb9c-437c-4547-ae44-dfff3eee01c5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.346321Z", "modified": "2026-06-02T15:57:35.346321Z", "relationship_type": "indicates", "source_ref": "indicator--d241d63b-d388-4b16-be59-96eb6f984ef9", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e4e96fd5-0831-4b00-8f7b-5e23aedf8a21", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.347338Z", "modified": "2026-06-02T15:57:35.347338Z", "relationship_type": "indicates", "source_ref": "indicator--814764b8-9db0-4fcd-a52d-c32bfa2180aa", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--201e89e4-da5f-40ef-a966-d08fc4c176f7", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.348352Z", "modified": "2026-06-02T15:57:35.348352Z", "relationship_type": "indicates", "source_ref": "indicator--1f22277b-2582-46b5-85a3-bec6161796fc", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--3697284e-7e7d-402a-afc1-f1bb60b0ce64", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.349351Z", "modified": "2026-06-02T15:57:35.349351Z", "relationship_type": "indicates", "source_ref": "indicator--887ab44f-9e80-4ec7-8f60-8ae6c289a666", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--0e8d92d0-8531-4a7a-a21c-6213f104a820", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.350384Z", "modified": "2026-06-02T15:57:35.350384Z", "relationship_type": "indicates", "source_ref": "indicator--bd13a3ea-3f1c-4456-af14-ed6156a69450", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--59f678cb-5b45-447f-bfec-f51fc7253447", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.351542Z", "modified": "2026-06-02T15:57:35.351542Z", "relationship_type": "indicates", "source_ref": "indicator--f7399ae9-64ad-41a0-8e48-e87bc723acae", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5126b973-ce51-47fb-98df-d72914a28b55", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.352567Z", "modified": "2026-06-02T15:57:35.352567Z", "relationship_type": "indicates", "source_ref": "indicator--e21feb9a-4fa5-4a3f-86cd-4cd0abd588dd", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--eec87ede-ac5a-42eb-ad94-c840b2ac92ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.353569Z", "modified": "2026-06-02T15:57:35.353569Z", "relationship_type": "indicates", "source_ref": "indicator--2f24aa36-9bef-4c54-b6e2-33d2eca48891", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c6603d47-5b92-4ac0-810a-7596e71a6668", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.354569Z", "modified": "2026-06-02T15:57:35.354569Z", "relationship_type": "indicates", "source_ref": "indicator--5e881208-3678-4524-9007-74c84c4f6c07", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e6d20790-e1a7-4b1d-b954-b91b670dd50c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.355579Z", "modified": "2026-06-02T15:57:35.355579Z", "relationship_type": "indicates", "source_ref": "indicator--ca6f43f0-0838-4497-a17e-a858a4271b8c", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7fb5700f-bcb2-4ed2-8d79-3fa6d1d51506", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.356606Z", "modified": "2026-06-02T15:57:35.356606Z", "relationship_type": "indicates", "source_ref": "indicator--37565e3b-7f4c-43f0-bbc7-b25d024d0a2c", "target_ref": "malware--a06184f1-eb8d-4cdc-a998-82567090d293"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d512f2bb-c1d6-469b-b962-4661416365d0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.357619Z", "modified": "2026-06-02T15:57:35.357619Z", "relationship_type": "indicates", "source_ref": "indicator--b4427bf7-0de0-4c1a-b5b1-11ad5ae342d0", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--6241bc00-604f-4f12-8b0e-5634c1a69289", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.358777Z", "modified": "2026-06-02T15:57:35.358777Z", "relationship_type": "indicates", "source_ref": "indicator--072ae9dc-eeaf-4110-aa85-723c31514ec7", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1ed0b202-5690-455a-a239-48b9e30a48a0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.359823Z", "modified": "2026-06-02T15:57:35.359823Z", "relationship_type": "indicates", "source_ref": "indicator--065b0362-fa3d-438f-9d36-17c3e93fd659", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ddbf32aa-e138-4f10-9ad8-e6a43131663a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.360832Z", "modified": "2026-06-02T15:57:35.360832Z", "relationship_type": "indicates", "source_ref": "indicator--36c1ee3a-6ba5-4916-bf48-21c67650f3de", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--cac005e8-25cb-45b3-b993-46b5733869fc", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.361835Z", "modified": "2026-06-02T15:57:35.361835Z", "relationship_type": "indicates", "source_ref": "indicator--5194cf94-4343-4b7f-ab86-3b036dd4c82c", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--b77a699d-cabb-47d2-b27f-a07b97427ddd", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.362841Z", "modified": "2026-06-02T15:57:35.362841Z", "relationship_type": "indicates", "source_ref": "indicator--63df3056-835e-45f6-9089-bbfdf19fcc84", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--094545c9-1ecd-449a-aa37-cf85776623c4", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.363859Z", "modified": "2026-06-02T15:57:35.363859Z", "relationship_type": "indicates", "source_ref": "indicator--60ea6e8a-5453-4def-a3aa-b926855d965a", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--71496b06-7971-4e63-bc24-5a4a68d1073d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.364861Z", "modified": "2026-06-02T15:57:35.364861Z", "relationship_type": "indicates", "source_ref": "indicator--cf65e111-ea60-4f07-bdcb-ccc9104fcf17", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--1c09b7a4-4390-409d-bd7c-ca55ec60e9f0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.366002Z", "modified": "2026-06-02T15:57:35.366002Z", "relationship_type": "indicates", "source_ref": "indicator--f6a73482-7c08-47a6-b7d2-45dfc776d3e5", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2540423d-d215-422b-9975-5ab821547407", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.367018Z", "modified": "2026-06-02T15:57:35.367018Z", "relationship_type": "indicates", "source_ref": "indicator--18f023d3-7fd7-4ce9-95b3-0b61aac593fc", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--93f46692-86da-4edb-9de6-900e57c7b1e1", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.368038Z", "modified": "2026-06-02T15:57:35.368038Z", "relationship_type": "indicates", "source_ref": "indicator--7ff2854a-b865-4910-b49e-ca2cb8bae534", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c35f8d9f-620d-4dcc-bd74-3981266de9eb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.369041Z", "modified": "2026-06-02T15:57:35.369041Z", "relationship_type": "indicates", "source_ref": "indicator--6685bfeb-59c8-4a55-9028-807b4958201f", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7167cf1a-73b0-4de5-870f-e1b975351035", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.370047Z", "modified": "2026-06-02T15:57:35.370047Z", "relationship_type": "indicates", "source_ref": "indicator--e1160c30-e922-4c3c-baec-dabdbdcc451e", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--57118793-55c6-4ca9-a26c-d069563f23ec", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.371052Z", "modified": "2026-06-02T15:57:35.371052Z", "relationship_type": "indicates", "source_ref": "indicator--1069a341-311f-421e-8a47-b3b7f215f0d8", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7b91e692-8179-43ae-9117-2ac754cce664", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.372068Z", "modified": "2026-06-02T15:57:35.372068Z", "relationship_type": "indicates", "source_ref": "indicator--be900820-e4cd-47a7-afa5-6e6bd27671f6", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--9928a863-da46-4f4c-8f0e-2172b184df5a", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.373207Z", "modified": "2026-06-02T15:57:35.373207Z", "relationship_type": "indicates", "source_ref": "indicator--1df1f40f-6d00-45ce-b4eb-0b3c4023598b", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d0f9343f-b695-43e1-9434-a8d417d2b33d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.374224Z", "modified": "2026-06-02T15:57:35.374224Z", "relationship_type": "indicates", "source_ref": "indicator--ec12cb37-d177-49f7-9fb8-3f6e84c6180f", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--97e25c77-fd2e-46d0-8a80-a2c997a3a426", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.375243Z", "modified": "2026-06-02T15:57:35.375243Z", "relationship_type": "indicates", "source_ref": "indicator--1d5f3299-a654-48d4-b17a-50c89980552a", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--a45efdd7-1929-44cf-8453-cf5827a45e8f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.376247Z", "modified": "2026-06-02T15:57:35.376247Z", "relationship_type": "indicates", "source_ref": "indicator--12867efa-c20a-44b7-aadb-051c132ae63f", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--96ea0b2b-b87c-4cf1-8c13-92b0319f3707", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.377257Z", "modified": "2026-06-02T15:57:35.377257Z", "relationship_type": "indicates", "source_ref": "indicator--83ff80b6-ffb2-482c-85f1-172417e88c2c", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--5c7ff515-b118-4eb2-b980-a762a787d336", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.378255Z", "modified": "2026-06-02T15:57:35.378255Z", "relationship_type": "indicates", "source_ref": "indicator--4e0badd7-668a-4db8-8f4c-2319ed8e5c51", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fbf27887-3a72-4192-b238-0f4e424f7b68", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.379276Z", "modified": "2026-06-02T15:57:35.379276Z", "relationship_type": "indicates", "source_ref": "indicator--4d301704-7648-43c0-be3e-51608a0e5ede", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--2d58e259-4b28-4e83-8f7a-3b48db8df7f9", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.380438Z", "modified": "2026-06-02T15:57:35.380438Z", "relationship_type": "indicates", "source_ref": "indicator--4236cf55-5d03-49b9-b3a1-208f6bc5c47d", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--4f467efe-2f4b-443c-82d5-eb63f575507c", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.38146Z", "modified": "2026-06-02T15:57:35.38146Z", "relationship_type": "indicates", "source_ref": "indicator--654bba46-fad2-4590-a58d-1d24724d7e0f", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--41443f50-37f1-4d63-a655-3ae6afc09520", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.382461Z", "modified": "2026-06-02T15:57:35.382461Z", "relationship_type": "indicates", "source_ref": "indicator--36042ee2-6995-4f42-9d22-d20619b7c22d", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--e0dd5ded-33b2-4cc6-9b73-43420db2fdfb", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.383479Z", "modified": "2026-06-02T15:57:35.383479Z", "relationship_type": "indicates", "source_ref": "indicator--75ac22f9-be4f-4fc5-a820-26c84794f970", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--c81a76a6-7b95-4264-bf03-559157ea8c60", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.384493Z", "modified": "2026-06-02T15:57:35.384493Z", "relationship_type": "indicates", "source_ref": "indicator--78dd25fd-b60a-4aa0-8028-3090ccb7f75b", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d356b9eb-fe87-4b54-bc76-31ed3a539f85", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.385495Z", "modified": "2026-06-02T15:57:35.385495Z", "relationship_type": "indicates", "source_ref": "indicator--d8b99516-2419-4da7-afed-114abc431775", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--67a4a757-8a1f-4547-9189-88856e3c74fa", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.386492Z", "modified": "2026-06-02T15:57:35.386492Z", "relationship_type": "indicates", "source_ref": "indicator--ee1d9899-554c-4a89-a987-9c1df102e59d", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7325ee55-73b1-4abb-8be4-6e3ba2e2698b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.388482Z", "modified": "2026-06-02T15:57:35.388482Z", "relationship_type": "indicates", "source_ref": "indicator--e128f2b1-b0ec-4cf2-9440-e2ebad57dacd", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--8c79d74e-7d56-4ad0-a291-76fd3d88c05d", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.389614Z", "modified": "2026-06-02T15:57:35.389614Z", "relationship_type": "indicates", "source_ref": "indicator--49948d33-0268-4e78-b7b6-837bdaec73b2", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d54bd7fa-ef7e-47cc-937c-d8222fc9805b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.390646Z", "modified": "2026-06-02T15:57:35.390646Z", "relationship_type": "indicates", "source_ref": "indicator--57cd4502-e5a1-461b-8d96-374ce6ab6a5a", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--12f20d62-9702-41dd-8f6e-ddd06f78f8b5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.391672Z", "modified": "2026-06-02T15:57:35.391672Z", "relationship_type": "indicates", "source_ref": "indicator--57f06c97-8301-481e-90a5-3e5b1a2a34a4", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--fb2fb8f8-0056-4b37-865f-53826a03d32e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.392679Z", "modified": "2026-06-02T15:57:35.392679Z", "relationship_type": "indicates", "source_ref": "indicator--50f5b839-3e87-4d15-b27c-48ae7a4ac085", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--049869f2-30ef-4131-a302-799f368d5a4e", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.39368Z", "modified": "2026-06-02T15:57:35.39368Z", "relationship_type": "indicates", "source_ref": "indicator--c77b4e4d-1197-4739-9af2-c23a319784ee", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--06f67ff8-1d4a-4015-ba1b-152c4abba86f", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.394695Z", "modified": "2026-06-02T15:57:35.394695Z", "relationship_type": "indicates", "source_ref": "indicator--8854079d-066d-41ee-a3c8-621959057fb8", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--48aded01-6961-4d20-adeb-97052cf678d0", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.395862Z", "modified": "2026-06-02T15:57:35.395862Z", "relationship_type": "indicates", "source_ref": "indicator--2d401f63-bc37-4e7a-b907-7f1f7373dfcf", "target_ref": "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--27224b1e-cdfc-4e61-8129-d7ae6b5061ac", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.396883Z", "modified": "2026-06-02T15:57:35.396883Z", "relationship_type": "indicates", "source_ref": "indicator--01582fce-87b7-45c4-a4ab-6af9c56579d3", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--d815f7f0-e2f8-4912-8ed8-c21217bba5c8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.397886Z", "modified": "2026-06-02T15:57:35.397886Z", "relationship_type": "indicates", "source_ref": "indicator--495b8e5d-c29b-4a4c-aa66-3cee5ea897ce", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7e2d01a9-c3f6-4277-ad53-c0124ba060e8", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.398901Z", "modified": "2026-06-02T15:57:35.398901Z", "relationship_type": "indicates", "source_ref": "indicator--9cf06050-6186-4298-a4a6-e5c5096b3203", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--f7afbb52-2240-49ae-ada2-ae8db9c35af5", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.399922Z", "modified": "2026-06-02T15:57:35.399922Z", "relationship_type": "indicates", "source_ref": "indicator--a8993134-f3c4-4d29-8170-1b2b83508356", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--ef3dca6a-b95d-4df5-8ed5-fac951ad9049", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.400944Z", "modified": "2026-06-02T15:57:35.400944Z", "relationship_type": "indicates", "source_ref": "indicator--4bcc54d3-3cbb-4173-8fc9-f928e191fbc6", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--7c845a82-d8e4-4ec3-9a46-84f26a29ae58", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.401941Z", "modified": "2026-06-02T15:57:35.401941Z", "relationship_type": "indicates", "source_ref": "indicator--5b38acd2-a586-4bec-b5fe-62518cbe6b94", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--472c5492-8262-41da-8822-39bc385e9881", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.403083Z", "modified": "2026-06-02T15:57:35.403083Z", "relationship_type": "indicates", "source_ref": "indicator--4d616274-8cf6-439e-92b2-3e53eeda42b4", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--65cc1436-ef40-43b6-8e24-31ac8c7ac054", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.404113Z", "modified": "2026-06-02T15:57:35.404113Z", "relationship_type": "indicates", "source_ref": "indicator--b3354c76-98b2-4fd9-b743-ab336b54de7c", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--effad57d-b9d1-4bd6-89f1-688f4289938b", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.405149Z", "modified": "2026-06-02T15:57:35.405149Z", "relationship_type": "indicates", "source_ref": "indicator--5b0065f1-3a45-4220-af61-148b952f8176", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "relationship", "spec_version": "2.1", "id": "relationship--72cc1cef-be48-4992-9db4-ecc12e87a586", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.406165Z", "modified": "2026-06-02T15:57:35.406165Z", "relationship_type": "indicates", "source_ref": "indicator--bc0ad9b0-7211-4ef7-93fc-bc9d37f5c546", "target_ref": "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685"}, {"type": "report", "spec_version": "2.1", "id": "report--567ac5fd-9622-45ce-880f-233d7d970627", "created_by_ref": "identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "created": "2026-06-02T15:57:35.416012Z", "modified": "2026-06-02T15:57:35.416012Z", "name": "Malicious Chrome Extension IOC Database", "description": "Community-maintained list of 2701 malicious Chrome and Edge browser extension indicators of compromise across 43 campaigns. Generated from https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids", "published": "2026-06-02T15:57:35.406494Z", "object_refs": ["identity--fb755bab-504a-4e26-b7a5-c8e1114ff670", "malware--c29b8fa9-cb8f-4be0-adc8-2ee66d8155fb", "malware--060b902b-705c-41b4-b41e-c4a416d45118", "malware--5e10ac4e-e0f0-436e-b825-a5170bdb62e9", "malware--a75be05d-cd3c-4fe3-97f4-67ab6695b01b", "malware--ca65381a-a1b4-47a9-8038-d42907522589", "malware--46cb3be0-6e0c-4a50-a195-4cd95628745d", "malware--e7e4a457-8c36-4541-b068-29e0b2a67c38", "malware--9c431e34-bd5c-4385-a893-98dfe373cf1c", "malware--499903e6-888d-4d8d-9549-8c43f6753805", "malware--c9d73e8d-b061-4303-a54e-ff06577d5303", "malware--311e3b9a-a699-4e99-92bd-0315ae109b2d", "malware--4f20ea30-34d4-409e-a474-20b75c276fa4", "malware--256c8f86-0f4e-450f-a1dc-c2bec1e289bf", "malware--d48cf830-bda5-4c8c-9c80-c3ecbbefb99d", "malware--033f848f-700e-4c4f-af76-e802eaf69b5e", "malware--08233d9f-925d-4150-8de5-5117a0118a00", "malware--af7f4cf8-351b-419a-b693-c30cebdb73de", "malware--1f15d1df-83bb-40fc-886f-481572848476", "malware--7ec6ead0-df30-4c4c-9627-068538985824", "malware--51692bc1-8bf5-4bda-89c2-471e2f6f5ff2", "malware--6f810cdb-9dde-440c-ab1a-8cba76f94159", "malware--1a3b2cb3-4242-44fd-8a51-2cc2a8999190", "malware--98837265-0f98-4152-bb0a-fec841286748", "malware--ecff6113-77ee-4d3e-9636-118a0f995fc2", "malware--15211aa2-69b0-4854-a89f-1a70cb5cf1fd", "malware--1a75a2e3-6683-48ab-932f-ca091c82b6c6", "malware--dc9ea46b-b274-4038-99fd-c61319e96162", "malware--e276c33d-8078-4c1a-a70f-570644328914", "malware--38103490-5fc4-4c54-96df-f98dd6bbf562", "malware--e85e9338-8f17-44d7-a0c7-cf53f08279e7", "malware--932f69b6-3705-4b66-8d2c-d641ed54972b", "malware--c6518335-eeaf-44ff-a7c3-708f638f99bb", "malware--3e32a746-53d1-4e22-8134-da6d47b1945b", "malware--a5b20a32-d44e-484a-9dfe-f48f66f3b1e4", "malware--7c1a1e38-e78a-455f-be97-baedc4781596", "malware--339c3bfb-7658-4812-b20e-7a366b67e97c", "malware--8844a8fc-39a8-47b6-a7e7-a547bb298c48", "malware--9e6b58b6-8a0c-4eb2-b639-ebd16722eeaf", "malware--744c4cab-28c2-4214-af55-1ac117bbe58f", "malware--fd1fe44f-7eeb-4e9c-9024-9b480cfc75cb", "malware--d3a39dc4-aa3a-4775-b35e-435f9634a10f", "malware--3ab66551-7f9e-47c5-8fa8-d091b6995685", "malware--a06184f1-eb8d-4cdc-a998-82567090d293", "indicator--d1cf1ee4-9953-4d18-9e7a-4419f231cbe8", "indicator--7e4cb1f2-b98c-4f5c-b023-db6662d0613e", "indicator--14a9da13-a2e1-4d22-a1a7-5da5de39689c", "indicator--72cb94c6-01ac-4573-aac5-d02948c4fcde", "indicator--e4439165-3f80-4bbc-8270-36e30d2e3e29", "indicator--a27a8d93-05f2-4ff6-ab0a-26d6788f2421", "indicator--8f780067-6881-4c1e-ac1b-08f201434bff", "indicator--d625d11c-1625-4724-b916-7e0edd9f8913", "indicator--2e55acbd-d576-4d56-9e8f-5d293adc0f27", "indicator--ebb88e00-eb11-467e-8a28-d1c791af899e", "indicator--e73943c6-bde1-4d3d-868e-c690f074a7e4", "indicator--ac1d854a-38f1-4df8-8a3c-335bf4f9c732", "indicator--1b7b2530-f53a-47ca-81cb-21ed946d97e3", "indicator--3dd72257-9eb1-40d8-8603-8f2ef183b191", "indicator--56f0c4da-d1ec-413d-be18-62e0cdeaedcd", "indicator--6a16b873-350b-4f49-9c86-e3736ed9ef9b", "indicator--0ca2da1f-6b31-43d7-8d0c-0cd8dacca43a", "indicator--586761c2-d55c-4d48-9ab5-ab5b82150356", "indicator--eb38a18e-a904-4824-8cb3-983f038e472e", "indicator--fa3f1f1d-6ed9-4665-afc4-932e5ee818d6", "indicator--35d35351-3b5c-4589-a197-fafb4e136085", "indicator--2de4358e-59f8-4653-bec8-ab8fc583a94e", "indicator--ffc0aac1-bd4c-46e2-acee-a5cf67fa6875", "indicator--4dfa900c-d430-437b-b86d-7c2dd5b2b12f", "indicator--1dfce761-e890-4a64-a633-58bc496349e6", "indicator--61ba1bba-006d-4f9d-9f06-b3c1d3f9ff14", "indicator--093136b2-d4bd-4176-aab7-b62ade152dad", "indicator--4c4523b4-caf0-4bf3-9c07-6f0269fc8bb3", "indicator--f2d9bacf-478a-47dd-b4e1-dab5bde3b9f1", "indicator--09580681-7bd8-4a83-9dd7-2caecd74c67f", "indicator--3af8b0c1-2669-4cd7-868c-f9660205dccc", "indicator--b8cc34ab-758d-40cb-a499-ca442e857de0", "indicator--c2deaf65-5edb-460e-ad73-693fb51c31bb", "indicator--a107eb29-b7f0-4ca0-82ae-a87113268049", "indicator--d5ba5a65-6dcf-43ee-9278-6cdf9a807f79", "indicator--4dc586ba-6514-4592-b678-08e14e071a6f", "indicator--ed3f52e7-e50d-4989-bb56-cab6bcf46a08", "indicator--7df01931-ab10-4ad1-a839-5a95cbb567cf", "indicator--fe918439-2c85-44c2-9f2f-558142d62c4a", "indicator--30ab8087-f6ab-4307-a0f9-4f6c8efe6f57", "indicator--35ee779c-bc56-49fa-9272-e140e9df11f8", "indicator--cdce8581-5856-4b47-95b4-a748f51df994", "indicator--58d5fbb6-3e2f-46b8-8f5b-7a5e59d63d7e", "indicator--efa81e39-ef8e-47c8-b121-5a27cdf4a934", "indicator--4c66e113-202d-49a4-87ad-f67ef1f887b9", "indicator--6b22e520-fd49-44ba-80e1-6a78faf1cd22", "indicator--b8e743cf-b13c-4944-a899-ab1efccd7a92", "indicator--2f9971ac-f3a1-4da7-b207-4f2d6cba2e11", "indicator--f432787c-cab9-4b73-94ff-fda950576146", "indicator--093553bc-bcd0-4117-b278-2bc6e7fb4ab9", "indicator--def76cd5-c07d-49ae-9e59-e712680e5bc1", "indicator--f7df439c-ddaf-4b3b-84cf-d75e7ff8a459", "indicator--429d9c7d-fa8b-455c-9843-3c737b8e02a8", "indicator--075b6898-91d5-483d-9a84-012e7a96155c", "indicator--dfc48089-4790-4fc6-a80d-a0328523887d", "indicator--72c076ee-fa7e-4262-b23f-41d76d2a6059", "indicator--bba0b6fd-d50f-44a9-b07a-f71c216e42be", "indicator--a7757e68-6be1-44f9-aa01-d51ad02a984c", "indicator--9059221b-3caf-4246-9783-ada39524e0c4", "indicator--4353746c-79ac-451a-9cd6-7189fab20501", "indicator--ca5a1c66-f581-4fee-9580-19645601e645", "indicator--8c59d02f-f374-4af7-8854-60c842b25a59", "indicator--99e4b9d8-7a5e-4cc6-9f7e-faf5a6596fd8", "indicator--b7597fb6-3f2b-4d01-a660-0f587137f22f", "indicator--f70937f1-e995-4e88-9bde-21b6f457162a", "indicator--ba45f874-28a3-451d-a7fa-5854374c849c", "indicator--533a67cd-3da8-4514-83c7-5f5e778a2d41", "indicator--6d47557b-6349-4819-90a9-e4ea58f47205", "indicator--fa0e98c6-dbfd-4618-86f3-f004d6173a8a", "indicator--8eed9bca-7e78-4870-a63a-5976910a603e", "indicator--fa0f122b-c139-4764-bffe-08ff3eaa8b15", "indicator--6133fd68-9365-4b17-9fc6-1c7241c9d66f", "indicator--7c9ab1d5-96e6-452a-9b22-edc41fdcaca1", "indicator--29499375-9dd0-4f3d-ae82-9d4a24432072", "indicator--6c38ae7b-c855-4859-ac9a-408834c7bf62", "indicator--fb6790fb-c175-4b7a-b99b-5ca07252e0a1", "indicator--fcd9a027-494e-4f41-b609-73a159623a0a", "indicator--c581e43f-e722-411e-a5a3-ccebf854b863", "indicator--54c15b2b-32cc-4ef9-9e16-2110817b34db", "indicator--1ee3e774-dfdd-4d6c-b5e2-3d324a33f055", "indicator--22d6940d-c1fe-4f84-adfc-858c6ebd8dc0", "indicator--1ec3baaa-2607-4077-b956-7f80b79bd3d5", "indicator--80a87285-c037-4d76-bccd-87c8793ef7fd", "indicator--6776fff1-4fc8-4cec-8de0-d8ec10903c2a", "indicator--add1374c-0454-4b8d-9d20-dec10dd45975", "indicator--d3b89f1d-98ea-4d6a-936e-231d2b8de129", "indicator--216ab328-79db-44c8-bafe-07bb99ddc065", "indicator--02f552e1-66b4-4e55-88ae-9bfcba76d3d7", "indicator--073e1f0f-f30a-4bce-825e-41bf05b4a960", "indicator--864e7f93-4152-47a9-ab1e-85cb3f207ae6", "indicator--7b1edc97-5bd9-42b6-96c6-695d130219ee", "indicator--6eb5512d-1b9b-4179-a018-20af5a1eb38c", "indicator--73cc64ec-c4db-46ec-85ef-334a4fdcc117", "indicator--fbe5463e-c3b8-4a39-a587-e19cd5ec46db", "indicator--4a05b664-57ae-47e4-8c40-04e7cf07654b", "indicator--3cd5584c-1bd8-46c5-88a1-ce609dc11f4f", "indicator--8da10e8c-d2f2-4f88-bf41-185ff446bf75", "indicator--465a13df-faa9-4622-8f0f-77efb1d9c44f", "indicator--7909f14c-2de0-4c43-98ad-54e80423f32a", "indicator--e20d06f3-991c-42a0-98e1-9e0ecb30c6f7", "indicator--dfad3269-0b31-43ca-b950-11581a5b4e52", "indicator--393e7134-9e5f-49c0-8555-a77965c6a339", "indicator--9d2c38d4-2e1a-46b9-84ea-315132e37d41", "indicator--57f71e19-5ab0-424c-abee-d1f84e40f558", "indicator--deb5d00c-17b7-4474-820d-12df29c97338", "indicator--8068c964-4eac-47e2-a0f9-7506b5059301", "indicator--1506e42c-b0d2-4a8f-b5b4-d55c42ca8bf1", "indicator--bf1d3949-7b00-4e56-8dce-655d46d87c0e", "indicator--bcd40c57-9877-49b4-923e-f1235815e220", "indicator--40044138-a69b-4565-9f43-026aec2238af", "indicator--6b253cf7-2767-4fe6-8a80-eb758df1c2be", "indicator--f82b8b6f-ed97-405a-b2ae-fbdbcc6f60a0", "indicator--1d9374b4-0ec2-4307-9bae-5d56cf14904e", "indicator--c1379723-852d-4494-a586-2cd069053110", "indicator--6754d83b-6409-4961-80c2-73c6f9eda18f", "indicator--be22b090-3734-4fe2-b89c-62822e5aca40", "indicator--441d26f7-4ee7-4183-a73f-2069b19366a7", "indicator--09eb9bcf-191b-4469-8990-d6865395a7b9", "indicator--a324157b-8b36-44b7-be61-a9e64896b9f0", "indicator--dacc1975-75e3-430c-8113-d27ec5b5cae8", "indicator--57f14619-b3d5-4cbd-9bca-9c0c2b27e933", "indicator--64d49d34-f2c3-47cf-a9ca-166f66eba368", "indicator--d3a12c1f-0fb6-43e8-9d0a-2301ecaeb45b", "indicator--ae0057be-c21f-4024-b22b-b91e2a31c89a", "indicator--2e485f6b-2677-461a-9d6c-916fb0b908f3", "indicator--5bf47651-dbd4-4494-a8d4-6b8a825eee2a", "indicator--d3096373-2de5-4caf-ae77-6b290935c6cf", "indicator--7bab2f44-6ed6-4334-882a-d14896b5659a", "indicator--18daf97b-0d8d-4aa1-9ecf-2414573f864a", "indicator--4c443976-0989-4c78-be79-38135b249033", "indicator--7bf12a0a-87f7-4a4d-8511-4f6ac08a4b46", "indicator--18506a1f-c0cd-4986-9c0a-3c50595809ac", "indicator--1ad1cf59-2e16-477f-901e-88bb2ed43552", "indicator--41258603-f48f-4fe9-984e-328cd337aa1c", "indicator--4f8362cf-5a60-413a-add5-00b0400a6b11", "indicator--6ac2fa05-126f-40e6-b051-c4e91b7fe6ff", "indicator--47ef35df-3075-435f-b778-ade7813bd333", "indicator--c3655a2c-0dfb-4e36-bf58-6d87e680c718", "indicator--5724b971-9196-4345-b531-815b1832b1e1", "indicator--a126e23c-ccf3-49c8-b953-b8ffb5814fd7", "indicator--e1916ce3-0673-4aeb-a0ac-069246f38c63", "indicator--daf7a934-1969-428a-b392-d4180e3d96f4", "indicator--35f245aa-76b1-4ddc-b11e-9ed595ccee17", "indicator--2844b473-c674-4601-92b1-9d0b8977ed63", "indicator--fdf4d1b0-8a31-4d7c-853e-179e9b2e04d9", "indicator--1d63e293-b35d-4b04-8728-cc914941d6f3", "indicator--df2b68da-9157-4a41-926f-19f91cc95aa7", "indicator--b40e7350-1534-4fd9-844b-2e227fe15998", "indicator--b5e52b97-93f5-4048-8f3a-fb3f179ca018", "indicator--978676c9-cd96-4c4b-995a-6393e17e3631", "indicator--f9fe5084-789f-4e96-ac1f-2ada324bcff1", "indicator--7bf9a1c2-bf6c-42c8-b61f-20e34b601110", "indicator--08087502-0352-4486-b86d-41b77fa644eb", "indicator--d081e781-4c3c-4a1c-869d-81e63a861024", "indicator--8239a7f8-c880-43c9-b8bd-ae4b5e46d86b", "indicator--3dde732f-c454-4e08-9c05-2ebeff6f0860", "indicator--b8e309d3-c964-4d3a-8184-a16141667724", "indicator--da01ad8f-4bb1-4e36-8e25-af5e6a057300", "indicator--d89f0ccc-79ed-406b-96eb-c7c7e4cb2e6e", "indicator--f8995c9f-1520-4a5f-b761-15508bc872c4", "indicator--19143a6f-7865-49be-9b2f-6129c256b035", "indicator--844660d7-d82c-4b72-aa78-ab7cca49d74d", "indicator--37809b22-5327-4306-9a23-63169b19661e", "indicator--8c511abf-4f92-448f-b8b8-20c9a33beea7", "indicator--bb7ca7c2-3845-40da-a8ab-af003f434858", "indicator--8368f5de-4804-45f6-b309-35c111436ed4", "indicator--2823e92c-5312-4b8a-a348-92086a57d084", "indicator--08a83477-b6ed-4522-ac34-bc15b38a33fa", "indicator--1694c70c-d4b0-459c-ab3c-fc9ae3cd0a58", "indicator--aff83377-239e-4d9d-9197-c051e4cbc0dd", "indicator--e635cbf3-5428-425c-a643-2ed3d9c350bc", "indicator--85ff7715-36bc-4134-9757-3319c36cb848", "indicator--926264ec-5696-46e1-9561-6d595b28cdff", "indicator--fe0d6b2c-1faf-4908-9248-2342d11621b6", "indicator--8052e485-9b72-417c-988d-63a312326f8b", "indicator--68935938-5ba9-4763-890a-276fdf58554c", "indicator--3b9f2a59-1a04-45c3-bfb8-b10b46c5ef9e", "indicator--82352e29-9362-4134-8154-62021fb46e22", "indicator--fd7abb99-0d05-42cd-81ad-50591802660a", "indicator--0b5cff67-4e2b-4b78-ad2b-68312f4ba276", "indicator--2d3d6fb7-f487-46b9-9f58-e373e889fb6f", "indicator--1bee2305-d7de-49e0-a80e-3d10869f80fd", "indicator--564e6dc5-40ed-472b-9796-402eb3fc7386", "indicator--e2a4d4d0-6874-4c9c-beab-4cab3e031bdc", "indicator--83596aed-b5e6-4440-881f-04299af9e301", "indicator--0456584d-4be2-428f-83df-bc619ea82e79", "indicator--87bcc404-42d7-4bab-a4a9-4aa4d64dad17", "indicator--60e1e100-dbee-4a65-b148-cda22acd6890", "indicator--ecb1fab8-179a-434d-8a52-626fb2765cfd", "indicator--fe4cfff6-2612-4032-ab54-12fcc40a7b05", "indicator--f675efe0-7e9b-4431-bcd4-4605674cbb55", "indicator--df7cd161-42fc-4160-be20-f8bc367c16fd", "indicator--4a5b5d34-8e2c-4ec2-9139-c131bc5f3990", "indicator--e968edf2-d0c8-47bd-bdde-f38aa3c3ca9f", "indicator--8043595d-5fa4-4365-9110-9c1b35419b07", "indicator--54f423a5-9c3a-44a9-93f9-d231cb8be056", "indicator--0ae8c1c8-1d9e-4a8e-9826-9eb4b194a577", "indicator--f3e7bfaf-7887-46d5-82c6-d4e5b07f4351", "indicator--b910ef08-4165-41b6-8827-79c00207bc24", "indicator--9ff6e5c1-9504-48c7-b560-3bec5149722c", "indicator--4dfd87e3-01be-45a3-a408-d968d5192545", "indicator--b490049a-2cc8-4c89-be2a-01fb5b47eab7", "indicator--e9b32950-7cb9-4b9c-a4cb-ed69aab41fc6", "indicator--b724c972-4212-4586-bec9-db61d2d99a28", "indicator--523a571c-bd1c-46ad-a501-55de57498b5c", "indicator--b8974b93-e598-421a-a13c-857156c0a21c", "indicator--a8b04ff3-898a-4be5-9225-4a991eeda8bc", "indicator--24f4599b-66ed-4124-846f-a938aab8fe9a", "indicator--83f563b6-eff2-4483-896b-19c4e7da2b59", "indicator--b857a320-c774-4702-a3f3-f3ed4294b30f", "indicator--363d6bb3-c4b8-49ed-80ef-e7f6ed65d293", "indicator--7d9c53ef-7820-4b3c-ab74-7cf5c0d35f81", "indicator--541648ae-1a56-48d3-b835-05c961a6b6a8", "indicator--622620e5-fe36-47df-9238-cdb3fdeb6d89", "indicator--ff63644c-63ca-4735-b3d6-46eb54191348", "indicator--9e617b22-8de6-47d7-b083-0612f5487548", "indicator--9f41ae35-e6af-4fe5-8ac4-3c3e5aea59eb", "indicator--b6b0259d-7dec-4a6f-b5a1-532ffc01ac58", "indicator--8d39ee28-29a4-49b9-b44a-7d914c67a255", "indicator--f3e8fd84-805e-43bd-b063-1eb890d81804", "indicator--1cdd8f7d-f322-4309-81ad-28d0e7e05660", "indicator--bd5bf159-8a57-4892-9af2-3b91cf94524b", "indicator--a0e8fee1-56ca-4d96-b399-dc4d00c45014", "indicator--99b6cd29-aefa-4937-b1d6-da43d2b1757e", "indicator--70ff7051-122f-4234-a4fa-65a2dc7e45cb", "indicator--4b16d2b5-3e11-4cce-a2ab-64a4db744abe", "indicator--14bf04bb-0516-4158-8588-4d4a3d179e60", "indicator--97cd58c7-1da2-4b24-a96c-7943593652dd", "indicator--b6c1210d-ba97-4b82-95cf-628090a4c7bd", "indicator--ddc5ff0c-c3c7-4e59-be1b-6fa8111abcbb", "indicator--12af13e8-df7b-4156-8bc9-ea8824c25e18", "indicator--7bc6a366-0c82-41f9-acc7-2ca1e06826e4", "indicator--ed370d52-27fc-4e21-8e93-60146e8a210d", "indicator--cc72c9f5-0e31-4808-bb8e-acda150caee3", "indicator--7b9a4536-829c-4c1e-9da1-34344b272368", "indicator--f10bcd32-7e7f-4a32-9734-efec8c912890", "indicator--3e931bf4-41a4-4875-9c14-29eb3c388d73", "indicator--8fdacb92-e97f-4450-8128-8492386ff847", "indicator--a15a4af4-1b7b-4a51-9534-a9fc0beb63e7", "indicator--d948e6b6-36b9-402a-a676-3116b3d1f79b", "indicator--e010325c-9b35-4bc5-b072-24586ede89b8", "indicator--898305cf-0372-47d1-b834-bee1f2959b9b", "indicator--82ad2635-6b5f-40f4-bb4a-43165726f8c5", "indicator--5101fa67-3574-46b4-b400-8d7374b995f4", "indicator--a947e291-de42-44ee-a90d-d3fa8f8542cf", "indicator--9661b333-8815-4504-ad81-7b9b170fe499", "indicator--184b6e63-f9b9-4570-9870-d6f1e56a08e1", "indicator--b7d1a1ab-5e59-42a8-8435-1d80578adff8", "indicator--400bab91-63ac-44f7-be4b-0c062f85a4a0", "indicator--0b49224f-4fa4-4c95-a4c7-e4108cf59766", "indicator--dcb476d1-b758-44bf-ac96-3d28286cc137", "indicator--327997e8-0402-433c-92e7-eb095c434ab2", "indicator--e4e2f6b6-1c28-4f74-a237-d1a85a1a87ce", "indicator--87a2f0f7-e856-4151-b0de-ce3f211ef896", "indicator--94d2827d-2c32-489f-93ba-bd2b25818ae2", "indicator--21897d1f-f726-4636-8571-267d20f9fa59", "indicator--208ad613-fce0-46d0-864b-811d2b4c3ccf", "indicator--8219f108-6f02-4538-9315-3ab6fda6c16c", "indicator--09466bbe-e7b2-4c77-90fb-289d835ab311", "indicator--75363d44-e011-4191-9f4b-cd33ca0b1bd2", "indicator--2e105df6-4d55-44f7-a187-9d93e8d248f5", "indicator--6988bc4f-d13f-4d04-995f-56b9051a9666", "indicator--695c2a4c-1446-4095-ab7f-e41915c863d7", "indicator--eb33d804-3b2a-4128-b351-4fee84574e7d", "indicator--b756bf21-6ad3-4e8e-b88f-afab6db4ad1f", "indicator--f0fa7ad1-68c2-406c-bd09-537e57f4f5ec", "indicator--c8af3588-1138-496f-ba53-b952483a3fdd", "indicator--7fb58637-abd1-426d-9585-9717300ea02a", "indicator--0c1e49d7-1f37-4797-9f0b-9fcb1fd9a9f8", "indicator--a2d6ffda-c80d-48ca-bdf2-adae2fd042be", "indicator--9346c1f0-3274-4f19-9c8a-b9bf1cac9d97", "indicator--53504a01-1041-4898-a19b-bcbb3cf22d9b", "indicator--94543ae2-34a7-4b8c-acf2-d8344274309b", "indicator--a111332c-8065-4e8f-a3de-75a01255758b", "indicator--c95dc94d-e2af-4b84-b780-692737eb2470", "indicator--f361c87b-866b-4358-b281-b536ed86bdfd", "indicator--267c9a9b-8d20-4ece-b3ed-47241b8edc0a", "indicator--307bfbb3-2388-4911-ac2c-d271135a258a", "indicator--f0196b53-c001-4de7-9476-7ce6f3d2a185", "indicator--91afce42-ab39-4877-ab6f-d83cbcf113bd", "indicator--a80ee5e6-7369-43cf-adc5-a593f8ff48fa", "indicator--ef14cfdc-ba37-4177-9d1e-fb140fb7e206", "indicator--afebb3e3-fbb6-48ab-9d4e-0765be5f823a", "indicator--d6db0950-c7c2-4f04-a17a-2d272f7bc251", "indicator--08da37b3-2690-47cd-8b9d-ccbaf965511c", "indicator--e5cfe91d-3bc1-45f3-be70-be681a7f8b91", "indicator--5f8349d6-246f-49d5-bc05-3bab7041ac3e", "indicator--ac8d05cd-83b7-4182-bd3d-51de4e920219", "indicator--b16a993f-deef-451d-ab22-1f1c0f1f4372", "indicator--ac80af90-624f-481f-808c-0e9efdca1507", "indicator--dbaa6fcc-e4c0-4a63-914d-4d182de4579b", "indicator--ae839d45-8ff1-438f-a8e6-37fdf707e3c1", "indicator--f6ab1c82-209b-4a9b-85d1-42885789fc8f", "indicator--040a3746-08cd-4464-91e0-7be853c9b793", "indicator--db62ef8f-3af5-4e18-9389-e2837daad0a6", "indicator--93187731-a9ce-4231-a23d-314bc7932f4c", "indicator--49136c93-b3a5-4bd7-b31d-e204a4a70ee2", "indicator--e0382bd0-fee3-48e2-800e-ab0d7950f730", "indicator--e25097e6-9b47-4f0c-abca-d5d7a98a7e3e", "indicator--b7985c9a-6c57-4ed0-b51d-4d21662021a8", "indicator--8ddbd267-98e9-4228-801b-0e35245557ec", "indicator--d4cde65b-fd60-4e4b-8acf-19b655f1ad27", "indicator--56fed766-8c3d-4fad-a3bf-f0bcdb59a2cd", "indicator--eca2c61d-88a6-45ea-ab0c-7e36956d276a", "indicator--f94a29e0-c055-489f-8ef6-673980ea4e47", "indicator--4fcddf81-306c-4a06-b23f-bfccfac29c3e", "indicator--18145dc8-8921-481d-943f-4f89a6d48faa", "indicator--20a1adb5-c4cd-4b9d-913b-6959037b307e", "indicator--59ed550d-878c-4fdb-8811-14246e7a2597", "indicator--3e77a855-23b2-4dd5-a8f0-92e01ffb0c02", "indicator--775a871c-dbbb-4e2c-b1ce-4eb63f15e95c", "indicator--efbf0246-9f8e-4314-a8c5-009a73bdc882", "indicator--42bd5453-1835-4656-b7b2-93491f5ce479", "indicator--24b0b886-7d37-4496-8797-3c305ad01dab", "indicator--3a10c65f-7cff-4bdc-93a1-9e4856e78005", "indicator--408d73e6-c75d-438c-95cf-49093ea772a5", "indicator--a58a3bc9-fd9d-466b-97c4-3ce8666381db", "indicator--af3c72d5-20cb-48e8-9e2c-c9e47539906f", "indicator--cf01aad2-8eff-484b-9df0-169ef41fb73e", "indicator--95856fc1-18c7-4d96-bc71-4edd566d04a5", "indicator--2f00f313-1213-44e8-a66c-03afa942f5ec", "indicator--ce1ec2b7-e7f9-4cbb-9c22-857e969965c0", "indicator--b5c49b25-314f-421e-a081-1a2446f8b96b", "indicator--2813bb3b-4ab8-4478-bff2-494e65f6e669", "indicator--19d9bd7b-1843-46bb-855f-4a6e9d647864", "indicator--484ece5e-1d82-4caf-a211-c93ea9509e30", "indicator--9fe5ba98-d5d4-44f4-aabb-eb9fbae2a1ff", "indicator--a9445c64-ce13-4aa4-b24e-fe3a9a14e765", "indicator--7169b249-a22e-4862-9d8a-d8672420cdb6", "indicator--45476812-4f9e-4fc1-9493-8b50a8f887ce", "indicator--85527233-73ce-491e-b052-59f37d2c2092", "indicator--9dc21a79-3d6b-40f2-92f9-96fe240ca22f", "indicator--a9c1a39d-e0f9-459c-aff1-ff1955152c79", "indicator--96b66d5f-0527-4f94-92c0-5fe3da222df1", "indicator--8966418f-7d0f-45a0-a049-5641a9a29ca9", "indicator--d9b70b9f-49ae-4f7d-ab3e-3ab61d4c5878", "indicator--2a29ed31-47b6-4f12-88f7-0af2d905669f", "indicator--e36b413a-646e-4f85-81ee-efc3eeee4c0c", "indicator--e8c78390-e053-4ef2-91bd-05d32ad19c6e", "indicator--bfcc5742-5ed3-408f-ba46-1f62c38fb59c", "indicator--eae0b98f-ef37-42dd-8b02-122212e3112a", "indicator--f7e2aff6-d8c2-468d-97cb-9ddd73433c67", "indicator--9d7ed8be-5b89-4ffd-9826-d10a0cd52ac0", "indicator--784d3f25-e3d4-49f0-9e70-0004b3e71888", "indicator--c7982f94-5325-412c-b5d6-efd8ef0629f7", "indicator--b75601b7-4f34-432d-88ca-8bab710d7623", "indicator--268275e7-e81b-41bb-b354-456bd1e2a14e", "indicator--fc4b1737-e5f4-4809-b969-53ebd5691d55", "indicator--1e182d00-cc31-4146-ba13-f2b4248c4399", "indicator--e83badda-f935-4732-a5a0-766d3235cfb3", "indicator--b6410c99-e627-45e9-9b80-ca2bd9424a61", "indicator--64be4c70-a04b-47a7-b15d-851e2760f80b", "indicator--71548859-541c-4289-a53d-14e9a5b53422", "indicator--d4a4f542-f2d5-466a-81cf-72dcd563cab0", "indicator--dd1ebad1-b0e4-4104-ab68-53158b862519", "indicator--81c7d1ef-a7bb-41f6-8763-ae4102acc8dc", "indicator--afcb3676-4f97-4a3f-a957-ba0cf53f2b5e", "indicator--37a4eb8b-ea0f-45ad-8fec-932681ab31b8", "indicator--6cd57df8-b967-4c82-ac38-a4b915bc10a1", "indicator--a2bbbb24-e370-4924-9264-d659df7dce33", "indicator--f26d6b8e-342e-4db6-9b41-3afba6e8d81c", "indicator--179d596b-21b9-471b-825b-9249ec0ffd88", "indicator--45f3f810-41ef-4ac3-8043-1f8822b63b36", "indicator--f5c5d66a-595c-442e-9632-57b8aa78b005", "indicator--ac13cc14-4e9a-46de-972c-0de75ebdd33f", "indicator--a2519f4d-ee95-4c7d-85e6-17dddb57a79b", "indicator--7131a8e6-fec0-4535-ad97-1274e82c3969", "indicator--1f8f34d1-2c22-4017-a900-b386a4907960", "indicator--fb3af415-6297-40e0-8427-28f9354cc6fc", "indicator--dd2a8ae0-faba-40ef-b23f-5960eab6bd52", "indicator--f6dbbcf0-00a7-48c6-ab9c-3f850d121553", "indicator--3a97063d-4a42-4b3f-a6b7-52f4e05b6ff1", "indicator--967a1c03-52ec-4e43-9d19-b9ecc6babba4", "indicator--0ec973e2-af17-4e5b-9d78-0bf491d57cf1", "indicator--a6651f85-a027-4a48-bb8b-ced25e736321", "indicator--8a204708-9bfe-4e84-9e0e-90b7d54cf767", "indicator--c1d8d2f5-a7fe-46ff-940b-c118411f2f91", "indicator--09ae6497-01b1-4c95-936c-9b2dac820494", "indicator--51b099f9-b49d-43ee-bd52-58e53323b897", "indicator--ec79193c-25f9-4263-8585-aeb0c10b9224", "indicator--dba196f7-45f7-4e94-a93b-522c0945931a", "indicator--d26c46ce-6484-4ea8-8053-73c24c5787e5", "indicator--ddd20d9c-af2b-422e-8fa7-4c8989d7d103", "indicator--f86fc16c-5f69-4763-9650-86e8d5409208", "indicator--1715d83c-638a-44eb-b3f2-9d239491f321", "indicator--c0d0d28c-ce07-424a-8452-396003cb72eb", "indicator--76190b18-6205-4755-b825-dbda8bba5d31", "indicator--d9d71a68-65b3-47b5-ba5c-4dcafeae235c", "indicator--562cb471-8019-492e-ada2-e3f93b5732f5", "indicator--94772068-56a7-47c9-a2f3-ff6bb13c6d4b", "indicator--ec2551bf-d5c1-46c8-ac96-2397d50aa23d", "indicator--a682ca0c-f8f0-4300-ade1-c5d5f6d3de9d", "indicator--a6886ac6-3ab4-497b-9e4c-d297d1ac7fc4", "indicator--47cac493-f598-41b1-b6be-d3b7d6522841", "indicator--9a0819aa-60eb-4655-b0b6-43f196fe1d51", "indicator--2659cdfc-6dc0-478f-9602-d88e63a917a5", "indicator--cbc66d2d-cafe-486e-bc7c-a9ef2dd7cfa9", "indicator--8cba291c-c117-4424-a7ac-3aba7ecf901f", "indicator--f04780dc-1d33-4161-9107-9090ddcef343", "indicator--7378f86a-63d0-402f-8ca0-d0a3cd1139d4", "indicator--c3a25f46-d9e7-474c-b620-cedf4e226ef3", "indicator--c7e886f6-6cd8-4671-a18b-0e5cc77351b1", "indicator--33dd0a8f-37c3-4789-97fa-04033c07e160", "indicator--b1015265-8bb9-4b55-9ab3-22ce95e3e64c", "indicator--2db34fe5-d97c-4188-a35f-c73b78107979", "indicator--e4426dc1-54d9-4f8c-99d2-798d4cf307cc", "indicator--7c036782-8918-4fbb-871c-0f4f1d27ae54", "indicator--a5829a9b-ae27-4f26-a301-9ec497d2b2a5", "indicator--5d65c466-690d-478d-8c2e-bd975c60d750", "indicator--32be4793-3a9d-4440-964c-550d935e7d17", "indicator--f032bde5-72af-401b-b83e-b483d3d55454", "indicator--6d38e5d8-eb4b-4810-bde2-d8dcf5d51246", "indicator--0121baef-69b0-46fa-aabf-a168aeb690ec", "indicator--dae3c818-20bd-4e3a-af99-72b737e41c4d", "indicator--9b23c1c2-85eb-46ba-bfed-c472e9776826", "indicator--0b49e687-216a-40b6-b96b-08d67610a261", "indicator--fb849c1b-1277-4550-b847-78e2516b98a3", "indicator--c3306632-51f5-42b9-bc19-6d121f926ac5", "indicator--c91a4212-5606-465f-9cbb-d50f35f9b5cf", "indicator--e6555d0a-275c-458c-8bd7-2d4e35efc377", "indicator--8a892dbd-52ba-42fe-a8e4-535cbbaa9a3d", "indicator--38178281-a0b2-4bdc-bc2d-7ca6f80b58aa", "indicator--bfc991b1-7398-49a3-beae-2d18e56d810c", "indicator--33e26aaf-1b2a-40b0-9cf9-764aefcc4f81", "indicator--bccd48b7-7f62-41b0-8631-0c6cbe27ec4c", "indicator--57857f1e-b886-4e58-a544-92954dd8759d", "indicator--1bcd8bc3-68d4-486f-9347-bf7e42540b0c", "indicator--48912092-eb6d-4d91-b777-e89fc8c4e3d4", "indicator--f1211d10-b88a-4553-b906-b7368158d06f", "indicator--6ef11903-3e3d-4ac5-b955-6b5e9b52910c", "indicator--36183f68-f85e-4839-bbc0-e9937dc89387", "indicator--c3833841-c1c1-4213-8285-9d59ad882456", "indicator--e0944a8b-36d3-46d7-b8c8-097f1e6ee713", "indicator--d81eff91-f7a3-42cb-b33b-e1d29dce444e", "indicator--36820538-8fc9-4931-ba55-f1d12dd7095d", "indicator--67ec2977-54ec-48d9-9d4b-2ae284e23f4f", "indicator--15f79f6d-af66-461f-add4-cb343a5f1af5", "indicator--31700b78-7746-4c04-99d4-231895643ffd", "indicator--25a6061d-d4ac-46fe-a6d5-60b18772e034", "indicator--19bc1e30-78a4-4992-87e7-e1eeeea2b5f5", "indicator--1b5351d5-35aa-4a4a-aa90-5d446afb97cc", "indicator--7b3af59b-5fc3-4b89-bf61-141f491abd34", "indicator--758c6634-10ae-45d4-804e-9068830d2d72", "indicator--662d2f1b-f581-4c41-b082-b3f7b18776d9", "indicator--e85357bd-e447-4604-9f4b-e1b47ecca65c", "indicator--573c8bc7-0c5f-4473-b343-285d593c88d6", "indicator--ba1522ab-1b8f-446b-90db-0f77103b375d", "indicator--d0dd8b9f-6584-4f67-bce9-4565c7162bc9", "indicator--fabd324e-b701-42ef-809c-edf6f4752ff7", "indicator--b4edb4af-e54a-4d36-b2e6-842e61005f44", "indicator--76a311ef-ddc0-4005-b871-5e3422140a11", "indicator--b1462ceb-d17b-4d3a-b2f8-3e723ace8991", "indicator--51332037-4f43-4edb-9c92-c87716d82661", "indicator--8cb8f392-e6e3-49a1-9443-1b621addcc2d", "indicator--985af272-b7b3-4808-8d54-d2cd43d45fa2", "indicator--f23ef83f-7c8a-4ba2-bcad-f4319a2d6ed3", "indicator--68392d83-2b08-4e0c-84ec-f7f02071d2e3", "indicator--51641745-8203-4039-b004-6da9e365681c", "indicator--a6a457dd-8203-46b0-b95a-7811c871d602", "indicator--e5179aa4-201d-47ed-aa1e-4b6cf6c3696a", "indicator--4293724f-c70f-4cd3-8aff-7ccced06a49e", "indicator--ab141320-12d5-4100-ad07-b38144253a67", "indicator--b5433276-554f-4238-88c7-b3dde27eed90", "indicator--323b6e64-b289-4c37-aca6-a9dc76e54701", "indicator--2b22f715-fb24-49ed-9dda-cdaf6dc21d0e", "indicator--9eed86d0-ea9e-4787-9e5a-01093eebf44c", "indicator--7034dc38-de1d-4476-803a-e0070b51f8f1", "indicator--775c4796-57ce-4a5b-beb6-1b66676acb0e", "indicator--e51c2ba0-7f21-4881-b0a7-61e216fb7c9f", "indicator--089e0cc8-f2f0-4a60-b4fa-470719a20f95", "indicator--33a70aa3-7308-4e3d-b436-fec2c6faa73e", "indicator--706197d7-6eff-4337-bcdc-ceff595f7c09", "indicator--de5b615f-521e-4e48-84d6-f6c419111d46", "indicator--e171f5e0-a065-4e5b-b368-e4ae0be6b92d", "indicator--9b7ffea2-b851-4d6d-9d13-75aab18dd2f9", "indicator--de3d1a3c-9ac8-4b5c-8f8a-f53cc7d984fb", "indicator--622b4c7a-1abf-4143-a68e-eef380f5fed5", "indicator--c3d7e580-f1cc-427a-9685-4fa750a6db01", "indicator--29122263-594a-489f-8658-de2674f020dc", "indicator--42532380-1dd1-4d2c-a85f-66ea3190e813", "indicator--c82b4a76-2ac5-4d98-b6e7-ecad61329df6", "indicator--6c1197d8-1ded-4f4b-80c3-b8b80316951a", "indicator--75ddb114-2ece-40f9-a2fd-543e33b56a42", "indicator--74766d8e-f02d-4d41-87ba-635c6befbc4a", "indicator--7c36d922-3911-49d4-ae96-a9a2a472f07a", "indicator--15cfab30-30c9-4c4b-93e4-31364c7aed90", "indicator--6416bf26-6b3f-4234-8e8a-6fef81380a2b", "indicator--dfd20601-9be7-4e9d-84fe-e400a02e1eea", "indicator--3a75aa55-641b-4d24-9140-c20cd4168251", "indicator--e0b98c3c-71e1-44f9-a1c6-1426483d9d05", "indicator--82ce5a61-b2d2-456e-ac51-88602ba85142", "indicator--e964916a-28a6-4a59-b7ed-08f8224e0bb1", "indicator--1d369592-bde7-435f-a2dd-96b2cc291b46", "indicator--562d3262-b442-4ba6-9885-ea3bad8d30fa", "indicator--3e580037-4c85-44a2-ae78-d6a8a3df652d", "indicator--1c9072a3-086c-4a22-90fd-72f589d47933", "indicator--20ea5ab4-c81f-4282-a388-e790aa631f6f", "indicator--b49e2d47-04e0-476d-88d3-0e4faf34f9cb", "indicator--4696bf7f-6b41-4d2b-a4ea-c16fc715b464", "indicator--8ff5506a-b18e-487a-9a8f-1c232016c1dd", "indicator--373e4b6f-2620-4d37-96d9-1bb9f38198f1", "indicator--607ada71-c582-4a9d-96e2-a6716900180b", "indicator--b841b528-8ca5-46e6-a611-9c67add59e43", "indicator--91530366-a833-4491-b28c-cf3bce58e2d0", "indicator--659e8723-b3d1-4554-afba-3c6b801479ec", "indicator--a97e14da-3aa4-466d-8f7f-8480027c97a6", "indicator--e29eac15-9311-4539-ac5c-7cf1d067b72b", "indicator--e49970c9-641b-46cd-b6f9-bf86b30e6391", "indicator--3a576b61-889e-4bb1-90f4-c0fca9251600", "indicator--27599358-361f-4f7f-bdca-0f21078f0079", "indicator--07910348-066b-4f1d-b497-7a215917da7a", "indicator--fa7d3b15-d2c4-46a9-992b-983adc6f3e56", "indicator--b9858e8b-d0ff-4ce3-a03e-b01f8c4e865f", "indicator--8e013465-b5dd-4cf9-91de-0292066d8435", "indicator--79a31a4c-4652-4fd9-ab96-41a307eb20ac", "indicator--7d6ec043-896d-4012-b143-b69604ccbf91", "indicator--c19a0976-e66d-4df6-a636-e94d7f10039d", "indicator--dd42878d-9e1f-4c89-99ac-26afa6980ded", "indicator--04382ad5-dd2c-4a7a-ba05-879f1c87e169", "indicator--bbc98abf-cdd2-4ab9-a4fe-9c8efecdb854", "indicator--04496a83-a0ff-4545-836c-fb000fe3a9fc", "indicator--822a4a15-7460-4f10-aa0d-204d8915b02a", "indicator--10a535ae-9428-4f52-84c2-a53b2b2d9f66", "indicator--f2961f20-f006-4564-a739-dcf547e73119", "indicator--77eecd68-209c-42f2-910b-df342ff7c8b6", "indicator--c3be3fa6-cad1-40b0-b299-21304b04112d", "indicator--fc4af01a-1afd-4134-93ac-3e879f938416", "indicator--a5c90964-5e10-4acc-bd3d-22da089ce437", "indicator--79c2b6d8-88f2-4d2f-99d6-499edb2ebb93", "indicator--5fb478e5-c3a6-4d6b-90e3-525c95f3665e", "indicator--32375995-74b9-4cce-9fb3-26dbebce363c", "indicator--ff80c6f6-fe07-4c56-9adb-f8a46a659e4b", "indicator--4116177b-a68e-419e-a6d5-b71ebfdbb098", "indicator--25859f9c-0559-4207-b890-6815e3a7bf54", "indicator--627b86ca-217b-4c51-a689-80b0dbcc6626", "indicator--2973d248-c767-4e87-a74b-66dbf614cba1", "indicator--3355c692-09e9-4fc3-8c21-f8465d4067ce", "indicator--15a12c72-29fc-449e-b068-6ffb61833153", "indicator--09aaceaf-d5c5-4a7f-aec1-88a684f3fba2", "indicator--bc287f57-a97c-4f2d-b542-6f8ed979cade", "indicator--b2fce5b5-33b4-4314-8a99-c47d4a838f63", "indicator--ff02c203-c7c4-4a4a-8bfb-1451abd5fe65", "indicator--08411408-c12b-480d-a6f0-b992c953a657", "indicator--c5ee92fd-30f8-4dae-88c8-6091bba63de8", "indicator--1c5071fa-7b0f-43df-8b4e-37d16ec163cb", "indicator--2dd06cd5-5022-40e8-8577-738d0c12d144", "indicator--3640a231-4547-4c8b-8ac0-6f3cd00a9a62", "indicator--a9864065-8285-407d-846b-0f464f9b3054", "indicator--63e1214e-91b6-4fff-ac9a-d1bdd9fb8b02", "indicator--2107b0a0-96f2-456a-9a75-3e7909d5b45a", "indicator--4e9c53ee-755e-4977-a918-5e98ee9709e9", "indicator--8716310a-53dd-4706-aee1-115ca6cd4266", "indicator--35650938-b07a-489c-9aad-83001d093950", "indicator--9361e072-b89b-4779-80a9-aa0a393be894", "indicator--82688b9e-8a07-4e7c-82d9-3c298b9016f5", "indicator--100b78eb-fd6e-4d72-98f8-8615733c6dbd", "indicator--0fe6ac25-40fa-4a2d-9ff9-d44b1fd2fc0e", "indicator--bcb15912-63c4-4167-af8a-877f6046aca5", "indicator--3f9cd545-7d1c-4a76-8566-e68b74b25ac9", "indicator--c2c8a6a8-0b53-4369-b5ae-b71800156420", "indicator--8dc78e61-f2bd-4933-a7d7-ec82970eeaec", "indicator--83c10554-3e5f-406f-bc2e-18e4318876ae", "indicator--74f1e838-e354-45d5-8c39-ef2915f373ee", "indicator--10edb76d-9fb8-40d3-97c5-f776aaf1bd1a", "indicator--b269c445-354f-4574-9b63-179d6ec80424", "indicator--8013be3b-b48f-4c9e-9379-b39849a34cdd", "indicator--bd39f6eb-07c2-442b-a8d9-aaa8b74a5d3e", "indicator--1006d4c3-0a59-4177-9049-2bd440a6d7d7", "indicator--1524f93a-cd74-4125-b47a-070b71d60397", "indicator--6ad4273d-807c-4221-914b-9ab34681897a", "indicator--5008fa61-4872-4473-846a-3f75929c4ef3", "indicator--48a10458-885c-42b9-98da-9bd941bd08b0", "indicator--597bd74c-6d41-449a-8e09-d353af75cace", "indicator--2775d4ea-837b-4a8a-adb5-79bc9268af46", "indicator--6c6b3ca6-4cc8-435e-b084-c3545f1ae079", "indicator--323526dc-bf4e-4125-96f8-862df07d7839", "indicator--e47043b0-52f5-47ec-addc-5522f56e1c38", "indicator--5a69593f-3ec0-4802-bdf9-546dabb2488e", "indicator--372a3e42-58b6-422a-89d5-8831ea8d9078", "indicator--4d9ad368-a90d-43af-8303-7e4e7cd879a9", "indicator--31efa162-85be-4821-aeff-52b6b1d8bc66", "indicator--318df890-f9ce-40d3-a72f-19c742737b61", "indicator--71ee6364-6ff7-48fa-9576-733fdb987933", "indicator--2a83ce24-ec79-4996-973e-80dca8b801ed", "indicator--fd8e3318-c983-44f3-b887-6bf67d87677e", "indicator--a4927a7d-d467-47c6-bb41-8131f0ebdaff", "indicator--d50236a3-89a2-45e0-9604-51553eb1cec3", "indicator--586079ed-fe99-4e4b-94a7-59ce33535626", "indicator--23a6edbd-f5e9-4f83-be3e-beb7673f48e4", "indicator--887809d7-cc24-4257-b90f-3829b294d202", "indicator--e0f681f2-70dd-4c44-ac7d-3a3938104a05", "indicator--55c2cd89-72e2-4426-aea2-61f9787ab8ae", "indicator--4d8c2e63-88b6-4dc1-92b4-821f506df54d", "indicator--c985ca96-a8b1-4935-bcea-075e3a82e376", "indicator--735f296e-efac-4470-bd65-e24e71c75833", "indicator--b3076906-89ae-4e46-bc90-f06ec141a9d3", "indicator--5e7e59a8-08f5-4a9e-bfe0-82898c86a738", "indicator--86dfb69f-4585-47bd-8ff0-90a268373e61", "indicator--1be6d9ed-5aa9-4f6b-a770-69d19046906f", "indicator--112771f2-3480-477d-8471-37c4757f8ded", "indicator--ed44068d-2660-40a8-8e8b-527a8e6e2ad2", "indicator--1543c1a7-c50a-47a4-99a7-4f6940fdd7c8", "indicator--4e0fcf49-06ae-4c41-af1b-07a767f68a00", "indicator--ae145d01-7503-4221-9331-54d6e91d73d5", "indicator--f9bfa2af-c326-445a-865d-84c8ffe7d601", "indicator--739b0bdb-f0ef-4eec-812b-9ae7448db7f8", "indicator--fc179766-1a3b-4754-8de5-aa34afaf2afa", "indicator--8ae02bbf-1f66-4031-b1a5-4b5d7b861b89", "indicator--d06dc9b9-b1af-49cc-99f4-494667ebb883", "indicator--fc1813ae-ec38-43fe-8584-5b6f30732308", "indicator--6dc6f03c-1401-4a7e-85dc-bc5dca08b563", "indicator--94857a50-498e-4edb-9ba3-8c0a577e13ac", "indicator--051e8d44-f205-44e9-bf25-99c9e4045ef2", "indicator--60800edb-d4b6-4726-905d-743dc82b2b4e", "indicator--878562f9-fff2-4e70-bcee-f7ad0453af68", "indicator--75dd18fb-e6c0-4575-8c4b-0a46188e359d", "indicator--17683287-7097-4098-9d97-4f333bb1995c", "indicator--b7b57d08-b201-41b9-b8f5-c9eb5a58adde", "indicator--deb4922c-63e4-414a-9adf-5e857aa88f53", "indicator--95b7cd5c-6afe-40cf-b59a-5dd64e279216", "indicator--fa96dc4a-bf3b-41d9-8032-98df0f3bcded", "indicator--33f0ef8e-4f63-485d-a476-f6d6e96cd9a4", "indicator--4755df6f-bd5b-429f-8d5b-187599bc18ee", "indicator--00a8452e-914a-434a-9c4d-ba41875333e6", "indicator--e442748b-5bc5-4a1a-883b-04bcc24db382", "indicator--5290d893-c884-40f5-9cef-8d7a84e8fd9b", "indicator--586d8d15-ef94-4d9c-a27f-b87bcb79126e", "indicator--ff38a3ec-7777-458c-a61d-a4dea2e64276", "indicator--7d59bc6d-1837-4af8-aa72-e9b2f2017e51", "indicator--ba92a02e-4f6d-4714-a61c-c6fb55543ca4", "indicator--74083117-433b-482d-b591-7836ca89c83c", "indicator--0245e4b4-cf93-41c3-aefe-e7cc7bceeb7e", "indicator--fe1db30f-65b6-483f-9689-e3b32b7a8450", "indicator--db83f681-a3ad-44f5-97f4-6684fadae255", "indicator--748f027c-9fe0-42c1-8c60-0f574cfdb640", "indicator--3fcb1903-0b31-4237-8955-75dfb670c3c5", "indicator--1c77c37a-56cd-4ad0-91b4-654001df2eae", "indicator--3ccfb7b5-2f9f-49fe-ad8d-9968908814c0", "indicator--69bac206-2292-49cd-885f-b341fee30430", "indicator--48311fed-8aa2-42fd-8e92-886fea218ae2", "indicator--cfbf0a2c-965b-4f4c-b235-8a2373867e13", "indicator--61a8debb-c147-4087-9ae4-18676c3ade06", "indicator--1534c45a-6678-41df-8497-fb6304c95eb9", "indicator--c5797bf6-62f0-4428-b90d-fbc1c38ffca2", "indicator--ee6e278c-3a16-473b-86c6-6b580bfec189", "indicator--e9efb553-6b9c-4474-891b-b7fdf8caec69", "indicator--81b3c9be-892b-4f83-83c4-fad2171dbaa8", "indicator--ca305c75-5e64-44f7-9bbc-1b114b363349", "indicator--7189d6e3-4de2-4859-8391-a58141a2d2aa", "indicator--94d617b9-b5e1-46e8-90a2-ed3c97dce822", "indicator--5a8db330-19a4-4032-a339-fcdc4bffba3e", "indicator--bce388f6-797a-425a-ab37-1516cd7f0061", "indicator--d6454a0a-8494-4ff3-a61c-94eec0297560", "indicator--d6bbefbf-fdc6-4289-8abf-7e32f5dfef24", "indicator--ab1f6ce8-746d-49a3-b995-3a4b90f683d6", "indicator--c3470118-acc3-4335-9d54-beb8902fa0c4", "indicator--777d3bc1-1294-4333-bc13-a9eaa37dd78c", "indicator--c2b60fae-82c7-44a0-8e55-cf280e7987e4", "indicator--ccf0e201-41ab-426f-8bf1-ac0bb6e83ad0", "indicator--997ec7f6-38c3-4889-a6ec-8a2a36043d06", "indicator--07f38758-05b1-4f36-bf4a-3ac763a4b2a7", "indicator--024f4103-5dff-4a52-980e-2a970d2d4102", "indicator--70df1617-9dbb-46d6-957c-d2e3f4d97aec", "indicator--de51f723-1a05-40de-9e55-8589de5e1885", "indicator--a57744f9-4530-4b46-9537-904fe7cf4571", "indicator--c995991d-a58a-4826-bfd1-6ed7ed90e7c1", "indicator--920d5783-5e98-4b72-9471-58e5c84353d2", "indicator--dc8c7416-707f-4213-8f9a-a0aaa3267abd", "indicator--fc5c960b-2ff9-454f-8ead-a35022d1cf06", "indicator--0eeb89ef-d7d8-4bfb-b319-ebc7326e4e35", "indicator--38079cdc-fa95-4b43-86d8-01e078206c01", "indicator--7178ce6a-fb97-4ac0-8469-1ee63f10240b", "indicator--84da376f-51d8-438e-81f4-ed956d138ad9", "indicator--f7faee18-bc3f-4f87-8585-00da9ce42e4c", "indicator--3feeb4ae-13ae-45aa-b713-6c3d6ac46549", "indicator--5a844f7e-413c-4577-9af3-7b6c8941a43f", "indicator--294d0d45-c326-49ed-8849-d0791b83f44b", "indicator--500e6c41-f1a3-48b0-b962-0ca24bccd970", "indicator--cb9d467a-df3a-4bf2-b93a-840648b7566a", "indicator--53459526-ffc2-4a9d-80ec-6f9407019110", "indicator--43335706-b1a0-4b5a-8a33-53179f7a6b4d", "indicator--1c905ab4-7a8e-4653-8ebe-34d31f04b64e", "indicator--b86c4d3c-4eae-461f-8953-da504c342127", "indicator--8e1406a5-0d5c-490c-9b87-13c7243c878c", "indicator--198846f1-8cad-463e-841e-29d10365aaf3", "indicator--a3b5302b-7fac-4a6d-9c79-539232d65ead", "indicator--73f35947-3759-4fb8-870a-d65717953d35", "indicator--f4208fc3-1d90-459a-9e08-abe74c31d8f5", "indicator--3604e7c1-af93-46a5-84bb-4621339caa18", "indicator--7228b62e-7c31-472d-b8d2-6499c7e3b9ca", "indicator--0ec732fd-f301-4413-9709-f52fac7f958d", "indicator--59cbe1eb-34da-4c2b-a377-6da3beae7e3f", "indicator--763abcc1-724d-42dd-aa0c-67e435644dc9", "indicator--a6f9aa96-6406-405e-b128-b803b0c75667", "indicator--c4bf8899-2e22-49d9-baa0-fd75bca3b1ca", "indicator--4aee246a-129c-47a5-ac8f-6b00f6e2a0a5", "indicator--e63468c4-ba1c-468a-9165-551b653076b2", "indicator--9d1cea78-01e6-4c8a-afbf-a9ed31787c26", "indicator--f8096137-aeda-4ff9-a2ab-d2713fce4e8d", "indicator--264920b8-2e73-4089-9ea5-b1ad1899a83f", "indicator--cc17581e-8703-462d-85d3-3c6ae9e90deb", "indicator--453a2383-5a28-42bb-9833-823498a101f8", "indicator--6bca3ddd-15a8-4626-9807-38da66a2eacb", "indicator--0f562194-efb0-42ff-9992-ba81500d4d2c", "indicator--62239dd1-3d78-44eb-a6b9-c3b399d587b7", "indicator--21702f41-9ae9-48b2-9343-2ff5c6c546a4", "indicator--eb4624f8-565c-41d1-b6ef-acc57369ffe6", "indicator--2c956414-b095-4d8f-8fc7-affda194918d", "indicator--26cea547-0039-4ae6-9f1a-af8c58c05f7c", "indicator--03514afd-ecf2-40a5-ba91-8bc35d22429d", "indicator--8f33cc47-abf9-4dfb-9a8d-10305b0b5cb7", "indicator--4ce25360-793f-4745-b0e3-25f52b67c198", "indicator--158581bb-2523-4209-8796-35327319fba0", "indicator--a1461920-12a8-4bea-b1e5-36edde7cf97a", "indicator--b8b80649-e635-4b73-a94e-77a10b508a34", "indicator--be26cfd1-9532-4489-bd9b-679905d618de", "indicator--bc0e4fbe-5254-482f-8cca-9227180787f2", "indicator--83c4b7e4-cf83-4b59-bbd5-e1a0678f7436", "indicator--430a2978-591d-4218-8505-566bc2fe198b", "indicator--d5a0b712-e923-4fe9-b78b-776140d550a8", "indicator--aa083ea6-cfce-4f0b-9a1e-b57019b7a352", "indicator--5bb4a51b-7cb6-402f-a8a7-ee7f6f4f0b7b", "indicator--1b8318a9-af9d-4f77-a70d-c6aa2ca81ca6", "indicator--53aa139c-f2c1-4921-af38-1b7f9e112dd1", "indicator--f1bd4345-20f2-446f-8d00-9c5d361be46a", "indicator--c969d056-8cff-4c79-bed3-90fa5c19ba13", "indicator--763cad50-4807-4786-8fa8-389da06a1e97", "indicator--6164c9a8-c28b-48c2-8966-630a01f0a544", "indicator--cb4925ae-5369-4e9b-9823-d030fa53804b", "indicator--59db5f8a-7e2d-446b-91a3-ffa9c47468f9", "indicator--7ccdae40-173b-46a7-a25f-a602b5ad4a77", "indicator--e5aa7ea3-2f24-457a-a86b-7f0ce815e075", "indicator--49e1c55e-3783-4a0d-95b2-941103ad81c8", "indicator--b8e55bea-17bf-4932-98c7-903bdc1e5723", "indicator--9dc2feca-0605-40c6-8f4a-8403c6ac0a81", "indicator--58ecb03e-ae8e-4c77-8ed2-db20f3b93489", "indicator--de7eaf37-0789-429c-87bf-3f5f3746e448", "indicator--a4adf3f7-822f-4cfe-8241-1c9b9ac4e23d", "indicator--142db0d8-7f7a-4071-a81b-e2049fde844c", "indicator--0b288537-6c87-4228-b210-037d1a57bf40", "indicator--dfbd31ca-bf9f-43ea-b51d-b65329a2b27a", "indicator--f1382133-87ba-4aa6-adcf-3a2e64a04651", "indicator--d30d3db9-cd32-402d-9366-9230551208bc", "indicator--3f02b850-5556-441d-b813-253caa5e06fe", "indicator--07bfe55f-ceb2-4c71-9eb1-263f0fd0a5ac", "indicator--8e8d0fa8-a906-4d9f-9660-27164eac55df", "indicator--9ab19e93-d810-4c07-8155-ad56da2a4bbf", "indicator--ecc910e1-101c-4c9e-84ac-71a1e3054bea", "indicator--77eeab27-277e-4a27-92a0-09cec350f4a7", "indicator--a17dbfa7-1362-4b4c-a7d5-46ac688d05f1", "indicator--3ccf5067-42e7-498f-8d40-f1f0fa0ba594", "indicator--fa7f6e08-3deb-4333-ad6a-bd5e272d0879", "indicator--d3d72f80-7c9a-4f54-9251-5359f5892307", "indicator--64c0de04-23fe-4ced-998d-82e3a19f7ea7", "indicator--ba6c51cd-09f4-4073-86c8-455b7e198dcf", "indicator--cc1e365e-d51c-4c41-ba09-1798e680af60", "indicator--f2bcbeec-6970-4209-ba3b-f52df02cc0c4", "indicator--aec18a9b-ff6d-45c2-ace5-90cb4fe83c9c", "indicator--bc860fc8-3a4e-4004-954f-5d26a9c9a7b9", "indicator--d297e239-90ec-41a8-9a06-d436ce5effee", "indicator--20cf2285-3421-4274-a2df-d72c6f21132f", "indicator--959abcbd-690d-42ec-876c-bf2154f1c2ba", "indicator--2a4212c6-bdeb-4c85-bb95-425422dfd62c", "indicator--4d3a78d7-f6b6-4c33-9e6b-4d8c1fa47120", "indicator--b2cf1308-e100-41c0-833a-195487547475", "indicator--1bba3f78-7aa9-42e2-a051-47d7ab6eda89", "indicator--d62757c7-e6ef-464d-b9ba-8929630d03ab", "indicator--826f441d-c04d-4ba4-8db5-190d7f425af4", "indicator--d673ae74-5eb6-4ba1-9a4f-cc329f936559", "indicator--593227a8-fb67-4a08-9aa2-e62abc93db1a", "indicator--5c7362cb-d9f8-48e6-8703-7be3a6437d9e", "indicator--5cb5f05f-1bed-4634-9c42-529074697602", "indicator--c1fdd69f-57fe-479c-9853-c2df1e18d178", "indicator--46204182-eb0f-4a5b-ad64-7d2018390dba", "indicator--6155919b-f30d-4b1f-ac68-33be8d291b6a", "indicator--5dd8301a-6ebd-42ba-8d02-8634496141db", "indicator--204d5116-edf2-4f5d-841f-8098d6a40eec", "indicator--fbfad77d-1656-4c66-802b-de2672c81c58", "indicator--389fa7db-c88e-4a66-876c-2acad3edde7a", "indicator--1107c84b-ad05-4037-8a5b-d214206db789", "indicator--c4f52709-1a8f-4f11-8f49-3d87df53e517", "indicator--b8a35385-2d20-40d3-b7a7-3b1048e9fe89", "indicator--d1fb77f4-fbc2-4f99-bdb9-6bcea82a834b", "indicator--c76eec43-2d6d-43b1-a975-b9ac1de28068", "indicator--c696aa1a-3f17-4535-9b64-a8f78e06aee3", "indicator--08a4346c-fd31-4aa5-95e5-9a70fb86b4f3", "indicator--ca7aadc2-b544-4925-bb67-d8e7e4ddb4f3", "indicator--efe7ba1d-63d7-47e4-bc78-9c3ae7d025ae", "indicator--5e69d3e2-23df-45b5-a818-87b0eef37ddf", "indicator--da702c53-602f-4667-b7ab-36af03429b91", "indicator--47116902-1366-4540-b519-61df37895683", "indicator--b0f6d330-6a6b-41b2-bdef-aa31a12bdcda", "indicator--fda040ad-6f15-43e1-b22e-0aa194c1ff75", "indicator--d84bb83e-44d3-4d07-adbc-1b0206ecf470", "indicator--146ede5f-d955-4e2c-ae86-77741fadedb1", "indicator--1e5b7829-d888-42f2-8e1d-115ff0004d60", "indicator--6a9a561b-dcf9-4ff4-93bf-909aeca09204", "indicator--dc23bcd5-f977-4ec7-9945-9eb10188fe0a", "indicator--ffa15484-0d27-46ce-aeec-4db3a050c578", "indicator--f3491631-bafb-481a-baab-d7bc368ea1b0", "indicator--5cd50b77-7f0e-4a9a-b8ae-ac4b03d88568", "indicator--eecb382b-7451-4200-9378-90d08ca56b6c", "indicator--9507b556-4faa-421f-b3a0-31b7953ec956", "indicator--1500af58-784a-45f5-a1ea-16c79fd0e9c4", "indicator--8d44817e-67af-462d-9b2f-92859dc5f5ea", "indicator--294a90a3-0f1f-47ee-8a64-9019d57b26b1", "indicator--153e469b-c310-4334-adbb-7f78f39a4e00", "indicator--5f41b96d-d2e9-4e7a-a7da-be952ebf9f57", "indicator--8cf21c9c-f8bc-4ebe-9469-621ec51417cd", "indicator--9dbb2858-854d-489a-8b61-937b92b4d5db", "indicator--aea46f38-7e74-4acc-909e-e1f9c674a5af", "indicator--6005211e-0997-4de0-a648-136e607bacc0", "indicator--11e54716-bdec-4b9a-9b07-4753670731c3", "indicator--8b87aff9-46f8-434b-8f0d-39869e80aeb7", "indicator--d16b75ff-89f0-4721-8412-becd8ea4c6a8", "indicator--ff3a78cb-33eb-416b-954b-cf495ec6f9d4", "indicator--b2b7de67-2525-4567-a819-58448765b91e", "indicator--f76fa54f-629d-4d17-8d2e-c514ad1be722", "indicator--d48c3fb2-d400-4353-bfc8-46baaa2ed859", "indicator--3ffec4c4-99eb-4f48-b15a-12e19a6174a8", "indicator--5efd44df-a035-4cda-8b90-3c8e5556dbed", "indicator--8327f4b1-701f-4f73-8952-b593e88aac46", "indicator--cacd13ef-c183-4d4f-9fc1-05e914a6857e", "indicator--bfdc035b-33e5-40e3-ad78-0ba8b2593832", "indicator--06deb98e-e286-4592-bf39-c545b49951ed", "indicator--0cc193c5-f6a8-4b1c-9dd9-d908fae38eee", "indicator--df7bd3eb-a43f-4f12-b58e-ce9d3a99727d", "indicator--ba2ab8f3-6542-41e8-8470-a69d75c6607a", "indicator--76a2751d-1736-45df-847a-70e63e47766a", "indicator--a696f52e-530e-4cce-84be-56119c735b45", "indicator--6eafa64d-cf96-46e7-9b2d-c6695e6cfc4a", "indicator--51f6cf00-9f74-4998-859e-d358cc1b676a", "indicator--affa46e6-e106-4413-817d-5db443088f24", "indicator--3ed88852-06ed-41b9-ad59-26ba9486547e", "indicator--9ca8e5c0-6d4d-45cd-b834-759df3fd9a33", "indicator--4ace8957-d045-4358-9e1b-447553d5ada4", "indicator--0275d688-4300-43df-b2cd-8dd59572e21e", "indicator--05778730-5ec1-4ced-90de-bff76f8e2b58", "indicator--050da53a-67c1-4283-b189-ec6d7fb3d238", "indicator--4cb026f6-f7f7-4b2a-b552-a48ffce295b1", "indicator--a7877e9f-109b-44d8-91fe-b2165be33936", "indicator--29e6776b-9da6-496b-a7ac-624f9406f334", "indicator--2f23dbbc-6cdd-4dd6-a9b7-921a08fca5fa", "indicator--8cf0d119-baba-4db0-a5de-a985a1d27d62", "indicator--3ad5c901-b2e2-4ab5-9e64-fe945caf8db4", "indicator--06ed6b3e-3797-4869-aad0-2bdce03cc8fb", "indicator--af5fc7ee-ccca-4c8a-af8e-a2a33b82174c", "indicator--400d8470-ddcc-4f51-90f1-1f59ec28d37b", "indicator--973fd72c-8c0c-40ae-acbb-1d3880aca2b3", "indicator--b65b7c35-1860-44e3-baca-3f332ba570d9", "indicator--514cda70-58db-4496-8021-046a4dd67b9d", "indicator--6bf0ca41-0818-4c6c-a67a-873444e7f490", "indicator--d7f30b57-bd3b-4b37-9c8a-5107d4cd460e", "indicator--02a579e2-c810-41e2-9e4c-db3a6148bb09", "indicator--d4db404e-3cc7-4687-9b87-270ea8ad4ec1", "indicator--edb85e6e-6570-4c66-9aaf-1af2d3135b8d", "indicator--cdad2ab8-87a3-4711-9685-e4dadd069266", "indicator--9f292259-c54e-4a8c-97d0-fb4ac8a77ec2", "indicator--b183d4f9-5698-406b-8cfd-794ea0279c02", "indicator--d48d9a92-4639-44e0-8b68-338d121f78ab", "indicator--85819067-6eda-47b5-9928-d939f71f3172", "indicator--d883343c-2979-478a-8b2f-86effe3aac76", "indicator--1e31b88f-2f8e-4159-a19d-359b3c7b5c62", "indicator--737c1906-44e2-49cc-93ad-aa963c1ddbbf", "indicator--7fe62066-ff4a-4e68-be36-fc789589a676", "indicator--4b9e8eed-e161-4e74-9292-955803a5c03b", "indicator--34fffc26-f1d6-4fd2-94de-3f3793f4a11d", "indicator--2898aff4-f31a-42b7-a4d6-ad79b96ed56f", "indicator--7d1abd0d-c8de-445c-a21c-7aefc5c194ca", "indicator--7ec50f1a-24e2-4a7d-b6ba-dc280f6338ba", "indicator--c2bc1832-5459-41e1-a868-3447710a0e31", "indicator--a84d751d-c1b2-4a49-af48-f6f95f976942", "indicator--cf72b901-962e-48f9-933e-191d90efe005", "indicator--6f2d260f-d333-4965-ad86-3bf84758db26", "indicator--c5833aa3-3f8b-473a-b8ea-17c7f113f1a1", "indicator--81b2ce67-3965-42b5-bb0e-51eea4f72aff", "indicator--cd72ced0-5e44-43c9-88aa-eb10ab9cdba8", "indicator--47df91e0-ae6a-485b-9ae7-c6c15d668767", "indicator--691e27c0-87ae-46db-940e-6c397cb88551", "indicator--ba69f945-8760-4a17-8912-abed24d1a35e", "indicator--50ad775c-d8bc-443c-897c-f535e99da7ad", "indicator--29e8f16f-84d3-4283-b604-b806a998de05", "indicator--6d570513-f9eb-4265-a127-6a7144b8aebe", "indicator--152619df-f583-44d3-8af5-5974bdaa6df8", "indicator--32e1448c-1c8a-49a5-9fa5-63dba88c19c1", "indicator--da606670-146e-4c5a-bcad-efcffed26074", "indicator--25c94285-4e54-4d9f-9eef-ce8f72a39af5", "indicator--990c8545-0279-422d-be42-167762d3c6c8", "indicator--8ec3a094-cc7d-48a8-822e-5613eb711ab6", "indicator--33a5f86c-9bf3-4aba-a666-397659416b33", "indicator--454fafba-63d2-4725-8c1d-3f59e3566385", "indicator--6982037b-7d60-45f0-9e1c-3701aa372077", "indicator--4b646361-1eb3-4f83-930a-fc88c831d608", "indicator--b564e5bf-5aff-40f1-a903-24d2ab04355b", "indicator--f7b0828d-de34-415f-a021-e1fde9dbbd47", "indicator--3d503d16-6c46-400c-9cea-975fbf0f36cc", "indicator--29589c15-b94b-4c4d-ad29-d0a06c9b4bad", "indicator--309bdf8b-0b1e-4a63-b78a-4d045b0bf3a7", "indicator--0fe0bfe3-3c5b-43a1-9c92-a1882c731671", "indicator--3de3b769-15ab-42d8-a6e3-33173ce57edb", "indicator--b37a7aa5-b1ac-4059-9325-a47b19761119", "indicator--263d07e7-1477-4cf9-83ea-433af63ac9a4", "indicator--45bf62da-3a0b-48c3-9ec2-d913842f7e2d", "indicator--6908d8a5-6b6c-442f-bd7d-f87d20940ff3", "indicator--b9f3e2ce-3171-4e7e-a775-7f8b474ba20d", "indicator--e5776629-7a48-4db5-abcb-f865c940b3af", "indicator--07d89ae4-edae-471e-a37d-aaf501968bba", "indicator--b283f3ca-5a4a-40f5-a933-58130c2afcf2", "indicator--e3acfd62-2650-4112-a7d7-02ed84b73e39", "indicator--9ca7da2e-f4eb-44c3-a224-e86403aae3ef", "indicator--ce207983-a3b0-493e-bd8a-f1217200cf6f", "indicator--eda1ceba-543a-46e7-8ebf-67a43f30cbbf", "indicator--f15548b5-43d4-4071-9625-138425b054a9", "indicator--729a500e-59f9-400f-9fd3-261c1912f1af", "indicator--96eec20f-8d64-4c76-8251-21a50d9c8a1a", "indicator--75efad43-6b70-42b4-a2bd-9afb60da37de", "indicator--22893554-746a-40f9-b140-d34106bd09b3", "indicator--182ce899-e448-4493-a174-eb335f9951d7", "indicator--de09ee80-19ad-4bb1-9e94-a06970d62439", "indicator--1b5df231-1853-4561-95be-50cd74f8cc62", "indicator--9f08a9e2-41ef-4ba6-a065-b361cce55efb", "indicator--d668b1a2-1aaa-43f1-8b89-4a31808fe2cc", "indicator--a574313b-5523-4623-ab66-13bcfaa50ba0", "indicator--1ee8159e-e9b4-4823-8ad2-1f2b6065681a", "indicator--6edbd14e-a0f6-42ea-a741-6f7cdfaed3f3", "indicator--18329c33-8e11-4a5b-9509-3faff12dd373", "indicator--402afad3-3391-4847-bfbc-4f90fd522bdc", "indicator--115362c6-25ac-4858-bf7c-431536a98403", "indicator--d78981eb-eaf3-4e4c-80ad-7b70eaa9aaf9", "indicator--c2b6aed7-6804-4c84-97a4-a12b5e5da7fd", "indicator--9069cb40-1400-4cf2-9bfa-76cfa01b9aec", "indicator--ada291ea-31c1-487e-b7bb-cace28b8c0ed", "indicator--9c0b7e97-55df-476b-a6b7-1a750cb54426", "indicator--f75c0acc-4278-49a5-a0fb-1a5bb8864f1a", "indicator--47c2c410-63c9-487c-b078-475dee7f5401", "indicator--137b48c1-c877-4f95-9a5f-cb919d479448", "indicator--dede0167-c7ff-4ae4-9893-ee1f5d019c3c", "indicator--b01cdada-e01b-4965-891c-4ea6cacfc626", "indicator--4847da32-6341-4fe5-9d69-f51f850c1d29", "indicator--d59bda03-7cd6-4f2a-bccf-3f022c022e20", "indicator--c41b7f49-93f2-426d-b71b-f27e395c081e", "indicator--7a0cecf1-cab3-4469-8ee5-15466998a857", "indicator--d9ae177f-4442-4adf-be15-af2fb50cd0d7", "indicator--0c288a9b-43ad-4f30-b915-8dd057647fa2", "indicator--aa313154-5f62-41d9-b1a3-6097fc0ede3c", "indicator--344e4685-2b84-4d8d-8153-8c0d8cdc90cc", "indicator--231e0366-65fe-4ecf-9543-833554c2d3ab", "indicator--c46e62a7-3e43-4b39-9f16-60d476bdaaa0", "indicator--c5793bc3-b939-4483-8226-86fa9782b324", "indicator--535c5de1-e4f2-4dce-8052-7770627d9b8e", "indicator--6aeca9f9-8b7b-452a-8e41-ac2a8f32d7b5", "indicator--95f88ea9-2d65-46dd-b66f-eca6225e4347", "indicator--4a5fbb04-151c-4476-960f-17ce121e6017", "indicator--36c5c124-021d-405f-9b3d-495c2525f505", "indicator--f8e34347-547d-427e-b243-08f666b43e32", "indicator--608ebb34-8b14-43e2-b9fd-680c308500ce", "indicator--1ea3a474-54db-45cc-9c26-36f1a47969ed", "indicator--81ba5a2e-7e61-41cf-ba1c-af45e81ba726", "indicator--b5ec2c10-1844-4234-9487-5a1b0e108104", "indicator--77a80772-48dd-4f81-b058-a405dbde2900", "indicator--18d1ac69-085e-4f7b-aa97-95c4a3d813aa", "indicator--55c69568-c9ac-4468-b7cb-8c9e2d0da820", "indicator--03e8d00d-0ff4-4174-b23a-4c18754232e1", "indicator--294f2bc0-ebb2-43d2-94d1-4eeb6133d73b", "indicator--aaca950f-9024-4df7-bfbd-73d687ce45a2", "indicator--427de524-877f-4bd9-b85b-2058000c7ca0", "indicator--de1365bb-9578-4943-98f2-8c20e326ae8a", "indicator--a3cbc5ea-e75e-4617-878f-a28933d870f6", "indicator--2b277a61-d5a3-4ab0-83fc-3320b4883ac6", "indicator--5a2d07b4-a2b8-474a-8579-444e6bd5816f", "indicator--6a8510aa-cff6-41ce-b18e-7a6efcd67bc4", "indicator--c55c23cc-90e6-4139-b539-c56d804bd4a6", "indicator--a3fd7a6a-ef30-4c00-9e42-5b0b2a666278", "indicator--926c9c28-bdb1-44b3-a43c-b2171a552656", "indicator--1bf3807c-834c-4e17-8a61-5cf2ecb3e993", "indicator--f700bfe7-6c8f-4919-9c76-68d37da774f2", "indicator--7f4384b1-1e2f-41b3-befb-86aa4e060697", "indicator--8a72a1d8-6498-4358-88e2-e969d02598f8", "indicator--ea5a76cd-c01e-4f8b-ade2-ad3ebb1b1ee6", "indicator--0606c075-dc7a-498c-a15d-a151b8b3b7a1", "indicator--f2594480-b9e0-4137-847e-9346b32c30d8", "indicator--2f63c747-b591-446f-a128-9c3d05d3c6a6", "indicator--b93cf189-132f-4618-b26e-c5d5d161134b", "indicator--06fb5913-f3b1-439a-b040-05226634e23c", "indicator--caa693e5-a7f5-4c89-b796-93b810f7778e", "indicator--8a45d31a-c773-4e37-96b0-3a364bdf9a04", "indicator--126207e7-08d6-4fa7-82a8-25554c83ee66", "indicator--c8232e58-6cfe-4491-85ec-ed29cd4677c1", "indicator--c025e9b0-075b-4a7a-b1af-b66f46f2552f", "indicator--1d5bd2ff-2849-4a88-8d13-8b018e74aa69", "indicator--de7a4f99-8f38-4a5d-b607-dc23a72d37b2", "indicator--cab6e992-da3a-47d9-a2a3-530837710db4", "indicator--86586dbb-b850-481c-a8dc-be7f0afc022a", "indicator--2695fd3c-7db3-4214-97ce-d557b867eebb", "indicator--3c47d985-f438-4aed-a7fc-0fbe3730cd63", "indicator--34bbd01d-08df-453f-833f-79d445780b15", "indicator--010a16be-926e-4131-a3fb-3405ecd74051", "indicator--bfe586a3-9677-4705-9aa2-f9f19a0218a1", "indicator--5993042a-58df-432a-a9ca-b4342da36fbd", "indicator--e05afefc-4bab-4538-becd-b6525540a3c6", "indicator--28b181d4-d388-4f30-8f72-df22c92f4e42", "indicator--e2058e6c-7b58-4d12-a585-29473c8af671", "indicator--3744cb2f-6deb-4283-9125-114001255f56", "indicator--69c341c0-f1fb-4aaa-ae3f-61eb2b90d1ad", "indicator--b86cae8b-d2f0-46cb-8ebe-1d2ca7b5713b", "indicator--9a2226c4-e58d-4c8b-a7b4-80ef9552150e", "indicator--b6940108-ea22-4195-8e6a-3f222ab81af1", "indicator--23a0f3a5-cf04-4c0b-b4eb-61937b42ed31", "indicator--0b3550bb-c859-4f8d-9764-040ea7607b35", "indicator--1c3d6ae1-f4f4-4a78-b16d-a8b5375ea855", "indicator--09c53286-9ae8-4bc3-b7fb-905f6b56f655", "indicator--f2d03283-5b41-42a4-924a-e73054ac819c", "indicator--683531be-db8c-4cbb-8b21-d423c0db5e3f", "indicator--7ceeae85-9a8c-4fb4-9f7e-24218e07e1b0", "indicator--edeec493-cee6-449c-961c-987b69243d61", "indicator--07073ea9-9ec6-4b93-9329-006526bf922e", "indicator--1e9da284-93fb-44b5-8469-9ccde716ac0a", "indicator--bfb7b7af-a683-44ca-9856-a45c3e894966", "indicator--60c8aaab-3333-4641-86ef-39e20b2dbd1f", "indicator--df7f1a88-9811-4651-bdde-7a41022a1f51", "indicator--18558e14-a366-41d8-914d-fcebd5ae6579", "indicator--64678ff7-cadb-4caf-997e-13adc00bbeef", "indicator--737dbf85-90d6-4195-b745-ad3df50d97ea", "indicator--d5c0002d-09a8-47eb-ad2d-cbfaab76a4ec", "indicator--f75e18ae-7b30-44cc-a840-6b6037976419", "indicator--6f77391f-e83f-4f8b-853f-38d623d162ed", "indicator--01a54ecc-eac2-4c1f-bea8-2c8726b9e0cf", "indicator--b97f982e-7b0c-497d-9cb8-7fa1ce5585a1", "indicator--c2ae6257-4105-499a-8ba0-d85a0cecf1ac", "indicator--520c7b37-187b-4930-8c80-1b0b81c9ddf8", "indicator--c2d48095-bfb5-4038-b944-eea64528e9cb", "indicator--9adf2b6f-07c2-40f3-bf7f-13c76bf49eaa", "indicator--e4c12d15-70bd-4ecc-ab1c-e06702e313a8", "indicator--9530567b-fdff-4d19-bc90-45253a8a8383", "indicator--de969165-8009-4435-9153-18fb53564be8", "indicator--e6631cd1-a692-4277-b32f-b8a235451c85", "indicator--4ec375cc-6598-4ac2-a73f-785a7d945a9b", "indicator--04368310-f9c0-43c0-bfd2-1b5a7b9c8d41", "indicator--4c016db0-4257-4c5f-ae29-97283c201b6a", "indicator--4fb65878-74d0-4958-9920-0da13a655d4e", "indicator--ace2e2a1-9867-40a1-8879-5f80ee30cf24", "indicator--414b4b34-171f-4997-b82f-10d7c10e8d09", "indicator--2222ff05-9957-4029-a79c-ffca2c2ebe8f", "indicator--64c5956b-0f92-4f90-9d16-75b15ecb8bda", "indicator--3a915861-75cc-4d88-801c-19d691cafb1e", "indicator--695fadeb-0f1f-4cfa-a720-32c2fef0531a", "indicator--6c0c7c24-9f7c-4e2f-8920-e2d29cc23aa8", "indicator--68f4fc77-b415-41a7-93f6-e480328c1c7f", "indicator--83c220e2-089d-40d8-b14f-e33e5a1e2066", "indicator--34a0530d-b1c6-49fc-9dac-65b36a5259bd", "indicator--f496ce72-b93d-45a0-b2f4-762b4bec41b4", "indicator--e32a7594-7152-4d07-9db9-e801c95d3ec3", "indicator--acdf458f-419d-4fe0-9723-93a89588fab1", "indicator--2f53bfd3-747f-4027-b005-af175641cfcb", "indicator--06c203df-64a6-45a3-999d-ed4e4915d6ac", "indicator--13b47900-eddb-407d-9d53-ce31a075cee2", "indicator--aae0da71-922d-4fbf-8cb1-7dba30e78feb", "indicator--7680bd93-f94a-45e8-908f-cd0f1e5b3e1a", "indicator--5dd1a0ec-a28f-404d-ab08-f5b0112bebaa", "indicator--0db5c5dd-c7d2-4fa2-9b5d-6a0ead77d050", "indicator--533a3bb6-7f3c-4e57-b71e-fc207d8307d8", "indicator--cdc91774-48c7-4d0c-9882-8d58d3fcc2a8", "indicator--52375095-4eb7-4657-9e0d-0ddb5ad3e2be", "indicator--c65a90c9-2e53-4c35-ab9f-dbac3ba154ed", "indicator--df782a1b-a969-4ff9-ba65-03e92074b714", "indicator--9f243204-ca5a-4ef7-bbc1-23aafffc99cd", "indicator--77176776-4305-4b2e-9349-5d0fa9ad2e93", "indicator--fd55d147-e8b4-43ab-bcb0-903338ed7452", "indicator--09302f6d-dcc0-46fc-a295-0ea5deafbbef", "indicator--a0b356ae-4b77-49b3-9b99-6d063e2ba66e", "indicator--a127b65e-b645-418e-9f1b-08cecc4229c5", "indicator--229aa6fb-f11e-42cc-a694-2e791edec6a8", "indicator--44a32e90-6554-4031-bedc-29373712ce32", "indicator--4207f424-a4f9-48c8-b238-df3fb10fec63", "indicator--1aea5d56-eeb9-4769-96c0-44ea96f238d4", "indicator--72988324-c6cd-42ae-8733-ed8a73680275", "indicator--df2b5353-5cfb-48b0-a7a8-fa4dcb4db303", "indicator--cf9f5926-fe69-4088-aa21-c40ba072767c", "indicator--db6dd6e6-998f-4b77-a79a-96175fc61c8c", "indicator--17ffef65-63e7-4e53-9c9e-229fe45b1edb", "indicator--45d390e1-12c1-4e04-aa59-9ec5e8c6c9bc", "indicator--8f61ef98-119c-4ee4-b237-6b34fc2e0d7b", "indicator--a2c52b19-843d-4809-b327-df3457091190", "indicator--cffc02f7-fcaa-417b-90ec-076a4328d949", "indicator--27d63bdf-8f53-414e-ade3-530628bb4063", "indicator--1c092bd9-e870-4f06-82f8-8e813a29f7db", "indicator--d574fbca-799d-429e-868e-d72c174ebe7d", "indicator--b426daf5-06bc-4426-a89e-9e95e0554d5d", "indicator--6eed1b5e-51da-41b2-8f90-4ab8252222b2", "indicator--9cca5a73-e4fd-4517-822a-3f4fdf35c5b1", "indicator--1742c6bb-9f6a-4ea1-9d97-065fd6993db6", "indicator--4c67218f-95a2-41e1-86a5-f739f9bc9211", "indicator--62c89f36-a391-4849-936a-aa1e73913ee9", "indicator--e9d58ee9-6b9e-4af4-a168-6dad70585b4e", "indicator--5665bb7e-98b9-4fd3-9ea2-dc45551a25a0", "indicator--cdc2961e-d5a2-4079-95fb-d3c96c437570", "indicator--fe2af9e2-ff30-41bf-a77c-d8f2e77cf24d", "indicator--ecf5696d-ad0b-4f0c-8bdb-e77faa99aa99", "indicator--c409e8d7-6971-49f5-b1fd-a77c6600b67e", "indicator--1aa84837-3a08-4fe1-b233-9cbf4f1aed65", "indicator--e2fd6216-cd41-4768-be36-f71a9ff0fc14", "indicator--8ef751ea-9ab5-4e3c-89ce-77bd9319d418", "indicator--fc9ff78e-2287-49a0-965d-0a7db8aab524", "indicator--ac81a339-9d78-469a-9d75-a93e2cef6df6", "indicator--94e03a56-ef79-41be-bafa-4cc5cadc131e", "indicator--bd422575-3fef-4f7a-82df-61c27a66a492", "indicator--d6c9228c-6754-411b-996e-2a5bd3510efb", "indicator--7b67ecd2-e5e5-4343-b6eb-aa91922cf2b9", "indicator--2c1608cc-7b02-432b-ba6c-f56d99a719f6", "indicator--b4fb2899-9913-4973-9513-b2290e35b5b2", "indicator--5eaecbcd-fac6-4142-81d7-2c531b1a99be", "indicator--547fa920-684b-4f92-969b-7c182720d67c", "indicator--3f65d1e8-0b55-49ec-8842-f1ba66c689b7", "indicator--f60ae476-1982-414a-a9ba-b7dec498c97a", "indicator--4a4f508a-0cf3-43ac-9747-4509bad64d2c", "indicator--392ed533-9832-4f2a-bce6-05de25c1514b", "indicator--3caa54e8-92a2-4ce7-974d-ecdbfe95a0f1", "indicator--2512bbba-0d56-4274-bef6-007949f90e9d", "indicator--7c076fb1-9849-4df3-9bba-fa21e18706ae", "indicator--11c9e9a6-c443-40e5-8aea-653dc72a96f2", "indicator--0f46d05c-e161-4d42-a393-1cda1898d2a2", "indicator--1577a1b4-7e0f-43ec-9a2f-dadadaec9e38", "indicator--dca7faef-090b-41d6-8125-524464a39e4c", "indicator--470a06d2-b5be-4966-81d9-6802a4f28218", "indicator--000713c6-5f93-4f7a-beff-44a123fa7604", "indicator--2e869a78-fc0d-4eba-89d5-477ec154f01d", "indicator--683d855d-7bae-4b41-a17f-ae363f3d32ca", "indicator--480dd671-0a62-4b3a-96be-72a412a96930", "indicator--2b038dac-3939-4bc1-92f6-a83915134b00", "indicator--0932b6c8-3339-4416-b5fd-e352869b5167", "indicator--093d86c4-de1f-48d0-8bfb-e50c72b02c7b", "indicator--e740ab52-092d-42b6-bd67-f37364da96a2", "indicator--5dfdc8e7-4d84-4240-a475-ab7c6f086efa", "indicator--aca7c0ce-ec43-491e-99a7-98f09eae9fc3", "indicator--0d00f1b5-1269-4f17-8713-96a792f9bd06", "indicator--8e9a142f-b3d3-4c2e-9d36-0ff9822b29c4", "indicator--e377ae7b-c514-4b42-ab8d-de7841366851", "indicator--ae2f314b-df9c-4774-8848-3aa9a13f4e73", "indicator--6635c0de-db95-4c00-ab79-f64eb9724929", "indicator--e5eb243d-052f-4ffa-9572-fd7468efb534", "indicator--979126e3-f881-45cd-900d-f3f3ae65b712", "indicator--c8e2dc0e-30ae-47f1-b910-a7144c97210f", "indicator--66cae2c8-020b-4253-a2f3-09a65fd8703e", "indicator--ae3ff9c7-a9c6-4b4c-8b58-bc543806e7cc", "indicator--72096d84-8b2d-488f-9841-ba02d6cbc17a", "indicator--926467da-b353-4c60-a44e-874bb517328b", "indicator--3c46d8e2-2c14-4c4c-8939-6be6b9f6bb1e", "indicator--cf780c0e-739c-4477-93bd-e1eba7e74be8", "indicator--a4bcfc9d-dada-4759-af51-815ca78b7149", "indicator--1fde722f-0c76-45d7-9b06-7127113816f3", "indicator--e8c30164-d0ef-42e0-8aa5-f9f5b21ecbdc", "indicator--ede1d805-7276-4c2a-8b48-1a9b542f6072", "indicator--8904a3d3-1941-4313-ac5d-b72a3e9ee91f", "indicator--bb5fd404-2e68-48cb-8e41-4b66c1bc13c7", "indicator--69daa6a6-2d7f-4e04-99b4-9e79942f518e", "indicator--415ecc3d-6cf8-45a3-8462-8050dc036727", "indicator--10f9e285-25aa-405d-85c8-16a230a5a375", "indicator--a6c53af7-f947-43a0-a524-06e5d7eb8b1c", "indicator--de395703-7081-4907-87dd-c56fa928cfc1", "indicator--366836f9-cc8d-41a4-8d34-b71f0b9d04d5", "indicator--8171ad5b-e49a-4cba-beeb-95d80f6a4693", "indicator--ce8f3024-ac4f-4c2b-9c0c-fa72da95dfcd", "indicator--ad7efff6-f720-4db5-b91e-7ecbedd86e6c", "indicator--af0630f9-967f-43d4-90bf-87996bc80c3e", "indicator--53dd6443-8668-44e3-8a31-85236e5cebf5", "indicator--9ee3c02f-9d87-4206-b27f-7c4b4dcc5b35", "indicator--3815f527-0ed0-43df-815f-f12a49b1e07e", "indicator--0c6c1aa7-9412-4f55-9142-fc67725aab99", "indicator--a88a271f-86fb-46f6-b0a7-91eb9526408d", "indicator--4fcc706c-a4ae-4121-8ce4-fac626f2b6a2", "indicator--9c8c7d08-6272-493f-a3d6-cc19c08349a4", "indicator--05f44f4c-7a07-4a5c-92da-9061a2b1489c", "indicator--c98be2b7-7b90-4a8f-95b7-cc21d63d2852", "indicator--69d16e0e-f596-42f2-ae9e-0cd864079c88", "indicator--f00dd806-82eb-492b-a236-3056c6b32a15", "indicator--365e8574-ff1e-4192-8eca-87eda9090cec", "indicator--c9f71608-cc1c-4c5f-b507-538af30f81cb", "indicator--9a71565f-dc92-4372-8360-3600194b9613", "indicator--3cb60610-f57e-4fdc-b0f6-d5731ffb1bcf", "indicator--fbc90e71-ccf7-4e2f-b20d-8e7328bd8e2c", "indicator--e456f27e-65ea-43e8-8916-81ad5908d63a", "indicator--0263c73e-74f2-48d2-a8b0-99e8aeef1eec", "indicator--c0052b88-e4cb-4042-b8db-38fb3c7f0618", "indicator--d0d3919d-c654-46b9-800b-49472263c6cb", "indicator--96e1b034-62ea-475f-b90b-6643df828bef", "indicator--b3e3e48a-c5ee-4bdc-bf9e-5359844e302b", "indicator--2ce00e97-1200-4a12-a2d5-ae820a30ecd2", "indicator--ad78b136-ffd2-4b85-8f4b-20f4cd02e5b6", "indicator--c8e75ead-b09d-4386-a188-9f70d0e1c366", "indicator--78fd3e93-de08-4c5d-ba10-0df9401466bf", "indicator--fd33ac25-91c1-4b95-8855-d0ea1e9c1df9", "indicator--1ad96486-d1b5-4c80-a455-de30b572e1b1", "indicator--104d622f-0df7-4f73-b11f-19a43c4d5edb", "indicator--7ab410a4-c0e1-46f6-90e7-99e597da35ac", "indicator--bb79d360-c024-412e-9763-4c6b86455e84", "indicator--c5b7d70e-5c96-484f-8eaa-2cf5405fd7e3", "indicator--42340c30-536b-47f7-ae40-ca9dde6b142d", "indicator--152cc190-3df6-4fd2-b3ef-b694b3969199", "indicator--d17d2d98-d2ff-4d43-8b29-8698c3ca85c3", "indicator--1794a3af-d79d-4f3c-919b-6b5f80952751", "indicator--89ba4f9f-c48a-47ae-8903-16f3dc4fbd10", "indicator--a02566dc-80bd-418f-9413-991880769e89", "indicator--dbd5490f-82e1-476e-b0b4-726ae67da9a8", "indicator--8b5fbfbb-0e46-488f-8b8b-0eb50a65cbfc", "indicator--bed7aefb-d8d2-454f-a73e-f48a62997a36", "indicator--a933e99f-f4ad-4dfa-b37e-3ac132df9ae5", "indicator--1c6666f1-a1ec-4702-bfc9-25970e615051", "indicator--6b2ff33b-64a0-442d-8735-2fd4f75d2e2e", "indicator--511d7773-45d8-46f8-b3ec-1319340606a4", "indicator--e2d2a05d-fa0f-4f51-8db3-840deb3f9b93", "indicator--528470eb-dd4a-4f11-834a-3ce6b3caacc8", "indicator--d3b99d97-f4e3-4a51-a700-bba4f27dc6eb", "indicator--3da7b5ef-7412-4740-96bf-4bbde442b6ed", "indicator--6f25285f-021e-42d7-a579-48ff911a115e", "indicator--1eacdbe7-0bae-4f1f-a2ce-13e58c541e87", "indicator--2ef5d5d9-f7da-4c9a-8e17-a4bec0f56701", "indicator--2db1e546-897b-4fb7-b9a0-1e04ae84b032", "indicator--727db8e7-2f93-46f1-b5c1-092dcd0b16f1", "indicator--7b0ccc50-c39d-437a-a183-823da0053155", "indicator--7b1a0f13-190a-40b8-b8d3-2c0305cafaeb", "indicator--7602bef8-8e4f-408b-b8da-27bbcb353dbb", "indicator--50a83d63-bd97-4161-b1db-c8fc20bf4359", "indicator--d6fc5ea2-5ad2-471f-9304-47875281477c", "indicator--5c01ee5d-54dc-4a53-9a37-72ea3c7e5ef8", "indicator--8d09b5b8-dd95-403d-9128-31cde2de1534", "indicator--8dc72b5f-54be-41a1-b6ed-6f30ba8fe2c0", "indicator--bc09bf04-48e4-4e58-9b33-4e315f717ed6", "indicator--75c8ebe2-0532-403e-99bf-f9db85022613", "indicator--029e89a6-c147-4a8e-aabf-f9fd7839e602", "indicator--e4ba0d24-d43d-486c-a00d-c8cbff772425", "indicator--05487f8f-0d14-4228-bc93-569c7e43a121", "indicator--9bf0eff3-fccc-4476-b972-3aa4a9859a2c", "indicator--72ce2bef-ed88-4ba0-8d68-283b42214882", "indicator--8538cdf0-28ac-4054-b837-36ed4c8a6bfe", "indicator--785c523a-a01d-4f68-94df-0e5ede1fec2e", "indicator--41afdee9-bff4-49c3-8ba7-39cf46b608a2", "indicator--f16d53d3-1510-4e2b-972c-a1dc92e45a3d", "indicator--daaa5f04-9f23-44b2-9a9f-717ab47df834", "indicator--7d5fd1b8-7060-4189-bbf5-99ac5e96eb71", "indicator--530accb4-33fa-45c8-bfc0-a337dc01e25d", "indicator--90030643-ed88-419c-a930-9df5cc6e3e16", "indicator--ffc595a5-323e-4b29-8a48-d802df6bf286", "indicator--cfae11d3-da59-45a4-9583-12e641efeb24", "indicator--d3d8a5eb-23bc-4536-bec2-3fb7398d5ee9", "indicator--a321824d-703b-44c3-8535-8e800ee6d738", "indicator--1558f616-8df1-4bde-968d-c8497e4b58aa", "indicator--46123036-03ac-4fae-a08b-665f227df907", "indicator--af36a7b7-fd6b-4950-b599-325e8b299f36", "indicator--f7a14143-339d-4df9-878f-e2716bb9c2d7", "indicator--7042ba1a-2df3-4ea9-b476-aa6ca9420bd8", "indicator--824a7d9c-9555-43e8-be30-23f32029041c", "indicator--7481e347-ea8d-4566-a142-54a2a500c58f", "indicator--3a735619-eac7-44db-a374-64cf3b570920", "indicator--0f8ac09e-fac8-44ca-97f6-f0775fa8efd9", "indicator--681ec3c1-cf64-493c-9691-f22b9a41ec19", "indicator--63367310-8777-422d-8d5d-d1dbf47c7664", "indicator--3061e444-75dc-4f9a-861e-8947a2d4be27", "indicator--13a9f55f-7913-4023-8d86-42810b38b599", "indicator--090f06bb-f734-4b7b-afe9-a46d6505288f", "indicator--e6971699-35a1-42e1-9f32-6da738be5e50", "indicator--2834bd96-c088-4af9-85bc-2ee03ced18c7", "indicator--37d59dbb-5e75-4235-9eb6-b412128e02a4", "indicator--cf7713d5-1a8d-409a-bcd3-fcbaaf16abe1", "indicator--8d3d811b-bf64-4f72-ae4b-2a23c47844c7", "indicator--071d1a82-b74b-4194-9741-1467a846975b", "indicator--95edd531-415e-466e-8a7d-c21e510d7c68", "indicator--61929496-4ff6-4e0b-9061-1f608f7c5296", "indicator--35f9fb62-8c33-4800-bade-b2bb3588f3df", "indicator--4fcd0b47-6c89-4147-9c28-53e334f44eec", "indicator--9f9437f1-bef9-455d-b35e-8e6222fcc6fa", "indicator--ceeb78b4-603c-4632-983e-a226ec23ce17", "indicator--5da79195-fe2f-4408-b285-a025d82ad895", "indicator--63f312b6-a74d-4fed-814a-e170cf670946", "indicator--c71be4ff-5364-435d-beb5-0912ade8f3de", "indicator--435e29a9-d0ef-4aaf-bf9b-87baa9387926", "indicator--f9f293d3-d3f4-462d-9b2f-5a1e70c53624", "indicator--e52406be-c8c6-4f48-98df-b94aa9b0ce33", "indicator--4815bdbe-84cb-46e5-a0f9-1a86be7f74a5", "indicator--82b81764-133c-43ff-a357-d9ab9a9dd736", "indicator--fd4330c7-7c77-4ec7-b613-8cddf8bcf0fb", "indicator--870b93b3-60de-4372-bc0d-1766c580cffb", "indicator--7404a8eb-1cf4-4c03-b7c8-ce565d2a5e33", "indicator--b8e5f0d8-0893-4a2d-9dae-043542b672d2", "indicator--5b331670-a707-4c13-88b9-bdebb3501560", "indicator--24755029-384c-4803-8c77-a141c202ecbe", "indicator--5ba37ecd-177c-44a7-8023-5e94571889e9", "indicator--417f88d0-9d4c-44f5-9cbe-6c6aafc735ca", "indicator--7e1aaa15-adad-4b57-b532-8cbb8db261a5", "indicator--1a6cacd6-05ae-4d2b-ab02-cac27428638a", "indicator--08f8c7fe-e855-4a85-a044-fe8252917ead", "indicator--e59f16d0-c397-43ee-8c2a-11e5daff6e20", "indicator--6bad7e95-095b-44dc-95cc-67fa2012e70f", "indicator--a90b7ab9-fed6-417c-a9ce-e8251e27aaff", "indicator--3fa0f10e-cdd1-4254-9ae1-c54fce7864d6", "indicator--f470dc26-22fc-47e7-8c62-41e865373381", "indicator--6d1c733c-cafc-4651-a8c6-bd2b3717dd02", "indicator--3801377a-3b8e-4b58-9a26-4646ca482ff7", "indicator--41e156b8-2148-4155-bd55-f5fda0fb4921", "indicator--0dce11d7-e1bd-45b7-9c92-be9cd43073e9", "indicator--e23909f9-452e-4564-8f2a-e64d824cf505", "indicator--defb3dba-f9e8-4995-9419-6489fcf070bf", "indicator--f6293798-9cdd-4086-bb6e-3803ba0a97b3", "indicator--bcdfd067-2818-4677-912b-0ed68dd2d373", "indicator--d5b2ddbd-4277-423d-96d3-e921987b716c", "indicator--302b5fed-61dc-4e07-a12a-2f058431850a", "indicator--d4348862-89d9-46ce-8a01-13bb487ae9cf", "indicator--5816d2e6-0984-4ca8-9dd2-ffe1e24e2641", "indicator--d3e2f67d-6400-4618-9c35-3f4dcfb9657d", "indicator--ab943d5c-76a2-4d78-8ca3-10b849add4af", "indicator--542f62f8-2b66-4202-b70c-0fb9fa35d1cd", "indicator--7ef95f46-0157-49cf-91d0-90ad043b9ad1", "indicator--5984a15a-23dc-465b-b2d7-5b5736392e92", "indicator--5efe0d8f-15f5-45fb-bc34-aa5b4ecf7a6f", "indicator--c4c98932-42b6-4333-af94-c1e40a244f76", "indicator--fb386e98-a27b-40ca-977c-e9869392f833", "indicator--83a2edf9-b4b0-4ff5-85fa-4888d464c2d5", "indicator--6dcd0ca3-3f84-47a7-b22d-72eb88e90f48", "indicator--ddac5570-a64c-4a5a-b19d-4ebbf22ed671", "indicator--b80fec14-3418-4539-a1ea-6c4603cba8e7", "indicator--16351a98-372c-4e70-af95-59f9cbc3132b", "indicator--0f86ec04-c479-4cd7-827d-0ca45aea6c0a", "indicator--f1e88b0b-f6dd-44ef-9937-b2596e65fa98", "indicator--c3f864eb-d661-4fb2-bcd3-47238da11023", "indicator--b23a0f85-a436-4a62-8d40-d606dc87f0dc", "indicator--a8d51ccb-20ef-4470-84b1-65c67df730b1", "indicator--8c34fa08-29cf-4485-a0c6-4038eb818272", "indicator--a615ef2e-8ced-4a06-ac02-99e5424b45c5", "indicator--d914b1dc-5693-46ab-b6b3-78e36b0b0bd2", "indicator--4ea9eb80-ff52-4532-93c5-624e68f7ccdf", "indicator--99fde0cc-0e54-497b-9dca-4c7781d7e920", "indicator--57a3bedf-c6a8-4c93-ad84-67132c7489b2", "indicator--8d9a15f5-5907-45d6-8377-1d6e8ad7bb59", "indicator--ce7aa368-2014-4306-a5d6-81d90b2b9f02", "indicator--aab67bc4-bd0d-4471-a8c4-fa9919453a18", "indicator--f3b5fd51-e5fb-4937-81d5-5e1c25881973", "indicator--dd8b591d-089f-41af-ad30-3cabd47ff888", "indicator--73814f9a-e1f8-4a28-91d1-2d4792c046a8", "indicator--bccdbadc-e0ec-4ba9-8438-64f888595b7c", "indicator--7b2fc77d-438e-4f3a-8d02-239a23350da3", "indicator--da9866d1-4c9e-464d-b65b-76bde02016b2", "indicator--f079336b-5c44-4b5c-9945-a5e40101b6cc", "indicator--29a5a41b-029d-4b9a-a609-5cfc04ed7249", "indicator--d4f4c40d-982d-4f32-b779-45a9b22ccf66", "indicator--8a65506c-be18-4db8-9297-188fa5c8ace9", "indicator--5da00d26-60f5-4fb8-b619-6a8d9164e759", "indicator--9b9d5f03-f72d-4fae-845e-c7d4b0a67f6d", "indicator--3fcbc41d-cd71-483a-8910-5bd3462f129f", "indicator--1b2156ec-500c-49cd-957b-2db414c987bc", "indicator--dc9e1bd9-b445-46f6-92f5-4daead3c1e3a", "indicator--4e16d83a-4cbf-4cbf-b2e0-2071bea29910", "indicator--f9fbfec5-350a-4e1e-a2d6-85c5a1c077be", "indicator--79b4c4bd-4db4-4240-8c22-df348e466aaa", "indicator--e52955e9-7acf-452c-81d0-0a2d84bf7a81", "indicator--33e39d94-1d8a-46d8-acf4-f8be66a8569e", "indicator--b058dfad-7b82-4674-97ab-86fe0eebfa41", "indicator--a9fd4257-1e3e-4533-ae6c-d98bf84b8b80", "indicator--3420037d-2e1d-4d3b-96dc-f0c8edc6f64f", "indicator--1cad07c3-6825-4493-b76b-030380f8d7af", "indicator--d82cf9c9-c1ae-496d-8f8c-8a11941c4ab9", "indicator--b9fdd472-be8f-4c79-b6a6-b309a4de95c1", "indicator--f0f7dd20-e89c-4d14-a50c-2cb06ba4214b", "indicator--7a5a374f-3fb6-40e4-a54b-0759f79e7967", "indicator--7f49f917-565b-4dd8-8bcd-a69d907a3b61", "indicator--24215ee0-3d10-4aed-9844-1cf743c34a02", "indicator--87c91caf-e75a-42d3-adfd-8321b3855a75", "indicator--51abbfc4-1306-43f4-b3a3-40e9ef223d90", "indicator--adf680c9-4a59-4988-8fe1-75dd1d8032bd", "indicator--a190e96a-7ceb-4cf8-96b4-3f88928ba905", "indicator--2ebf2601-0acc-492f-b92b-0dd041c3193e", "indicator--344556dd-bf32-49e2-beb4-45ed168c66fd", "indicator--c1618ce6-825e-41b6-9cf1-e0d37c8def20", "indicator--97989d5f-68cd-496d-95bb-0bb1c8ec0f8a", "indicator--0b74c4d1-9ee8-44cc-81d6-2c27c248fe8b", "indicator--b8a09e09-2eba-4df7-baa7-8b0f66240617", "indicator--3d9d025d-e448-4e40-9271-4e596154dcae", "indicator--8f46b2de-f5d5-4367-8967-c2e83cf0dfd9", "indicator--05e30caf-278c-4a4f-a488-3db932b2518c", "indicator--ee61cec2-e3fe-40d2-9112-2c72e1be2195", "indicator--a323268a-6358-4f9a-b9fc-0dce71747c6a", "indicator--2436a15a-8c8c-4261-a8c0-ef08acc190b6", "indicator--8f8a5cbc-bbe6-4248-82bc-6e80f3f0116a", "indicator--fc182162-ab82-43f0-a271-59fb4ffd9661", "indicator--159d17ca-b19d-44cf-8198-19a4ca4a646b", "indicator--4f054e1c-b6aa-4176-b437-ad0e129a228b", "indicator--6ab190b3-4d55-42c9-a484-5d55303555a5", "indicator--4720209a-eea5-4701-88a9-f2618c0b6ab7", "indicator--2f5ee6b3-4081-496b-9aed-1072477051f6", "indicator--a514f451-6914-407d-a919-2236b2902254", "indicator--304ae3eb-04c5-43ef-b9ef-084f41f34062", "indicator--1450175c-8167-4428-9b8f-670bad0fbefb", "indicator--c6c4c552-6b6d-4fee-93f9-e24680444b6e", "indicator--87d3e93d-188d-4aa9-8b9d-a59a338c25b2", "indicator--e7e2a783-3a3a-4fbf-9841-bc2e4a9f65f1", "indicator--0c9f7d72-3ba3-4c62-82de-9a23ff6c9dd5", "indicator--ac997719-c5dc-4c03-9b28-10a8b729d5fd", "indicator--c2e3e0e7-3413-4fbe-baa7-afb9ce6345eb", "indicator--6171f286-d3ba-4c4a-84c7-6bf09a27917d", "indicator--645ca71e-42b9-44a8-9b66-b78cf152e10a", "indicator--e2a1b164-47f8-4d1b-9df2-f06cc4eb45f2", "indicator--3e617ac2-9a71-4f19-9d7f-e7cfcb9b6388", "indicator--1ef2b236-b78d-46cc-9a70-90091d505ec1", "indicator--3691a020-6a62-4aff-b7fe-dfdd80e85a10", "indicator--45c26d18-18bc-4599-a34f-2ac2fea83ccf", "indicator--107d1796-f980-4a48-a95d-8badfa982856", "indicator--f086a4aa-bed6-4dae-93c0-93b393c26f19", "indicator--04e06403-c0a4-41d8-9d3f-aef911b6f85a", "indicator--12568fef-e5e5-49ec-a8b3-82fbe5532d87", "indicator--311c6053-2af2-4e91-ba89-1f8528332dd8", "indicator--06252ba6-4e01-4fff-a5c6-b7d045e7adef", "indicator--aea41ce6-0ee8-45ab-a18a-477b04c529fd", "indicator--d34a1228-bbd3-4e9c-877f-62fda5de9121", "indicator--2ff43c87-ab3d-4457-8997-bba3718d113b", "indicator--c894a965-089f-44e7-9d74-e8c89c041950", "indicator--3b8529c7-61b3-443f-862b-6ee1decded97", "indicator--cb1cb0f5-bb32-4af6-a079-5d6b89f5da5c", "indicator--aa2efefb-3927-4fcc-b622-3e476431b00d", "indicator--a4926c39-cb5f-4be1-84b0-17a551019edc", "indicator--7599520a-4901-4fb6-ac2f-f97c0be81e81", "indicator--7c554499-ac71-4e17-8ae2-b7f2b83ea928", "indicator--d9c5a266-d1b0-45f7-acf6-53dcf4323394", "indicator--14db49db-8a2f-4ef4-b491-3e1f0b9b2e7d", "indicator--a78289f4-dabb-414d-a477-d88a6a82ad7c", "indicator--7902f742-9423-4b65-874e-d1b808b14bc7", "indicator--9a82af1a-e67f-4c88-9be0-9815cb7a929c", "indicator--5f483ae9-1b1a-4d07-ab98-d1283f9390ea", "indicator--3f3f79d3-d90d-4898-89b1-11ddf1238f94", "indicator--ac2a1303-2202-4f32-b48d-01f91988d713", "indicator--17e829f8-10f7-4d09-9db4-54f96362c3e9", "indicator--e8a6b0a1-92ac-47fc-9e53-6c814c506aef", "indicator--ae100fd5-2ecc-4a3f-b3e6-63e42d6cc2ba", "indicator--57607861-438f-4781-9c09-c9de456451b5", "indicator--a7d65151-92d4-4cf8-a072-416465dd0302", "indicator--0e82b305-bb71-4944-b4c2-82d2627cb9a0", "indicator--59ede6b5-64e2-48d4-8e8d-7d01486ecc17", "indicator--040ed440-0759-4aa3-8345-d87d7c49390b", "indicator--60385374-cc9d-4829-9c21-7e633c6c42ee", "indicator--f45a1feb-30a9-4f29-8216-65be83e105cd", "indicator--f6b6bae6-8040-4b35-a15d-3bad8dcb7a83", "indicator--2a6471e9-e64c-441d-a7c3-6ec4aef4735e", "indicator--c7a4aff1-e4b5-473e-88d2-a65c4a5d9e88", "indicator--c35c96e2-ea6f-4bdf-a599-38133d65131d", "indicator--ea3e4c43-a049-4ca3-8cb8-e3aba6243da9", "indicator--5516394a-71d3-4352-9d07-b9b449c95e81", "indicator--a6c5b939-fd08-4d58-9a17-6ff8b312e93e", "indicator--2e447866-873e-466c-b417-bb61e5cbfed9", "indicator--08fad254-65ce-4f9f-b0d8-804ac614f98e", "indicator--15fdb5f8-fc9c-4180-a7e7-107f9684fb93", "indicator--09da6ae5-325d-4eea-9b0d-07d7c7d7d59d", "indicator--a350719f-626e-4e3c-b507-33316f631b15", "indicator--3f5ef988-f345-4c8f-93cf-4a1e4b32fc5f", "indicator--963f9721-2883-4294-ad82-7ebb00ea10ff", "indicator--adc17e35-06fd-44d4-9c9c-a327bb7c1042", "indicator--05fb55d4-ad0e-4318-9dc4-03415623a3d8", "indicator--be4e99ca-843b-46e3-8e81-6fed14832d91", "indicator--82fe2be2-2f67-489a-b117-e4a18fb3890f", "indicator--c3c437f4-1941-46bf-b93a-e05fd3320f59", "indicator--d30a3bd5-e49b-4415-917b-204b6e20e4d6", "indicator--8bb48cd6-11a0-494c-8641-8d4a41e068ba", "indicator--591f486b-0fd7-46fe-8143-ff9bc5133ed5", "indicator--9835dce5-53e6-48f7-b31d-84ad35de3008", "indicator--42d51539-1c5b-4f3e-a64e-b926a0c16470", "indicator--33bcd73b-882c-4b96-b6f8-6071244f7484", "indicator--bb36d382-c0ef-4256-b721-94c005dbd654", "indicator--5eac70e9-ca60-4634-bf1e-de7248189679", "indicator--abda09ef-79ed-4b11-a4a6-630671df446b", "indicator--1105c0f7-e31b-474b-bd83-bc03225adab8", "indicator--d7f93f5d-eecd-49a6-9048-8558cc900373", "indicator--c49aa52d-a3df-4a42-8f78-bb38ace08d98", "indicator--16cb53e4-dee8-41d3-a044-2edf85ab5f13", "indicator--40b94e30-2907-4c51-8dc0-11f43448057b", "indicator--4388b0af-b3bd-4787-aae0-01244095c415", "indicator--6ee60a74-6b88-42cc-ba39-1be268736166", "indicator--bd6256b4-c097-47d4-b188-f0052a7df857", "indicator--10c70e82-cbcd-4f0c-99c3-009b2b0b7779", "indicator--0079edfd-cfde-4f4f-8d8a-5d04b00e97c9", "indicator--cbfa0a5e-93a3-43ec-a82d-d9d1ae9ac509", "indicator--c2ee3edd-fa61-4c04-8fd9-1507ec6041b8", "indicator--660301e6-a2b6-45c5-aeee-5b1a836bcc63", "indicator--edee3444-c8e4-4977-a21c-ca08336164de", "indicator--54e54425-409e-4cc6-91ab-f0c05895e64f", "indicator--195f33e3-1311-4b49-aa1f-f2c67a08859b", "indicator--b0d0e34c-2a91-46a9-98fa-6325f3139be4", "indicator--b657f833-ca4f-4d4a-ad55-e1c6f3923e02", "indicator--f9b5e1bf-b565-4a5d-8a39-a3e942433c43", "indicator--baec2cbd-9388-4920-8c87-c1eb7bf9ec8f", "indicator--4730f11c-8fad-4daf-973f-2457fc26cd55", "indicator--ecc9ef06-a01b-4219-b9f2-cc270e480f45", "indicator--4e6ae033-2910-48e8-b69a-4b5c44b60fa4", "indicator--c61f2e10-7d15-4917-9b87-33001d812cef", "indicator--f8a2d7ce-96cd-46b0-b9d0-55ce055cb8d6", "indicator--3eee2599-2015-49a1-a03a-e08cfa3f8308", "indicator--446c03ab-cc86-4a4d-9604-0241035da58e", "indicator--9b8a9d0a-54fe-4833-9a26-c17772069c3d", "indicator--e2e0e9ac-45b9-47c6-a3b4-5dc795381b8f", "indicator--4f0102ce-5ee4-4263-a86e-f507a50b2958", "indicator--1d45b3e8-3357-4a5d-81fc-29fb63168838", "indicator--31d4a256-6524-4a65-bfa0-d2d8a0e4c4ef", "indicator--183c2fc2-248f-42a3-9815-5f933a34788c", "indicator--d3d95307-cc71-44fd-a203-763c960b8894", "indicator--38c99afd-cdbf-40a0-9062-ec3b278162e1", "indicator--8c12be6a-e5b3-4a75-ab10-7ed4881a5228", "indicator--0100ff3e-89a1-43c0-a781-576fb67bb37d", "indicator--60fe4641-0cbf-48a3-b1ba-b359ed5904db", "indicator--66d08060-6cc7-4788-9f12-c1c52c3655e2", "indicator--393960a4-c058-4215-ba47-081e891cb29c", "indicator--23c2f9ae-9f8e-415a-8c1b-ce6fcd51f5f4", "indicator--0ed38252-5b04-404c-94a4-22a4a24f1619", "indicator--d039e346-2c62-4775-96bd-2536f23eca1c", "indicator--4ad4062c-4446-4fdd-85ac-b87dbadcd6cb", "indicator--4ae3cf28-7f03-4d2a-9c1f-b511fcec96a6", "indicator--ab6c4f45-28da-4451-9e34-4af19dce7db0", "indicator--7e3aca16-e450-42fa-be5b-ed7ffdbe2a5d", "indicator--14b92aa3-2223-40cb-9606-4b32594c8afd", "indicator--a301b167-d90d-427a-bd51-7b848bfa6f1d", "indicator--0f7019ab-fd59-47e8-9157-7abf3c94d742", "indicator--664292c4-6457-4c27-b5bf-b475df247edb", "indicator--33ef42c4-eb36-4135-ad5c-179a5b883464", "indicator--ef84ae9c-277f-4edb-addb-afdbdd40341c", "indicator--38da95e3-9d01-4d54-b4af-24ca43f2fdeb", "indicator--237ea0d4-ae20-4071-aee9-08759ce71080", "indicator--d0a3369f-b99d-43e7-b421-4f1bbfd2b026", "indicator--da83b718-7370-47c0-a22e-e24aba7eee0c", "indicator--26808f52-2df4-4cf3-9d98-6f7a06bc2fc9", "indicator--d500d3ea-59df-4602-90be-b9ab5e0e3bf6", "indicator--35a8296b-11d1-4085-a7a6-1da51c8f98a5", "indicator--4e6dcb34-2bf7-4ce2-b0ec-0f2210369304", "indicator--0d61f5e6-baf6-465b-b5a0-1f778d265f96", "indicator--e73b7013-1bc4-4212-ab79-9838d1f74aa0", "indicator--be6d29d7-3533-427e-bd23-3e50c37c50f2", "indicator--7bf6938c-b589-4a06-a685-a6973329c7c2", "indicator--dbc420f1-e6f6-43d9-b865-44331808b583", "indicator--904d0e72-2ab6-4840-90c8-6edf3505aedb", "indicator--010085ea-0dd8-4319-ba4c-665f294f526f", "indicator--1a15b9dd-e7d7-4ea5-a230-4c4ba1258e6e", "indicator--7026fe3f-44db-4243-ac71-d2e3d2b8909a", "indicator--d533f75d-892b-46d2-8b05-861f0dec9c90", "indicator--c996bf26-ddc6-462d-8237-fdbd12553f13", "indicator--f3498838-0458-4b26-85e7-9f0caa2d3f2e", "indicator--90a60a2f-4ffb-45d3-849f-b8b06e9f53a6", "indicator--13b58434-45a8-46fe-a8f5-5ff249c8310f", "indicator--26d14d9d-3541-4975-820a-8cfea788c94b", "indicator--1f66e8ce-28cd-4a26-a056-9e99cb50376e", "indicator--2910cae3-eeed-46f1-a6a0-be2dac20c986", "indicator--c392f86b-3b6b-4a48-ab36-9f5ba39ac750", "indicator--9be1009e-f71c-4e37-90af-55a2d662c1b1", "indicator--5eed6f51-0b19-478e-8062-a06dd641e04d", "indicator--033b92c7-55c8-44eb-8e07-cae504d128fa", "indicator--801bafed-f37a-430f-8ad1-28957a864247", "indicator--4638b208-cb60-4d3a-9f3d-5c0b83e3bdad", "indicator--85505ea8-d79b-445f-bb01-2d9744f58db8", "indicator--b27e447f-c321-4192-8f0c-dacec66e8bc7", "indicator--6d7888ee-57af-4da8-acda-a7fa9ee0e7d5", "indicator--49a89494-e443-4b05-b1e0-f4982b1f3b65", "indicator--aad623ac-e324-4159-8e5e-c8d73decbf61", "indicator--b7399c9c-9676-41eb-a470-0f94068ea5a5", "indicator--a580e512-f1f1-49d2-9c58-43208418fb9b", "indicator--449668eb-8377-4507-89dd-2a68f7bca09c", "indicator--f8806d24-3209-4851-8d1c-e27496fddf47", "indicator--60bf8644-3d36-4fa6-b7b3-6efe2bcdbd7e", "indicator--fbc16581-1b43-4c2e-8c0c-4831996d24d7", "indicator--71b7aff9-389e-4cdc-a6ee-b2d2fa2e68f2", "indicator--9ef13ec1-1910-4a78-97b7-13e0c1e711c7", "indicator--512975e7-e2a0-4b06-b4b7-2107686a7af2", "indicator--0711d40b-b768-4e73-9a9d-493623aee3f1", "indicator--55359991-98ab-4d4a-9ff8-de5031774bf1", "indicator--12453c0a-1f5c-402d-93f2-bf6cd71ee8f8", "indicator--f0ab87bd-b83e-432d-aa13-1248322ea91c", "indicator--cfacb768-4416-4747-af06-7626e00389b2", "indicator--b27235b0-410c-45a2-bae0-f42ed8dec14c", "indicator--f691aae6-476c-4b2e-bebf-252ddf75402b", "indicator--1f6e154d-291e-415d-b4d0-92b937d84ef1", "indicator--fdf2c752-1bb9-4be5-a447-87b467528921", "indicator--4ff48b20-b3b3-440b-8cb9-45a999291d36", "indicator--78da6159-76c4-4714-842d-18ce89e3df20", "indicator--dcacebbe-3d03-4924-80f0-c0bcd3aabfe7", "indicator--54515fe6-6da7-4b45-9cc5-95bf77151025", "indicator--6263c987-8013-4214-8766-16d58527e355", "indicator--d9e99f79-1f85-4f7d-a7b9-5ed66320c0c4", "indicator--1f9f7fd4-35f1-4911-818c-c46388baba41", "indicator--6da08a3e-4825-4a71-a9b4-ca8af1b0f74c", "indicator--6e25fe0c-4d05-4039-bf14-c461342c7336", "indicator--bd95065a-b3bc-442c-9ec3-993a7d4883f1", "indicator--312955fa-b9ee-4681-81e5-cb3dbb57f759", "indicator--c12b4991-4868-4ded-9b81-a22018237fa7", "indicator--b154862c-0ecd-45c8-afa2-6b91810e0759", "indicator--c852c9ee-e112-4693-8625-90a3f5afbb4c", "indicator--dca219b4-0c4d-44f0-8a9d-dee3a2660027", "indicator--50ee17a1-3c6c-4aea-a4cf-c2e551455d18", "indicator--a9e40f36-979d-4bac-a5bb-60a42ff2ed0b", "indicator--445be07f-0f3f-46cc-99e3-f9e6a3f8a609", "indicator--3bf17b33-b37b-4fcb-a2d0-64eea08a7bdf", "indicator--b7b9d894-a274-4efa-8216-2ad5227251ff", "indicator--573e0be0-3e39-47e9-b33d-8423eb689b55", "indicator--a7819ef9-169c-491d-82fb-2f16897e44ab", "indicator--048c3b86-0ac0-4545-a2ff-714323850a22", "indicator--ac9f0e6f-d052-4c6a-a9f6-0727562d5eb9", "indicator--6a119e5b-4325-4920-9bd8-b55fd1095339", "indicator--3e762c58-827d-4fce-a436-ad76f0edef9d", "indicator--2ea8356d-d1a9-4ce1-8155-21827b1b76b2", "indicator--d09d8b81-5d67-4a37-b53b-2df12ef1e254", "indicator--56be4175-0cf6-497a-b419-6ef619457ed2", "indicator--3a959760-8645-4d8b-9a88-6d5ff793bc77", "indicator--7370d365-a8a8-4c32-a5b2-3a0d1beb8004", "indicator--82aae9b6-c7f7-4461-bbf0-7702bc622606", "indicator--84f734b8-a64b-462b-b73b-7ac271b9cf48", "indicator--ec251d1a-01fe-459b-92a7-d71c12b8a1cb", "indicator--e3a22afc-7374-4e53-8549-99a70a22d2b3", "indicator--5c16ca0f-f23a-4305-9202-419ac14ff2cb", "indicator--43c70338-e62b-48c7-8152-fba7a95af9d5", "indicator--b30ef1aa-15ad-4713-a3e9-b84ff9428e94", "indicator--7e96c766-4cf7-4b05-b069-5296903f2b07", "indicator--51afe2b3-88e7-40a6-8f6f-4173bbf8ccb7", "indicator--63557ff6-218f-4e58-b3d4-42555616073a", "indicator--d01c8d4f-94e5-498e-a0ed-c9c513764aa9", "indicator--e4e947e8-6f87-4fea-ac93-eb77344a1641", "indicator--92b0614d-372e-4029-a4ed-c94ef2c21681", "indicator--1950633e-9804-4ba4-a454-91f92b60cd7d", "indicator--458be886-936c-4711-8710-409dde73e3c0", "indicator--f42196de-7669-4657-b9c0-425628f7b516", "indicator--33ace63a-2ffd-4fae-8592-2f9dead47156", "indicator--160c82c1-1ec2-4c20-9736-b31fcadf77be", "indicator--6008d0fd-41ec-4f51-bd59-1b6bd77ebfb9", "indicator--7500119f-14a0-4352-a184-638c15feaac1", "indicator--88666eeb-84ff-44fa-bc46-90dc97e1ed59", "indicator--60851ffd-da0a-4f99-9fa0-ce9f66214429", "indicator--30f83e37-52ba-43a9-880e-abeba5667358", "indicator--0a0ac034-2adc-4810-8ae0-2ffd5c7e29b3", "indicator--e7257ab7-4dab-4cd2-af3f-ed7073a7c283", "indicator--feb47413-134e-44c6-b2c6-e9d433c1999e", "indicator--76360205-bdbf-4131-99f5-df7769c344b7", "indicator--915e5c5c-6a1e-4782-b175-0426259306e3", "indicator--cdc95af9-0a53-497f-91d6-5487b8f9cb4e", "indicator--73b1eeed-a0ba-4d26-8799-5797731d947d", "indicator--88e31ac9-c5f0-42cb-9f76-542d80fe03ff", "indicator--8a80eb39-ed19-4f90-aaf0-8edbd0e279c8", "indicator--dfe1a2d6-31fb-4246-91c3-8676ccf44e7b", "indicator--645e6c5b-73e7-44ad-9d5a-c9c577f97bb3", "indicator--2b372410-a094-4474-816a-729fc6599c4f", "indicator--cf27ab6e-629d-48d4-80e9-0b5ac2b58bea", "indicator--b1d2166c-59dd-46f0-bb51-08cfa25c24ca", "indicator--3f07b45e-e6c2-49b1-a7a7-aec05f7b3273", "indicator--42da7696-fe37-4714-acfa-ad33d39ac7cd", "indicator--f9ad5df2-cc58-47b3-a05c-a0f0ce2c7939", "indicator--7adf4914-d05a-4c0c-b9f3-8e40afd4efc1", "indicator--874861d6-b31d-4490-a8cb-e42f7ccc138d", "indicator--50942b1a-7443-4b3c-9cf2-8f6de9f0ad69", "indicator--b06aea95-32af-4405-a818-14c519e11b8c", "indicator--736460cb-91b6-4311-98aa-994e4a86bd46", "indicator--90bb6d54-b5eb-46fe-822d-6821fa5039ff", "indicator--5a818ef1-2a38-449a-a986-98724d003144", "indicator--90e96d7c-9df9-4fc6-9d4a-0248e385d750", "indicator--2c28bfa1-4ae9-44cf-a12a-3dcefa1d4dc4", "indicator--0434688a-85e8-4d56-821a-180b9f6af417", "indicator--15ad5239-88a4-410e-9624-8f75aa835d75", "indicator--47db011c-0b25-47d3-b069-385df6364dd0", "indicator--23e6d41a-6a32-4b68-bc99-5cdf62cf2643", "indicator--ce82ac15-dd21-4312-babb-334648a821fc", "indicator--50ea6377-99f9-47de-8f08-02022fb7fc31", "indicator--63bd328d-db3f-4968-8957-907c7133dc6a", "indicator--7290affb-3eff-4733-91a1-ed4b2f42200d", "indicator--1fe59cb2-22f4-4269-b9c1-8fe19fadbec5", "indicator--2beac7b8-6b35-4996-9ce5-25715c7d4c1f", "indicator--139d62bf-3c4b-484b-83c1-8c85d0a73f96", "indicator--c7599f0e-20fc-4813-a9a5-e960120cae1b", "indicator--9f32cc2c-d630-4c75-ae58-f708ba243135", "indicator--afc663aa-ea56-44d7-a3ca-e5cd5fa1f4e8", "indicator--6221e699-a326-4b12-acc4-7343c016e05f", "indicator--7754104a-58b6-4444-acc5-1b0c685eeb4e", "indicator--483f2239-5c30-469b-a839-8e581a477110", "indicator--c89fa11f-d4cd-40b8-8988-6c220e6678ac", "indicator--95659260-bb09-4c74-8c8a-47f653cf5218", "indicator--5857f656-1148-45d2-9013-6756cb82812e", "indicator--e24b7ea5-b723-48f0-811d-551cff262356", "indicator--8c61b092-1961-475d-acaa-2649f93c9dee", "indicator--f1f323ca-f031-4dbc-9639-0b0adcbb5a26", "indicator--ea106bb5-b5ad-4f5e-be4a-a28a60d39dbf", "indicator--d3040d6e-cf2b-4782-8501-f51e82d4dc96", "indicator--dfcd7886-a068-4362-92df-d1be2f5597cd", "indicator--83ccc42b-7b50-4250-96d5-744efd6fa314", "indicator--41429ac7-3f44-42c7-bf55-5ea72a979929", "indicator--b678006d-bb7c-41b8-a302-c0a73042a4c4", "indicator--dfc336ba-ab95-4fa5-aa88-42aa8d185919", "indicator--7d348c85-eaae-43fe-ab9d-4f94cff2061e", "indicator--66960c81-ec1f-4f0c-a951-de5ee8c26d02", "indicator--71b61c14-6d16-4acd-8579-e3ccae6c2e5f", "indicator--fa10461f-ba43-46fe-9377-5a35f6a41af7", "indicator--43d0d57a-410d-41ba-881c-7c9934aaad79", "indicator--492c44d9-a92b-4c01-a84f-c451ff4a04dd", "indicator--fe4099ba-f034-4bc2-9f4b-f6ac9674824a", "indicator--143d1647-aa0a-4689-9b26-4d553ae23ed3", "indicator--31cb34a8-7b37-4284-90de-302b236db0e2", "indicator--c16bc8ec-5632-42a0-89e6-c433306b7d69", "indicator--dba2092d-1456-43a6-82f5-a777e5d269f4", "indicator--c8ad2a2e-225e-41a8-8c20-6d8af0ff51f4", "indicator--4a1b8a2a-615f-43a2-983b-29182c531329", "indicator--cded9ab6-5580-41ca-a0fb-88c46aa0c678", "indicator--3a9eac9a-d870-4a27-bafe-dc45f9bcf05d", "indicator--794fb329-6a76-4aa6-807b-35afa9e84bfc", "indicator--3330d98e-c30b-4f4c-a8bc-8319f889d20b", "indicator--47c754c7-5dd9-4942-8c3c-fa2194033c0d", "indicator--c8a5b3e0-cffc-4512-b9a6-18fb20931353", "indicator--00300d18-c239-4642-b10c-0a5e4a9d1f73", "indicator--6b905f20-02ca-43e0-b798-cf3416c0a5d8", "indicator--e63a748c-eca5-4d29-bd41-2b4655b58ade", "indicator--1e798341-68fc-4029-81cd-0fe25d3e42de", "indicator--815e0463-2040-4fb9-9e15-e92e95c9f051", "indicator--4636e367-85a3-4542-9f85-429544f63585", "indicator--966f2f21-5716-43e0-9dc4-36eb6605f21f", "indicator--141a6bf6-daa3-4f65-8b11-a69f3d04897e", "indicator--7630c579-bee9-4743-8a13-b0d75a8ab026", "indicator--93c2a2fc-500f-4267-beaf-e807880c288c", "indicator--f37e8c5e-ff9a-4811-aff1-12c858b08dac", "indicator--546ade63-ac16-449d-9507-f0b376dce774", "indicator--10eeba0c-bf2a-4e7f-aa75-f65377595a2e", "indicator--ad226a11-ae12-4e55-b21c-e5c4a3bda50c", "indicator--ef15e9a5-5b4d-4049-9413-364e31faf543", "indicator--554eb4aa-1ca1-4f01-9faa-00a767bed7e6", "indicator--65fd894f-a6ed-43f6-9848-1d92221f80fb", "indicator--b35f5ad2-1901-462c-8bce-b77e67f29bbb", "indicator--ad9aed89-404f-411f-b4f2-ed97c0add90b", "indicator--66abef07-ae04-427a-b20f-b1f43d53b383", "indicator--08d0321e-4f70-474c-8252-6e1b6a46fd8f", "indicator--6eeb74e1-1e29-47bb-ae08-37fa752ad4b0", "indicator--e599f001-3d93-46a0-864a-ae63258cce83", "indicator--115854e6-cd5d-4346-85bd-ef9912eea02d", "indicator--01f011e8-2679-46a7-a66c-ddfb0b69a358", "indicator--4cf2765f-83b2-46c1-8c3d-d39c95d84781", "indicator--e06380f1-b115-462c-b516-66c7a5d17e30", "indicator--90f0aeb4-91a9-4660-8dd6-9e6721803ecb", "indicator--eb35845d-81ca-48d1-a36a-9ecceb979937", "indicator--bd8a817a-f957-4ef0-9258-cfd46a2d7e3e", "indicator--a7fdd92f-8f2e-4867-b29a-0a37b903c967", "indicator--dd540f27-d932-4253-a23b-f109073b84ce", "indicator--01337871-a87b-4d49-a769-1c46f0bced2c", "indicator--64cb56d8-1a6e-45dc-ac59-15e2fd28daf7", "indicator--9caac11f-d116-4fe5-95c2-819e782e90b9", "indicator--1f9f74ee-76a3-47ea-959b-431936d53474", "indicator--0a44b970-081b-46af-a32a-0c6e6fcf9013", "indicator--4d3d355b-cf1c-4c9d-b9e2-dc6fde4f3e6d", "indicator--cad10f8e-bd3c-413d-869e-1282677ce196", "indicator--50a41c4c-5f41-4577-bbab-850bca5ba98a", "indicator--a0b159f0-78ed-43d0-8d33-1a59bc84220c", "indicator--30c8dd97-130a-42e4-a27a-5c372c8ca54b", "indicator--fd10f259-72a2-4040-a44c-90aa714d30fa", "indicator--caa659d4-718d-4193-aef5-1bb9acf3a3f2", "indicator--467be853-c62a-4f45-ba7b-d448c0e5ba6e", "indicator--8fbf254f-e8e6-4bda-9a2f-e098d1dbf6f7", "indicator--8714e7a0-bbe8-44e4-a187-727367aa671c", "indicator--06952e62-3c55-4c4f-895a-93b6f6e71b57", "indicator--1fcde5a1-2a19-4c85-a47c-364957897a72", "indicator--36e22999-2b6b-49d4-983e-7eba08b8ed0d", "indicator--0c00b460-219a-41f9-b7c6-5f5e48724b57", "indicator--66798b17-5c05-45c1-8b1c-48d106205aa8", "indicator--4520ca01-27ff-48d3-a42b-b451a792c570", "indicator--70edb049-8175-4196-8d38-32ec22aa7773", "indicator--c279c9e8-95b0-444c-ae65-fdcd2f2d7e08", "indicator--90a48319-1e9b-44d5-8836-7cd5ffddf606", "indicator--131fde3a-6412-4a11-a2f5-c9d8e1525aee", "indicator--ec772d00-c045-4af0-a931-d7bf1d61d2dc", "indicator--c5e45712-8db8-4a13-a417-d1f49a67a3df", "indicator--18903672-8e03-4818-9427-84e3324d3815", "indicator--822c3d0d-01c6-4fc5-b5e7-0014f04083ac", "indicator--dab47e17-fe5d-484b-8481-49683e6c2c3e", "indicator--18e7b38d-be20-4a2a-94b2-9d62811fdc71", "indicator--39042c60-af28-4f8c-b99e-46a6987de5b0", "indicator--a7a664b0-d2f6-4019-8c01-79b4dd964787", "indicator--af3fbcd0-8d6d-4980-845f-b61964f93e9f", "indicator--36993581-0219-4b8b-a7a7-383a8d14be93", "indicator--a3c11f59-2df3-41f6-8d56-3210111bc2d1", "indicator--724a6b8c-131b-48fb-899c-08fa2dc74dd4", "indicator--eb457b60-d818-4962-ae57-f3dbc07b17f3", "indicator--64820130-411d-4b7a-a1cd-08c704e1dc70", "indicator--3bf7de79-ffdd-4fde-9e36-0999a87ba4ba", "indicator--6a0ed9e7-7f05-441e-b17b-79cd73b95874", "indicator--526fbd96-e596-45f0-a4bd-c9f54509f129", "indicator--ffbd70f7-cc91-463b-9db9-f9e0f0fdb211", "indicator--17b1e8ea-3cfd-45f0-9dc4-4b34227fd463", "indicator--aa203d33-ceaa-4add-adc0-ef8af92b944a", "indicator--ab0a3318-128d-45a4-b05a-6c286db07365", "indicator--f6546f80-d86e-448c-9452-71bbd271a3d7", "indicator--67d83370-cdca-4157-95b3-30aa8e9c8022", "indicator--bc7e449b-72f1-480f-82da-d74a464991d0", "indicator--0d6adaca-f41a-45af-8be9-29a9acf6a0ef", "indicator--cc67bd13-99d8-404e-a390-0f466eb15c39", "indicator--8580d6e2-b89e-45a4-b9bf-f5dfdd6c116d", "indicator--ae6d4ab6-b7b5-4056-af7e-786bca061ce0", "indicator--11511813-2a0a-456b-adb0-3db212e4c333", "indicator--9a8f5a5d-1db3-4de9-94fc-d8e93fdfaa82", "indicator--84463d24-3327-4dcb-b087-0c1e06152a30", "indicator--c9237f5f-98bc-4265-8511-e1f06cfb3cee", "indicator--cb53e6d3-a2f4-4269-ab5a-0a4c13472f26", "indicator--69068810-5e81-4e46-aa01-87db1d629503", "indicator--32d642e0-87a1-4836-9ce7-8e2ef96c1410", "indicator--17abee0c-3ace-4d05-89be-aa91a7db6729", "indicator--319ccde6-8294-4be2-8e0d-1eea39fd7a64", "indicator--8d65a02a-d3ec-4ef6-8787-a532f1cc9dea", "indicator--891cd310-bf7c-484b-afb6-019b80c2e4c2", "indicator--6281d217-0236-42e6-aa73-8f833a442715", "indicator--6bd1bbdb-3b30-4818-b29c-4117a6ee528e", "indicator--c583cb0c-aca5-4396-94af-c886dae45c9b", "indicator--a5e37c26-d1ca-49e8-b702-07ce2a86e162", "indicator--0fc0fedd-bbea-4ec3-85ee-ba1edbcf0911", "indicator--bcc6d11f-684d-4b35-99fa-fb0279ad8e9a", "indicator--4142bbe6-12c7-4828-b569-b5bec8737937", "indicator--e686c94d-5850-4233-8fb3-a12e4d873fa8", "indicator--26d971dd-ec82-49b7-ac67-595ee7806006", "indicator--f991253c-6fee-4398-871e-0d8e349b6d39", "indicator--ab534c82-20ba-432d-9b34-f29c9feb2ea7", "indicator--120876fa-1842-4baa-bc77-4a51913764e6", "indicator--43b04191-6f5a-4b83-8d41-66927cca7562", "indicator--7bd690be-566a-47e4-8935-2c63cb1696b1", "indicator--fc27401b-8fd7-48f1-bd6a-b77b89132304", "indicator--54f4c0ba-8b28-4f17-909e-f48c29d2c921", "indicator--8cfb02b5-2956-45a0-8c4d-db6cbabf9acd", "indicator--9b0fc993-9e6c-4c85-9a03-a026d0258783", "indicator--cef5deea-9e61-4ffe-ad2d-001936ce8930", "indicator--55a096af-23f9-4977-811f-f5d4e33a7162", "indicator--63258efb-8562-4c19-add1-33f1a13801a3", "indicator--e770150e-082a-4ff1-b081-28e56b21abec", "indicator--a452f724-1772-4d1f-be36-683c0e7ac70e", "indicator--d497e682-7d56-42a2-a013-c0245e6a1381", "indicator--61b1fc8a-4894-4702-bcfb-6dee57f4c9a5", "indicator--de6f4f33-14bd-4767-8965-2e9fd229f00a", "indicator--d2cbd0a6-eaf4-4128-8a07-1600611a59e6", "indicator--19b27912-0566-4c06-b65b-e3e88862e377", "indicator--12f605b5-41cf-43a4-9633-77cef81b6055", "indicator--a5624028-1789-4589-a207-7829f8580ff1", "indicator--21d4e3e0-b8f9-4180-bde4-8b822937ac20", "indicator--74d56e31-c08f-4528-8909-51fbce8452ce", "indicator--1323cb8d-64ae-4eb5-a771-f9ca16726140", "indicator--f920435e-7f57-4fcf-b3ad-52c0e31c84e4", "indicator--72101546-4645-4089-b287-d800a2120410", "indicator--8be2d5d2-4254-4dbf-9aeb-73d518407c9a", "indicator--ab437546-7c1a-456f-ba5f-3752f39af5c8", "indicator--14d9b484-3850-45f8-9254-2282d3ff6e47", "indicator--08a8377a-a8d4-409d-ae82-17c0d4612f16", "indicator--3754cb58-8ac9-4976-9cfe-81ac10733e3e", "indicator--ed968c2e-c814-43ad-a773-5b56352912ce", "indicator--05d0583d-a14f-4aa1-9529-75025d76cd48", "indicator--bdbb218e-e259-487b-b620-1e922f4b04d7", "indicator--6ea72f46-a853-4645-b28e-fa66c8b6f82c", "indicator--7f2ad43c-86a7-4be0-89c1-032251a526ee", "indicator--bdc74668-2504-4f35-a6c9-f9cf5a3ca320", "indicator--cf316802-7cc3-4c5b-9493-aeb86a92f3c4", "indicator--ece61835-5748-4bf4-94f8-91bead1e4582", "indicator--15a28fb1-5752-4177-8209-25e29fc5b5af", "indicator--659910d4-8fc8-47be-9849-af751d9b0ee6", "indicator--e95b5986-3a19-4ed5-a07e-a1b334643e45", "indicator--2e8a596f-dcbb-427d-9914-23420e91b5a2", "indicator--3361fb14-e693-4b66-9637-7a1c083a5f6f", "indicator--44eaf8f0-70ec-4345-b638-3ff02206c145", "indicator--1ec83457-89ca-4c90-88d9-8e2ede9987d9", "indicator--6bcb2e7d-e0dc-4656-b466-39548cbf64e3", "indicator--9699996e-00e8-45b5-8568-b38aeffe2018", "indicator--5e053d83-586c-43b5-a058-48b529c8bdfb", "indicator--9768010a-6762-45fb-8dfe-86e3246ac65d", "indicator--dc661aa2-91fb-418a-98b5-62c4af53e8fa", "indicator--74db1c25-9047-4a99-a13c-a66fe39fff48", "indicator--a07bd37b-cd63-43f5-81f9-b6281ba5c417", "indicator--39b1cee2-0157-4df8-b58a-cafe5e82b885", "indicator--bf9e9922-982d-4002-94ef-9fa55931b47b", "indicator--0ab6fc08-fffd-441e-9138-d302def6fb4d", "indicator--700d862a-2e8b-4477-bb74-45e2489d6d9b", "indicator--fde2b856-cb93-44a4-a4f7-1fb1880298dd", "indicator--c4ed092e-5c74-43a5-9c6c-639519de6c5d", "indicator--aedf35a1-1cef-4a4f-8e8e-bd18e38deea9", "indicator--e86a045d-32a3-412b-a50a-89016bdc35e6", "indicator--c514c57c-f8ad-4d83-9fb0-0c0e7c69d177", "indicator--47bac6c6-8cd8-4da9-ab94-4fcaba347968", "indicator--ee5b649f-e7cf-49a7-acf3-a2796890fe9c", "indicator--8d7ad215-777c-487a-88cc-57d62380c427", "indicator--c5228807-84a2-43bd-93a8-921e15f7f3d6", "indicator--d0226885-4053-43ef-88e7-8319d1656fcd", "indicator--0544b0a4-150f-44e2-9a5a-f6d1d8e7d9c4", "indicator--ef0a03a0-9fe5-4d0b-80c3-a04c6dcb460e", "indicator--3683dcd8-3750-4d80-9d3b-cee793a4d6a3", "indicator--0f00ff66-ce4f-4b98-a90b-f918c3a331ea", "indicator--2e3acabd-3547-4140-b0c8-5e0daa1dc90a", "indicator--17da4131-a674-48a3-b52b-85cde2514c39", "indicator--8357fd41-bf3d-4e4e-8770-b69640321adc", "indicator--4a925119-1bc7-4da7-8589-73233fad4ed6", "indicator--ec4fc5ec-0a59-4d45-87aa-f41bcb934270", "indicator--97a05772-1369-47fe-96f2-92e58fa3f634", "indicator--bb1fd2b0-987d-4149-8f89-3745ceee65af", "indicator--76ca5c84-a898-4f49-bc09-bdf2012a6d6b", "indicator--1a414b11-b16e-4745-a629-1f71e5a80866", "indicator--694933e9-4e9b-44fc-8bd5-3f6a732259e0", "indicator--73890bd5-eff7-42be-b2c9-2f9a7d543d61", "indicator--42ba12d3-1837-421c-80ad-f41ab4ada3ba", "indicator--b716ea85-394a-4653-a635-534b9bc31c8e", "indicator--72e6dae4-ea26-46f4-bf1d-e54395db75f5", "indicator--e9587fac-15af-46a6-8f5e-90285118da7f", "indicator--64c341cf-33db-4c36-9e73-bff9b8d23a53", "indicator--8ab81fb8-f88f-4c18-ba7d-e236466e78be", "indicator--824a9d5e-2bd2-41ca-9503-b922d2e59ad4", "indicator--a7abb310-2c0f-4a5d-abe4-b8df8754aa8d", "indicator--b48b8b10-4910-4958-95e2-68bba2b8913b", "indicator--dfbfcf27-4788-4b1b-bcdc-5824fc7e977f", "indicator--a6142a73-80b7-43a6-baa4-9306e5a40372", "indicator--d252e15c-2bd3-49b3-b443-053df6fa03b8", "indicator--7117fec9-d753-488c-81ac-75b55069b416", "indicator--6048cd34-7570-4a1c-b495-ec38da3c1061", "indicator--cb732453-2bc9-48f3-af8d-e6f910fb637d", "indicator--fb37cf8d-4a42-402c-b1ac-b33cadca2d0b", "indicator--e9cbda4c-b1b1-4d54-acdd-2a9a802320bb", "indicator--2fad0693-091a-4127-bae1-f4d2f388cfa9", "indicator--89595dd3-1d35-4969-991e-f4603d2e95b2", "indicator--eb15175c-f54a-47a8-b9db-ae58891e4da7", "indicator--003311f4-313e-4509-b2ae-5e4b3c5e8f92", "indicator--bdcb8d61-7550-429b-9fea-2798d71b81b0", "indicator--839a418d-1e72-4862-a462-1cf2f5f0dbb8", "indicator--0e7b815c-89ee-4775-af0a-05b3a898a65b", "indicator--c7b041e3-54d4-4520-abe6-829f0861b3db", "indicator--525c105f-2732-49b4-968b-88e8fdf68653", "indicator--3e5937ea-e57f-4b05-8c0a-480da8e0e908", "indicator--ff915287-6b77-47fc-bc31-2719cd8ba032", "indicator--b0cc18d7-08f3-4c79-a7a8-1d0e9467ad2e", "indicator--b4109068-66be-482e-a0a7-578dafa3b830", "indicator--3a4f1a7e-6c3a-4fb7-95a4-67a03b915917", "indicator--56de459f-4df4-4cf5-b3ca-ef7b658e5979", "indicator--37e796e4-4d4e-44f4-8c4d-bccb439c706f", "indicator--3b9e25d8-4a64-4302-8bfd-2b1088227290", "indicator--4238f191-d585-4cda-83f5-c2f0b128e072", "indicator--a0a5917d-bca1-4b0a-befa-0b0789672bf2", "indicator--29f806d1-b550-4a4c-ab16-de1cd069bc6d", "indicator--2bacbba9-1b0d-4b5c-8cde-180d19e3564d", "indicator--a7d7fced-c1af-4e87-ad9a-2082cb0c25c9", "indicator--52e00c87-67e2-4fcc-b80d-4fe844993269", "indicator--3cb32772-7656-4042-971c-6a4b5f195735", "indicator--a8302d05-84f0-4034-8490-f9d53b856576", "indicator--43c03bb1-d951-4fa4-ac5f-3beb1346478a", "indicator--a88f6e57-923b-465f-8318-95722a3d8a76", "indicator--a13eecf3-ab5c-4f52-b374-0194403b180e", "indicator--fd0433e2-1444-4a7c-9a9a-e43b8010137a", "indicator--a5836436-39ca-4f66-a77e-eddb9d657e66", "indicator--67f32c9c-b9ba-4c2c-a096-eddff67de666", "indicator--e5378c93-94af-43f1-8776-a2fb4bf72344", "indicator--5b674927-62ac-4cbe-9c21-a59964e8bf34", "indicator--87a14c50-5824-4cb6-9db9-7b2e915c5fb3", "indicator--845c7f10-89fc-41de-b4a9-3c4118baac63", "indicator--2f93d150-0d2f-40da-847b-c70dea74909b", "indicator--d16eed3a-ddee-4f74-a823-d347a5cf2249", "indicator--e97befdd-095d-4980-92c0-5d06d71d3176", "indicator--b6bfb479-b11b-4a1f-bcd4-f30e840419f9", "indicator--5be36b9d-585e-49af-b38c-d4bd01a7e138", "indicator--22a74f4f-6a23-4cd1-91ef-faf10140b08a", "indicator--80685d9f-d86f-492f-8ea6-1e82a92c2d8d", "indicator--f6bee44f-59b8-4480-b5c3-f231a5acd2d7", "indicator--9d82a888-bdcc-4111-bae0-ed0e31c0136f", "indicator--32d9f244-156a-4080-a447-8a698ba9c220", "indicator--fdc77387-3cfc-47bc-b36b-caa3525c5c03", "indicator--52ea8f2c-a793-487b-b1b9-8605abb8669b", "indicator--c519f6ed-bce4-4807-b5a9-d6be1f3f77f7", "indicator--b78aed1d-8381-4612-8ca5-aa4be578446a", "indicator--25b70e9c-77b1-4227-9701-0e3359488906", "indicator--b4e93ab5-aa37-4c6f-9fb1-9dcc89b90cb3", "indicator--b7ad2fd8-4145-4cec-9ba5-5eef8ceeec5e", "indicator--211e1636-485a-4ac5-9e92-ee2cfcbc98e2", "indicator--dc62c94f-eeba-4a04-9979-27b0092fb525", "indicator--9c6fa002-7701-4cd3-967b-3850e3bc5dfb", "indicator--d6819ffc-900c-46a4-8309-231effdaf560", "indicator--03dd3212-b51a-4559-9ba6-25b292378b61", "indicator--bef44c6e-aec3-4313-be71-c943ff67b846", "indicator--acc39b54-5525-4638-8599-f59aeba7483f", "indicator--eed4ab24-021c-4cdb-bd48-d9db714e9c41", "indicator--3088e185-5d00-4f70-85ee-e495d46e6a73", "indicator--5961838f-c40a-4160-b0c7-320b260d3b0f", "indicator--02a0c099-543c-46dc-8995-a7d1d1924078", "indicator--cea3563e-7b63-4873-8a8e-314a69abf27a", "indicator--7f113964-160d-4429-9be4-7e61b7a7ae87", "indicator--5697a487-6f6f-444c-b3d8-ac0b39890921", "indicator--6d3a1054-8ea6-4065-bc61-46a37db02701", "indicator--5a8eda36-9346-487e-8359-917b64b457f0", "indicator--f9766a20-6acc-44d5-85de-31527925268b", "indicator--39222f89-9cef-41e3-a34d-51ac92eb26c5", "indicator--5675558e-71d6-46a4-ba14-8693b5ba266a", "indicator--a8e83ce4-79a1-424b-9f74-a9b74939287d", "indicator--2eae5690-94fb-4385-aede-567400859b04", "indicator--1234fd80-2369-4cca-86d0-622441a79dcc", "indicator--d499cabe-0be1-42bc-84d2-dcf72631487e", "indicator--95272097-0bdd-4fb8-b51b-9a63680e344f", "indicator--9aebdefc-3928-490f-9e83-8fa31977fd9f", "indicator--23ca490a-562b-45eb-a254-5a98d2425c57", "indicator--17ca0968-59a6-4ea2-b594-8185f9a1f43e", "indicator--6f06cab4-71e1-4376-8030-0a8923a3080d", "indicator--169dc5b2-87a8-4f79-9fc2-7450172c4e57", "indicator--68f8486b-7f1c-49ce-b085-ee83a1e00ca7", "indicator--66bd7d1e-ac26-4e8a-a739-a41f4e10044a", "indicator--c0b72120-9616-448a-a08d-58614c2fe5eb", "indicator--aea335e5-c6ac-491b-9dd1-8ad8bcc2bb26", "indicator--de721d9f-fa3d-48d1-b38b-fdad00c168b3", "indicator--a239c7f8-376e-4af7-b791-0d3ee295591a", "indicator--12f383e4-f477-41d5-b5d6-f21877208037", "indicator--de0a09dc-0036-4dfc-b29c-f21bd0942809", "indicator--cfff751d-7ab9-4a36-89eb-0b2bc95ae6aa", "indicator--5c102609-a8b9-4ef8-9f45-e6bea3442a7d", "indicator--c46f003d-580b-4e66-89b9-0b216ecbb0a7", "indicator--9f2cdeec-8c0e-4cff-83a6-2f072dc4f8f7", "indicator--e8b33051-f93f-4f10-bbe2-edb0405fdd78", "indicator--3d3c5788-3447-4606-8c25-ecc0fafe414f", "indicator--fc11791f-b64b-4491-ba58-6e95f7bb0fcf", "indicator--198dc93e-5e27-41cb-a388-8def99d33455", "indicator--8c31dcdc-b3ba-4068-8c94-053b5048191a", "indicator--4161e8c5-61b3-43e5-a2e1-1d2c02826c1b", "indicator--42e2c6c4-0536-4293-bfb6-01e465f24611", "indicator--aa2bd075-6b8c-4973-97d4-114f9d023b09", "indicator--0ec7473b-31e8-47c7-a3a4-867e2a0afa9e", "indicator--95ad1be9-8506-4847-b517-a2b6c90ce2e1", "indicator--78e73785-1a75-4036-8068-34b880a9315d", "indicator--84a1cb85-e946-4fe1-90c0-df247d54e6d9", "indicator--0cc5042d-f192-4223-a442-4e13b6751dcc", "indicator--af8785e2-b0d9-4d38-8586-44f060af9307", "indicator--f1382fcc-3e92-43bc-8d61-060fc0d4ee61", "indicator--61de0beb-afd0-4275-9640-24f59d7d8d23", "indicator--59ed22ae-29b5-4344-9905-d8a4f4c1ea26", "indicator--2ec8b951-2476-423a-9544-0a20c912e842", "indicator--891a0b8b-8fe7-4e5f-b921-d1869206c864", "indicator--3ee34333-c9ff-48ce-90fa-d077b1c88685", "indicator--3567cffc-e9d6-4ab0-9e74-b180dd82b2df", "indicator--f1ab7f62-697a-4489-ad13-ef4b453e951a", "indicator--7fd88a4e-f366-4a72-90bb-0c92eb595396", "indicator--47a4467e-611d-49fc-b9dd-1e0301edc774", "indicator--e00d05c3-5943-464f-9428-542e280c77aa", "indicator--a2357c92-1168-4777-8705-0a7daa58bcaf", "indicator--fbf295d4-af3a-40eb-b2a7-6aca53ee3fc7", "indicator--605cfee1-6094-4ebc-b26e-ec027431ff8d", "indicator--b90b1b72-bcef-44af-a29a-9544b9f3af35", "indicator--01db3bad-558c-4e84-8482-5cd100ef005e", "indicator--e6079f1c-1c33-4965-90ba-48ff45db7a15", "indicator--714c04f6-85f3-47ad-b833-618b19d29e86", "indicator--79aff396-63cb-4ea0-b6ee-b2ad3f43d49c", "indicator--5c84a1ce-5be1-4090-89c9-f0ad6757c451", "indicator--05ba9a4e-da31-47e5-b245-4a1fde295578", "indicator--3649acab-bf74-4df5-8ad8-4235374c094a", "indicator--acc30575-a289-4a32-9aed-ff8a12ef775d", "indicator--c0c5ad3d-d54d-4ac8-9ec1-05b97bd5905e", "indicator--7048006a-c9e7-472f-ab44-cf37c1f4bc5a", "indicator--de9924f6-2986-45ab-916a-7ed01b6f799f", "indicator--9a8325ce-9ec2-4eed-8aef-6d77acb55098", "indicator--0680a16c-7ae7-4fb4-869f-d7815e5f6445", "indicator--bac703b1-fa5c-44e3-b5de-ff44b5888e70", "indicator--7b87b049-3206-4be8-93c9-c76bac2e9c59", "indicator--d58128e9-3a08-404a-a209-c585bda79f6c", "indicator--d471b995-31f0-469b-9ab3-0be3270b4dd6", "indicator--8d739013-fc9b-473c-b141-b6f664e8c8c3", "indicator--876e2fcd-d562-4330-9413-50fd3cbe572d", "indicator--342a8a86-3a67-413f-b295-04e175dc6591", "indicator--84cde844-0820-400f-96cd-e1366b575e31", "indicator--d78f5491-38f5-44b0-a773-d267c05e276d", "indicator--5d1d22dd-f034-4885-b687-2e628d08e4ef", "indicator--85129370-7191-481d-a8bd-065b0c0bb3c2", "indicator--c5429b47-1171-4fac-bbac-afac195b6ca0", "indicator--bcff8e5c-a20a-43be-b7e5-598c82c59a4a", "indicator--e4012f1b-38e3-4f84-8ea9-b14a5c1097cd", "indicator--d395f2f0-10a2-4a4c-8c19-e587ac70d680", "indicator--104be811-6c84-458f-89b3-216d0c8a8206", "indicator--d3d26df8-8e76-4c87-9539-5a2187822c29", "indicator--23773df4-22ec-443f-8fea-0831a8e4b494", "indicator--7c521b0d-6556-4a65-a97a-34de105cc233", "indicator--9967f8bf-2967-4d20-96b0-84f1f7260d3f", "indicator--d5a84a7a-59fb-43bb-86e3-252c2a648677", "indicator--2c3a2e10-a733-43df-9e26-973bd528c677", "indicator--955648b7-acb1-4c4c-bbb8-4a2e6dc2cbad", "indicator--973e8952-8018-4ecd-88c2-080413b1f0ae", "indicator--c6d5e3ff-7c5f-4cf8-a194-2a512cec1f5a", "indicator--21cf6162-3220-4a96-8e5d-3d63b51a4f59", "indicator--a6937546-54f6-4776-80b7-ddb0581c7914", "indicator--5632842f-7fe4-4831-af6b-8eab6e93e770", "indicator--5763f237-ed56-4f9c-bfc5-38c51b94cf29", "indicator--5238b69c-ea98-4e81-b88d-2733432e791f", "indicator--9c7cd9e0-3079-4af9-bbfe-a5ef86db0fbb", "indicator--f3744a76-c3e1-4b3b-a7a4-f66bc179b49d", "indicator--110f5902-7ad3-49d5-afb6-332c370c7cd6", "indicator--3ed3166b-aa36-4d69-99c9-f950ed2470df", "indicator--8aa33bf1-8d4c-41dc-af2e-9feda0e0bf6f", "indicator--77bf63c6-c51e-425b-9edc-de6a36dea57b", "indicator--acdd89bf-2d28-4369-83d6-68af1c1790d8", "indicator--2c29aca3-ac35-4acc-aa83-7770e5dfa04b", "indicator--dee45bce-68ac-4c6a-a9aa-33baaf1e9f6a", "indicator--d0dcead5-1c5d-4f11-8429-719304902696", "indicator--7dc2c398-fd38-4e56-9325-422cf0fd2b20", "indicator--d34dc709-1f86-4434-8e48-163e1df9d121", "indicator--eb4e527c-7006-4991-a5b8-b912491b489d", "indicator--0b407f95-ba8b-4949-ac9d-f710295d46d8", "indicator--89839be6-c9f6-4d35-9ce8-61d9122b26bf", "indicator--fbba8f14-3df8-4fbc-abeb-149fac83cf6b", "indicator--1a37de3b-082b-4511-9b6e-e1de50f28d3b", "indicator--19aed906-c4b2-41ab-b9df-60ba08e4e3ff", "indicator--3aaf6bfe-e61b-41e2-b248-3dbab3f45495", "indicator--31f4d58d-f815-4b31-9ad8-2e66e49660f2", "indicator--099bcabd-486f-4a3d-83ea-ad499b2cf80c", "indicator--d49eda2b-ffb9-47f7-99c6-9d1cb6bf7e7d", "indicator--bb3e860b-cb2f-4f6d-8f0b-ddf579909508", "indicator--f04a6d68-ed12-4de2-afa0-3f470be43356", "indicator--eeb8e7fa-4a07-49c5-b86f-186a799bd6f1", "indicator--59e945fc-61fe-4f0b-a36e-0a8c19faaa46", "indicator--6b6c042a-659f-47b9-bc11-ebf970ebe9ae", "indicator--5f81ab99-a20f-41a1-afe9-fece29eda429", "indicator--56a58014-046c-4911-b22f-83210335dab4", "indicator--b7be4521-b626-4ae6-9cdd-d8d33e937781", "indicator--cbb97b61-ad94-4141-a576-1d28df765f75", "indicator--d2f8e704-ad4d-483f-896f-61e54bcea356", "indicator--89768a42-4c44-4dfb-8df9-f4820a90a022", "indicator--a403a41d-78da-490e-8448-474831d6f09f", "indicator--cc8083b1-5970-4d4a-99eb-47cd9adf33b9", "indicator--0b4c81af-5747-4798-9435-ede9dad38982", "indicator--703872d6-5d44-420b-95f7-b539e6f140f6", "indicator--a09ddee1-2730-4a60-9b8f-ffdf54f56ba1", "indicator--15269d64-e8cc-419e-bf7e-4806aada0d79", "indicator--83231eeb-e6eb-4891-99ec-a855d9192b19", "indicator--0598e3a8-9d39-4259-bf4f-56feb8043e3b", "indicator--b4760fd5-2cf4-4d1b-b6e0-47a0363b40d9", "indicator--8d5ae7e1-90e9-4184-9389-6a6e652da126", "indicator--03964732-c63f-4aef-acf7-c45a5607ae43", "indicator--cea57427-13e9-461e-9161-d14e15b85bac", "indicator--9ec4613b-b23a-41bc-9f72-58a84c99318d", "indicator--d38d8962-34b2-4a26-be5e-6d2bc1ec6629", "indicator--de0de826-01c0-473f-9934-3fa57f2baad0", "indicator--a4d7d268-52bb-4c00-987b-030464871700", "indicator--7403d77a-bf98-4d88-ad60-01b9a07aaf9b", "indicator--d41ca3ba-b580-4c0f-b3f5-af334aa7621e", "indicator--c8f242be-4eaf-47db-aa7d-ee3c2fab3d7e", "indicator--7399fe23-3ab1-48e8-a8f9-a9f033a351cb", "indicator--3d892efa-935f-4672-a5f9-f7fc71d17954", "indicator--0fa3e248-0c67-4e6d-9d2c-385c98085f00", "indicator--4a25c238-6552-444b-b236-36f60a26cb71", "indicator--eafb4c1d-57b7-4711-8ea5-a7f4853751e0", "indicator--39461792-071d-4001-81d5-2fe84660527c", "indicator--3ed19331-85d6-4a9b-a0d3-3fae2d38405b", "indicator--72ffa74c-9f8c-4483-9236-7b7522f8275a", "indicator--ab882020-5173-40c9-9fc3-493b4889b1c1", "indicator--dab4e78d-1f66-4fb8-83e8-7e7cd9d12f59", "indicator--5d346457-e743-400a-a75f-798c1c26e04c", "indicator--cc7c2e21-1c6c-4c06-a4f2-d8cd16047f4f", "indicator--c541be83-e1cf-4dce-b524-b92c95da73b0", "indicator--adcd4741-65d9-434b-92fd-aac0a2d3ff5c", "indicator--7e82a2d8-d43e-44e6-a7f7-8f4f314e2a81", "indicator--1aa15a03-50a6-4319-ac26-81028156dbdf", "indicator--a168ff40-655f-47ea-9bbf-c1bddf214f2e", "indicator--0210dc9a-1cd1-4dd3-884c-be1d171a8a43", "indicator--31fcd257-c55d-4b3f-8179-60a2a0202db7", "indicator--30606a1a-4309-4389-996d-8c0fa1908395", "indicator--5c983946-0b7b-4b4c-a91e-860ef5904a00", "indicator--3b06a120-3fdc-40ec-903e-b275eb455ed7", "indicator--6af0a62f-fbb8-41e1-be80-f9d1cdab6bbd", "indicator--1dff789a-4484-4901-b41d-221bd542b780", "indicator--57a452e1-b246-447f-bce2-9cd5c8f09129", "indicator--476e3368-adbf-429a-ac81-b66bc80c279e", "indicator--13b0a65a-5ce6-4bfc-a1b8-acd8f20dd20e", "indicator--c117fc76-1e23-4cee-bba6-653468fa8e45", "indicator--30df86a7-4db1-48f7-9d46-50b5b227ebaf", "indicator--0c8b9890-a357-4f4b-bb93-d247d68c573d", "indicator--7983996b-ffef-46e8-812f-a2c002f866c5", "indicator--1a114c66-7d00-485a-ad3b-db77d98095f0", "indicator--dff09ee2-6cd6-459e-8a15-77fb4e762c32", "indicator--66f6c16d-8f04-4177-bfa0-3036ebf6f6fd", "indicator--11c6a866-515b-4f00-ab94-99031eb84b64", "indicator--2d69c71b-6f4c-4354-bdf4-17e152fe4175", "indicator--af4f5331-db0c-40c8-b1f4-48435b357d4a", "indicator--23c9a10b-86bc-4987-be6f-a0c521ecb680", "indicator--97423172-849e-4dc8-bb0b-e6b6dc6020cf", "indicator--b199b3d4-83bd-4628-942c-f723dafcbe70", "indicator--5c417bef-32c5-4b80-8269-d288537ccb6a", "indicator--a2f47bc1-1b73-44a6-ad62-023bda7d0bfe", "indicator--d31290f4-103a-42d7-8f07-c20201c254de", "indicator--9fd9eb15-7a22-449a-8d54-c1b9df3601f0", "indicator--d5d17004-6f08-4afc-91e7-b0db38984967", "indicator--962cbb15-d555-4199-a43f-fc376d00d178", "indicator--d232fe2d-32b2-41b8-8847-7a373b909547", "indicator--3d124576-8830-4431-ac93-685e66941fe5", "indicator--88b52964-44c3-4462-82b5-7ac1688b9fd5", "indicator--de65199a-b137-45b7-bf79-937a59188978", "indicator--7c01811c-efc4-4f80-b528-1c0e552459f2", "indicator--7b2ef57d-5a96-424e-9b6f-cce75355157d", "indicator--b2355aba-70f3-4232-9b03-744d590c3e59", "indicator--3ceedc5a-2cc0-480e-b662-15775d7cb434", "indicator--7278be11-7c59-4bfc-9e32-9245b0b41dd3", "indicator--e76419f0-bdd6-4f98-a5f7-b6fec23bc29f", "indicator--18c1ce9d-bd68-418e-bf4e-79217d4ead2c", "indicator--bfc1d659-9f7d-4dcf-a203-50694edc6cbf", "indicator--f63e8b8c-e4f6-4632-b116-758787d9e75e", "indicator--23f0b051-f904-43c8-b757-754a62884caa", "indicator--ec14419d-c203-4edc-9a4d-5ce61f541aab", "indicator--13d7c6f0-aa67-491a-94b0-a4d5586eaf99", "indicator--910de9fc-53f3-4b1c-adeb-3244f1fa0dbb", "indicator--ce77f0eb-ccc7-4cf8-80c2-5fd40634e8e5", "indicator--c31da4ac-44c8-4030-b063-861e576e6828", "indicator--faf5978e-22a8-4446-ab84-6ececb9a0be9", "indicator--d58b7b58-a9e7-41ea-b84a-0121ad3f8b24", "indicator--9d23b026-f460-4c1f-bf3e-c923623f246e", "indicator--e09aab98-bf8a-4ff7-a9f6-68ddfd5f2e95", "indicator--8e5823e1-87c4-4388-a1d7-6690309c9811", "indicator--f6f9c52c-b086-4638-b92d-a8ef3f513c1a", "indicator--3a86b0ed-ef3a-436a-8989-6eec24fedcb5", "indicator--bf317105-6993-416d-aba3-48e522f92504", "indicator--992d45ed-0d37-4224-a3b7-4b46e245244d", "indicator--72153d33-01aa-4d8e-9c82-19f85966dbbc", "indicator--cf22e261-1d30-411f-9bd1-8a137e055a79", "indicator--4daf7e7b-3bcc-4a79-a6f3-a8eae58bb552", "indicator--0a66f230-ec6c-4869-8400-be88dac07ae9", "indicator--eb95c28c-bb97-44b8-a543-d58e10b9d0ff", "indicator--7fdff431-1a00-4d74-b348-ca116c4790a2", "indicator--6dc62a16-51b1-41c6-ba68-d44931bdb8e2", "indicator--4d7aa986-4bee-4c4f-a079-d6972cd82725", "indicator--a8a4a96a-9600-4609-8e75-d2303621f705", "indicator--45b6e8f1-7c41-410c-977f-b497e172d749", "indicator--9b5d390d-c442-4a5e-bcc2-ea3af2228a77", "indicator--5585e26d-73b2-476a-8130-0a5860e40f20", "indicator--fa179902-742e-4267-9177-04b871031439", "indicator--977135fb-f0f3-42ce-90a0-3600b3b62d29", "indicator--5cd945f4-38fb-43c8-b478-8e1e5cff88b8", "indicator--363fd7b2-0d39-42c0-abc7-dab28ff1d1d0", "indicator--72cd87e5-d81c-4fe8-ba79-231e52da4179", "indicator--156258c9-aa56-43c8-b4c9-ee6f83c51856", "indicator--fdd1723c-4569-4cc0-a9c5-4c5737d48781", "indicator--b546a7ef-7aeb-4192-9ae0-e7abf1b37a93", "indicator--b260bc25-b41b-4657-8d38-a8ef443cd1fb", "indicator--5e5dd9f9-53a7-4af1-b2aa-1c687dd8006c", "indicator--5ce3e036-2947-4d02-9526-f18dc0caeb4c", "indicator--14c13fa9-3844-4a99-b06c-57fb1674d90e", "indicator--72026279-a6d6-439a-823e-15ef400d2f24", "indicator--f9b9cccf-7597-46a2-9ebe-a8143c453cf5", "indicator--cb945242-bf3f-4ac8-9868-2c9cd003259a", "indicator--bd22ba50-f077-4633-82a5-ae3f44926e69", "indicator--f337650f-7d3e-4130-8618-6dc30edfb17f", "indicator--95910da3-be93-4618-a94c-28b2ec4253a1", "indicator--2f51c920-ee2b-4cfc-a0cc-edeb8fc5db0d", "indicator--e6a34517-405a-4a6e-8e29-16e65efbf7a7", "indicator--9fb80214-c871-4dbe-9909-10182c4aaa03", "indicator--f2f7ea7d-0664-4545-b437-91d53b65c71b", "indicator--31b8a910-8552-4add-b43a-2a7ea83ede28", "indicator--0fef10d6-c945-4ddc-b8d8-8bb75221923f", "indicator--d03ba1c7-ee04-4465-af90-a28055a27bbe", "indicator--eec150b6-2db2-4000-bba9-0e759f15f0d3", "indicator--34cbbccf-81d8-4b9f-8a96-67a76b8a194c", "indicator--68956b00-198d-4a53-8b7e-8837d971538f", "indicator--a642e8cd-4574-4c03-a5ab-d2c249943433", "indicator--15904379-4aae-4296-8fea-4968b80c7bb0", "indicator--1beba500-9d6e-4b4a-af6d-f889cda89587", "indicator--dafb65dd-58f6-4362-85c8-0c12719cd37a", "indicator--00869646-a915-46f2-adc0-ee10cd2a328d", "indicator--82ee4818-b2c4-4400-911c-9b861b23b0ee", "indicator--f5a47755-a321-4e2f-b27d-ce7d76571bf0", "indicator--cf7e2a18-ae24-48f9-8b11-d13badd38bab", "indicator--4f8d5c60-6d90-4d3a-97ec-0dfbfc897339", "indicator--45b27ef7-c2a2-4496-8512-5b4f6370de12", "indicator--6f24012d-28a4-4618-a878-38918b61794d", "indicator--1f31c387-c4cc-41cd-8e1f-19f921e2cf8c", "indicator--dee75eea-0218-4813-be2e-15476969e300", "indicator--11a7665a-ae24-47cc-a917-9be8b2ed31e5", "indicator--5219dd9e-97b6-46e0-b557-fa48746ba559", "indicator--7e4d3ed4-51ce-4d18-8ac9-9a612a6143b6", "indicator--c1255fc4-9c26-4e21-8e71-47eb259653bb", "indicator--ef568e29-b329-45ad-b624-dbced8daede3", "indicator--81634cd4-fdfa-4e7a-a3c0-7119998bcf1d", "indicator--da8dd170-b78e-4b23-9e0e-4435d4fd7bd9", "indicator--1bb839ee-4583-48e9-abf0-109327109b25", "indicator--58048c28-423f-409a-a790-51b3e0acd494", "indicator--9932a6dc-577d-4490-8751-0c864861b24b", "indicator--5c24580c-2592-4c2b-9117-f250f52441c3", "indicator--e5540244-e90d-43a6-9325-36fd36a051cc", "indicator--36c24c8b-a71f-46f2-9a55-112519b98279", "indicator--735dd066-deae-4170-97ce-65717d036cbf", "indicator--8ba3854a-16a8-40c8-a2e4-b403be9e891f", "indicator--33efb430-a8ba-4975-8180-8f9f3265e902", "indicator--d48bb4a4-6849-4061-88bd-82e34f88ee26", "indicator--27ce90b7-5afa-4259-82be-65ea7b54d763", "indicator--7da5a9ff-1f21-49dc-879f-b51966e750b8", "indicator--a1b7fb59-77a6-481c-a7fd-63c0db4fa18d", "indicator--8394f5d5-505d-4382-af22-68d46909ee7b", "indicator--52aa75ef-6c64-4600-8705-72331dd59d0b", "indicator--8f48ba74-8612-429f-96ba-e1e0dd34ca60", "indicator--0beb9ca3-146a-4493-b965-4c12ed1dff37", "indicator--6b63051a-a50b-4852-b1ee-6521292e9e7a", "indicator--aec8a095-ff13-4a55-b64d-5729901d3d0a", "indicator--e97a5cfa-8cbf-46d0-82df-7804fc1b1e9b", "indicator--01ff7a2b-105f-4e84-9e8b-2367a81932a5", "indicator--1ecc51e9-b647-4cf3-aadf-6510b2dcbd1b", "indicator--0a2d9443-5d89-48ff-822a-dd02c8886bca", "indicator--e7b13dde-3baa-4b2b-90c8-dbff283ff222", "indicator--2b9106fd-2c0c-4d15-8dee-99b47cbe3396", "indicator--37a5df00-91ee-497a-9256-ef71a863cc2d", "indicator--99c3148b-1d81-4113-9902-258f627b5bd4", "indicator--1784f784-eee2-43a1-9420-db593b099f5c", "indicator--c7240809-fa7e-463a-ba30-099dab0b756f", "indicator--1bd7d452-a023-464a-b521-db2f3c3096b5", "indicator--d5aa7848-c079-4a81-9acc-047988fddf12", "indicator--9d1c970d-d1fe-4755-916a-b4ba0fcc741b", "indicator--a0ee20a4-4914-4d3e-ac65-8586c266bbde", "indicator--817f8f33-c75c-4731-b586-c921c497e856", "indicator--e2af8b97-d34a-435b-aed0-67772a943b8a", "indicator--ab744487-51fb-4fd9-a187-adce57664910", "indicator--62dea49b-4e0c-4ee5-ae87-4c660c32845b", "indicator--6888a1ef-cd04-4f59-9198-a43a4fc79a30", "indicator--0a4882d8-24b8-43ba-8512-bc087757b109", "indicator--aa09a752-2a2e-45ba-a940-1a4034020905", "indicator--df313b5c-9f83-4a54-b721-d7acafd255a2", "indicator--bb04accb-d0d7-4529-b395-e4830a0aa4c6", "indicator--573efbf3-60f7-4132-bfc7-1e1ff341dcc0", "indicator--16fca6ff-57ea-4dcd-b0b4-8ac7fc18434f", "indicator--69ac9a35-2e4a-4fcc-9cf7-e24b3e546120", "indicator--7121045d-2b90-4dfa-b0cb-ac3356d376c6", "indicator--690aafd1-831c-4ea7-91fd-b614a302d33f", "indicator--f02851b4-de45-4cf4-b585-aacf87455221", "indicator--dc130d74-f359-4eed-be6b-92359bf645bb", "indicator--57fcb244-38a4-4805-b56f-fcd81efa5865", "indicator--30157229-4726-414f-b5da-2998bde30768", "indicator--6163e9ba-bbe0-43ca-b0e2-d4c0834fc215", "indicator--8b43a78d-f1b1-4474-9f14-343e502d7a93", "indicator--910b73c8-ce8f-4d4a-9b91-dee31730e094", "indicator--63bb7657-00ca-4880-8e48-87f012ed6657", "indicator--b54939cd-749f-470c-996c-250ef856a11b", "indicator--364d0347-3f08-4c4b-9374-345abd897b24", "indicator--9ed8e8c9-f1bd-478a-9ebc-359081c3e38c", "indicator--66669671-76e5-428f-8307-d6ff59c1532c", "indicator--8b83f965-d140-4001-b175-5f063ec72e80", "indicator--78bbc384-2d06-426c-8a78-88e97a143287", "indicator--43a07f2f-5834-4a31-b8a3-9327a568a835", "indicator--e3d3262f-8e1e-4476-bbf9-a74cf6e7fbb3", "indicator--1e6b5ea3-21bd-48ba-b548-9843d23ca914", "indicator--96ac7f38-c7c1-467d-9ada-07ff02cfe78b", "indicator--d82cb709-68b5-4c54-af9c-8f366796476b", "indicator--9c688098-cdea-4863-be53-b5e0827d0a04", "indicator--576c6db2-1a81-415c-9c5c-50c5b601e490", "indicator--f5499380-c669-49e8-b09d-91e4ed985555", "indicator--605ecf77-07ed-4114-ae60-9d8fcecfdfba", "indicator--ceb1f847-01c3-412e-b0f3-1a22086a646d", "indicator--6e2f6859-648c-462f-868f-8c6f1e7c47e5", "indicator--8d7923a3-102b-42db-82dd-4634feb716a9", "indicator--1e335de2-849a-4ba1-b612-cda2c17cfb76", "indicator--a395a8cd-5d14-4c3d-b9e8-08af4ae0bac1", "indicator--2d0ca266-2127-47c3-bb3e-7949f8116c7c", "indicator--8039e6a3-fc5a-4894-b25a-3dffb63d8024", "indicator--c5eab9f5-36f2-423a-ba3c-90812a6c4e67", "indicator--773e2f3b-0bae-4b4d-bf73-f225a265856f", "indicator--7de9df6c-cf60-4afc-9717-22d425ebb8fc", "indicator--ced2eb99-2db0-4246-95df-2ba9c0050870", "indicator--463baab1-2621-4c7a-895f-1c737fccc4f2", "indicator--09645be8-7bf5-4ff4-8998-47b59f2d5f96", "indicator--6a211097-07ee-4d1e-866e-81039cfc12aa", "indicator--f6b8caba-f917-4d55-82df-51ad42cc20e2", "indicator--af4e20c3-30f8-49d7-9fb2-efdf4db2ba00", "indicator--1f9f7b36-d5be-401c-b63e-9470d5d0af78", "indicator--37f2125e-1110-4f19-afc9-b35eec44b057", "indicator--6a854c92-3a2a-4436-ab0e-3b9c86cb8ac6", "indicator--6ba4e57d-ee14-49f5-b2c7-256d7fd73d0c", "indicator--2224a201-2c07-40f4-98c2-39241b0fc1f1", "indicator--0e9d9df2-1f16-43dd-9913-50a397af8d2d", "indicator--537c9bf9-3b38-4493-953d-268a26b9f7a8", "indicator--6447a0c2-0837-480f-91e2-868b53f023c3", "indicator--016d6650-94dd-4993-99f0-3e07b6c7747b", "indicator--5f0bbaaf-c796-402e-a90c-3a2b571f82b7", "indicator--110f46ae-b792-4895-8007-e28adb8bd52d", "indicator--d36e14dc-afdf-4f55-9833-8d8505c1a8fb", "indicator--526ab91a-b256-4caa-946a-3df36098a22f", "indicator--5c799829-12af-47bf-8d98-053501250f22", "indicator--65bbce73-0afa-4dab-993b-49d8a5842801", "indicator--13d44d90-e4bf-4678-b3f4-549439be778a", "indicator--4fc13c81-1dbd-42f6-b981-53754913508e", "indicator--38a95f35-83ce-40b1-9275-8e7201ea2b21", "indicator--d98bf4d2-44ed-4b09-a2f2-825d92619f1a", "indicator--6191d30d-6427-4bbb-a33a-3841455a5b18", "indicator--66db73ec-be2b-4c6c-8f8d-4f9f0ce19555", "indicator--f09370ff-9633-441c-a61a-c87c4bad2cfe", "indicator--a2072dca-181c-4452-996b-6ddfb2f13901", "indicator--50e98b2a-99ea-4a19-8d20-aa0f0b6652df", "indicator--0f229c35-5be1-4f71-ab1b-27ff4de69d0a", "indicator--a577acdd-8a6b-4757-ac29-4b52fc371163", "indicator--34e0b8f7-3d62-426e-a53f-d29ee5b88d1d", "indicator--cc7d1c8c-591b-4908-a593-6d8c08b33c76", "indicator--76c188f8-02dd-459b-8db9-84d0cf1de809", "indicator--e71238ca-bacb-4320-90d0-0a22c32379b1", "indicator--a1fcbdec-7512-4020-bbac-db7d86c1cf20", "indicator--0e530950-8442-4bda-bdd2-2d86684177c9", "indicator--97d8bed2-735f-4eed-a8e9-ab26b122a12d", "indicator--953f0ad5-8e0a-4877-b026-44cf242c8af4", "indicator--f6dbe19e-9197-41eb-9db7-520bf3f0c3f8", "indicator--0f204461-9606-40ea-a903-6caa62e6ce1b", "indicator--d5820fea-50e9-40f6-a0eb-538f131534da", "indicator--95b43434-2586-429d-808b-b7c5af98d9f8", "indicator--600070c2-6d5e-48bd-a664-8e2aaaa4d5b9", "indicator--3cc889a0-9d2a-42c3-a894-366f4b01a03a", "indicator--b1618aaa-fee6-480d-9c99-d88bd23c0654", "indicator--1c95c695-c8b6-492d-bc56-67f815946455", "indicator--7e84f21f-7bd8-4b3a-8261-65f536bf5167", "indicator--fae84f4e-272a-4af7-968a-26c04b262af1", "indicator--a1f73ca6-f4d7-4dc8-b356-d4222c53fc39", "indicator--b5b26951-6aa1-4865-b575-3c2e2183a743", "indicator--dd22ed87-3857-46a4-aa10-a4bb6a646389", "indicator--716f1398-db78-44a1-9e59-99ce177a8f4c", "indicator--02525f38-7721-4717-860d-3dd3f64b2c33", "indicator--559ffe85-0815-43c4-b37d-01525b808d60", "indicator--11307692-aebd-4440-a780-06b300bf9ad2", "indicator--ff3b3a0e-e475-4802-92a6-5d8a703e4125", "indicator--ca019813-dfdf-4207-9ad6-2d09ca1ec309", "indicator--1afb0029-0073-45f2-b7ec-2fb9a03fd8ea", "indicator--1382ddea-7c8b-433d-9864-596b60b33833", "indicator--15fa3ce9-f146-4506-9dc2-180a4f064b56", "indicator--a980180d-ad2d-4ea7-8e3f-96b803c66739", "indicator--be4c9851-81ad-4649-8a1d-c3b12ea2ca9e", "indicator--ea32111f-58ae-473e-a936-dba6b37bf9c5", "indicator--d5d8b873-1518-4281-9232-feee5233a799", "indicator--81e6deaf-22db-4eb6-936d-26e1a99d496e", "indicator--5563d4b1-3a3c-4788-a8ee-9e93cd151d45", "indicator--7316f8a8-9d3c-408d-8dfb-ba438ceddb07", "indicator--50a6542a-5a11-4f10-a01b-3cdc71c3a8db", "indicator--f26fc0ec-a64e-4f83-acad-2119cde9cd5b", "indicator--81871b01-4e01-4236-a3bd-c6caad2f8706", "indicator--cc631bed-95ed-4f36-9303-807f8af9a1dc", "indicator--bc465e0f-96c5-42ac-a504-a8c7b8ef181b", "indicator--d03368f5-0cc0-47e5-b85e-6915d88f903b", "indicator--90975f84-aa80-4bf6-ae5a-90419426e9e2", "indicator--7d689cb4-2f38-4acd-a128-372f09cf97c8", "indicator--f5296590-02a2-42aa-b440-4e9912c7175e", "indicator--8c53b85d-c74e-4195-ab70-23150aba3b71", "indicator--471df396-48f6-4684-9c8e-007598eaa038", "indicator--240d49c0-bb01-472f-9e7c-abef628778f9", "indicator--16abc5cc-8772-403d-8b69-c89eba63abaf", "indicator--3f967f22-ff86-4653-a68c-024f1850da34", "indicator--0c55038d-db72-4c6d-b16b-6ccfe1552a9d", "indicator--42a86b2e-90b9-4362-a5f7-fbe58a0bb713", "indicator--88d33cb7-ffe6-4e86-9b1c-3a285e1923ae", "indicator--f2e742ff-7912-4827-9a0b-83aed42a6ce4", "indicator--94c096c7-73c4-44b8-990c-47364bce85d2", "indicator--84469982-c0a3-4823-8c4a-c80fff024c7f", "indicator--13a960ff-63ae-4ac7-9893-b2b88c90e0f1", "indicator--2eab1244-ad1d-407c-9116-0308c348db77", "indicator--42ab5d82-0a1d-4609-bfd5-bb0064e123d4", "indicator--073a3e90-6393-4103-827e-77e0ae92607c", "indicator--d451922c-089a-487c-9a81-8802cae1d245", "indicator--e6a79e07-12b3-4912-8d3f-1e2210b232ca", "indicator--31d98fef-f866-453f-9bf1-000d64488ecd", "indicator--089cc78f-2561-421f-aad2-f0d42047e0a2", "indicator--6892c903-5550-42ad-8fd2-e602a2ad0630", "indicator--88d39398-f971-43a3-b297-1243437ddf7a", "indicator--b8fe3290-cd2b-4f99-8a40-071c0b925345", "indicator--2374b51f-9a6c-46c8-9974-1548212ba053", "indicator--c5fa8693-dd25-4db5-bf4a-64e6686b9215", "indicator--36727634-9a00-4788-af83-e4269a777916", "indicator--eb415253-127f-40c7-a823-420c08d1cee9", "indicator--9d75dbe6-5ccc-4626-8b57-011c82b65eed", "indicator--c17571f7-ce52-451c-89f0-0911cd290d31", "indicator--4f5f6765-bbbc-4b2e-be67-610a52a81196", "indicator--89a1e7b1-444e-4158-8131-1057ffbff595", "indicator--34b50e1f-9176-4521-a8b0-7a0dd99f82fc", "indicator--0cea6dc5-9a3d-448f-bef4-20a1000d1b5e", "indicator--f5c467c0-8f2d-4168-ba6e-5db32e7200ee", "indicator--a45e9903-e119-4d83-ae6c-e9ead49789db", "indicator--1f6122e3-ee1e-44d1-a72a-cd32bd1b1b73", "indicator--145d4d52-91f3-4252-aaf7-8e11f2793910", "indicator--0b907127-b235-4fa8-b25d-69f607d6e253", "indicator--d1255ac8-6341-4d6b-baf8-f21112e1fd01", "indicator--5c5d643a-44a5-4aae-aa63-edb826e1aca9", "indicator--84cdd6c1-4a77-41f1-859b-5dc257923f06", "indicator--74ae382e-2f61-41e7-8661-e464aea425cf", "indicator--1035b86c-723b-4767-8310-3941fa4ec64e", "indicator--4211d9f6-cfa9-4c4f-856a-c0f9d199b825", "indicator--c485f60d-d78c-4d77-b849-036f02bb9e61", "indicator--12b67d9d-c11f-429a-b6dd-129c70f77821", "indicator--2475fd04-332b-465d-8225-599f90c9f50b", "indicator--e107a1f3-33d2-407c-b60d-d6c18ca9264b", "indicator--90aade87-401b-4e3a-821c-22b168c16b05", "indicator--114c6939-f631-403e-a33f-5875998d6e1d", "indicator--3d181837-e63d-4225-bc5a-9e60f326904a", "indicator--93a7c321-fb09-40f8-a8e7-28cf050a82c2", "indicator--8258ad17-b70e-4cad-9afa-d7ef6744e2ff", "indicator--47495d44-1d6c-4901-a64a-549ffd8c6228", "indicator--716d986b-846d-4a20-aef5-ad19d9e7c2d6", "indicator--46d424d3-200c-4f8c-825d-a3b69381a179", "indicator--e71cfd40-7ea4-45b2-a02e-0b47c9f9e5bc", "indicator--05b8ad9b-8e67-403c-8d87-f2da7b4deb17", "indicator--0e7d6e4c-2118-448f-8c86-fb94f75c828a", "indicator--3bdf9adf-b859-4d96-9534-ba20f4caccd7", "indicator--136caa46-2d6c-49ce-8cd5-c77942ca7491", "indicator--cc0874dd-547d-4caa-86cb-41993a2ace9a", "indicator--10dc76f6-9a78-4832-8cf9-8c31e9cd2a22", "indicator--66536ef8-ed9a-4944-9957-36090a80757d", "indicator--c15e3fcf-653f-4268-b835-2a2307635a23", "indicator--9103abef-0b3c-4a8b-a3d5-a38329eae1df", "indicator--d03642ef-24d4-47ce-9ca1-64f044603d16", "indicator--c560d897-444f-4c52-b01d-0f23e7f6fb93", "indicator--2ee83a2c-a472-4661-b095-6144b8498c57", "indicator--0de146ef-f70c-4010-935f-d9dea9da4845", "indicator--ba4dd57e-53c3-43c9-ba10-43d61c579d28", "indicator--ebe45629-7081-439b-b18b-55bb2118fcf1", "indicator--f352acef-1eb9-46ad-9936-fd1ddb310e34", "indicator--29fa4761-aa50-4e9d-8252-63058dfa468f", "indicator--a88f3f8b-c299-452d-be45-7473071643cd", "indicator--04f06712-3f70-49a0-8a48-23d733844046", "indicator--f5f9a7f8-3eb2-47e5-b470-13471446a1a2", "indicator--ed69a5ae-0d1c-4e61-8bd9-a6b36dc0956a", "indicator--3bd5df7e-3007-44a2-a830-90af983195cb", "indicator--44fc4c48-9c1d-4a90-ac84-37857d54067e", "indicator--8ce56343-e1d3-486e-a936-d28afea28ad1", "indicator--c70bbe11-b1f0-43c2-b0fe-5b52d8d77cb9", "indicator--82618f15-7b07-4db4-aaf7-0c7bab8a7fd8", "indicator--d38cd569-6abf-4076-9757-aff8feee15a1", "indicator--f878aa43-5775-40e9-a7ab-6d95956e750b", "indicator--07479c6d-4824-48fc-9af7-9dd0dd346935", "indicator--a8d97666-1a18-4a60-a1da-e9b2dfb3af79", "indicator--651b939e-fafa-44f8-b8d5-82099f759876", "indicator--02060e42-1c1e-4709-bfcc-7c07ff8fb03e", "indicator--e8be14c3-1d3b-4c33-b861-f09a275ed853", "indicator--7a1143a7-bc47-4ffa-b257-9464ee804071", "indicator--0e164fc3-2067-4903-97c2-e725ec658b8b", "indicator--d0db37db-f6d5-47f5-9ba0-17fc8f72d0b3", "indicator--8f0bd091-a849-4635-8221-d9e8c341da85", "indicator--fd4b7d5e-c702-43d0-8628-dabf8e49f57d", "indicator--407551ef-831d-4882-af92-616a59dab00e", "indicator--9ed6d345-fc65-4b16-a281-f141795453bd", "indicator--e980c1a2-2225-4a7e-a3c1-f19ff29eb1d9", "indicator--00e3ec6f-a8e1-4aa7-a412-22c53828e2bb", "indicator--91fe30fa-bc91-440e-9318-51f3b67d6867", "indicator--42cc398f-4ba3-4602-af1c-4a3a5504c765", "indicator--3b3d4fdc-06e1-455b-9183-641ff3283ab0", "indicator--09fc0763-50f4-492e-9a51-8abbfb06ffdd", "indicator--3bce6def-8acf-4631-8f7f-a04f2749badd", "indicator--23b74ab0-e219-47d3-bcce-ddc39e7fed2c", "indicator--84adb9b5-6df8-4750-9d2f-41d033f65de5", "indicator--040070c6-7cac-4b65-a83c-e36d1c4199c0", "indicator--e4434b6b-6c0e-4860-be68-be5f8016b0fa", "indicator--7e22377d-3a46-477a-adf9-5d2f2d1047e6", "indicator--1c1fa945-460d-4ad5-848a-7aae4cbb2669", "indicator--c3f26963-5881-46d9-9459-2d3c880653e8", "indicator--d44a7858-c8f2-48ba-911a-4e877ad2258a", "indicator--3fe3eddf-e03b-46b2-948f-da77e403d503", "indicator--24d66a27-e070-4290-b3d2-d01712b60860", "indicator--b3ce8b52-1d77-4596-ab71-4419fa5c7636", "indicator--8c7d675f-9fef-4e6d-bf2d-4a87d9e03cd0", "indicator--16628916-4497-4c46-a600-c6e267d6f526", "indicator--44ed8751-bed6-4f7b-bce2-d964797a052a", "indicator--6126f193-9e8b-40b6-a78a-0f1c69a81556", "indicator--dd729e1d-4d4e-4f01-bee4-8cc7136be09d", "indicator--e9f83e7c-7bbc-4554-b955-0c08c35f9dd9", "indicator--ea782101-2211-4758-8ab9-f1da963246a0", "indicator--000eb2ef-6acc-4c39-9491-4dc36cdbfd4c", "indicator--39bb5862-b491-4ad1-99e0-df752a7df0ae", "indicator--81561b75-38b1-4ce3-8ba4-255b5caec78c", "indicator--68eacc1e-bec6-4f3c-b162-44dffeea74f0", "indicator--d14dad19-ebdf-40e3-a592-1986b2a7d329", "indicator--0f7a2eca-3b32-4548-b2df-fb1b229779df", "indicator--adf48176-c5a0-48d6-965e-f28d71978dfe", "indicator--b2b419f1-0150-4809-8625-0c22be40209b", "indicator--c8c99364-33ce-4c6f-9ccc-dcdbf676db47", "indicator--32cae595-c497-410f-92fd-525dfebd7f4e", "indicator--0bffe0fe-3f31-4795-aa17-c7c322ae4aba", "indicator--c196a983-2d47-4719-932c-b121a649dd27", "indicator--a966e298-46c7-4700-94cf-106a2cdbd9cd", "indicator--015dc84d-16b3-4a1a-94d5-be9d6e256203", "indicator--1e5c7732-c315-4c2f-a6e3-724110bfb7cd", "indicator--f322edd6-c627-4ca4-87fd-289f3467abe1", "indicator--bce7178d-effb-4dc3-84b9-33f95fb255c5", "indicator--34064c3f-6357-4fe8-8388-2134b8ef228c", "indicator--0b5a8fad-e8b5-4f99-8a73-b93d71d2fa1e", "indicator--88ec0d64-c402-4271-bca7-b0b98b6d4c53", "indicator--dad47242-0508-4096-bbf3-a578878a7c75", "indicator--d9b4664c-17a9-4f38-b098-f3c0c4c4bef5", "indicator--e120d40b-8a1b-43f7-8037-43e2bfb1b0b7", "indicator--bd693d99-e9f5-46d9-aacd-e5ab291fe9b3", "indicator--58791127-124c-4ca1-8e5e-ee6d5d34175c", "indicator--94f43881-0ba4-480c-956a-807fe8f87ed8", "indicator--b56f41fb-184d-4b59-afcb-99557f1abc09", "indicator--44b3c33b-1c3a-44e1-b0da-fbc45d94522c", "indicator--9c25ce8c-bd26-48e9-9f89-ac1ca3d0c805", "indicator--318ac25d-149a-4c23-8a90-ea544a88b514", "indicator--c84f79ff-7a74-4b47-9fe8-a8e1516fc517", "indicator--c8e249f9-61ec-4be0-9e2e-11cd6e3da606", "indicator--8f554885-6e9c-4a04-bbd1-60f3ca1cc6c0", "indicator--9c195d26-674e-4cce-a9a0-a4eab3e5d60a", "indicator--362b7558-7265-44c6-8570-206a4a0fe268", "indicator--282d389a-53d2-4a31-8bbd-d9f2df636e27", "indicator--d491ae50-7630-4444-9795-0e427cfa7224", "indicator--f7a80e0a-1285-4d8d-98eb-e81591f52b38", "indicator--eb868fd1-80ab-48d0-b9d8-3ada37db3664", "indicator--9a782714-6f1e-455f-b799-04211a4b5273", "indicator--a503c36a-ff35-494e-9aae-ea1a9fc8994b", "indicator--f2d458ed-df6a-4911-8038-bfbf522fc0c0", "indicator--a38f4c90-dd44-435a-8d06-8f78f9f48abd", "indicator--d9f3bef9-5c6a-46de-bc5f-48305af8897b", "indicator--85613216-c165-430e-aba7-685f5dc15d01", "indicator--c4b51421-1c3b-4327-96c9-1bc0d12f18e1", "indicator--3e8de584-e363-4699-bf2a-4e55e141f84f", "indicator--9a88d234-98aa-4f57-8262-219dfa6bfb24", "indicator--69f66b00-e05e-49b1-b78a-665cf8a0d250", "indicator--8bcda954-73aa-4960-9dd4-f2b630dfbcf3", "indicator--7e575e7e-c895-4da3-bb1c-98dab36e6f1e", "indicator--66970b35-ac44-4227-9b38-9e6fb0011802", "indicator--8c088146-4b34-412a-83b6-14b351beb87d", "indicator--6c521f47-e68f-4315-ba38-d4a7e41e9e13", "indicator--6eac807e-c57a-4d51-9c12-78e98691900e", "indicator--2c2a5c6f-9328-4481-a155-1c8a2b8c9987", "indicator--df063083-0548-454b-8143-e8cde29bdddb", "indicator--2a6e87e3-7a13-48d4-a1c6-3736ed1bc288", "indicator--474a34f8-618b-48f3-8f06-ed58ad245b80", "indicator--3c5ee532-3074-433b-b5fd-f33e2320cc3d", "indicator--e20d0a7a-dc57-486c-851f-dbd5bf432b55", "indicator--7e94e5f5-7be6-45b7-b3ff-d3b88f2a77e6", "indicator--c06d8a86-3621-4ea1-a123-ef0d8b7b1d0b", "indicator--4e018c3b-89f9-4458-861d-112bea7267d7", "indicator--d47944a4-25e2-415c-bd70-16e9cc46e52c", "indicator--1ed1b847-10c1-4cfe-bf9f-1e4ccc858cb1", "indicator--09f016c1-f587-40f2-b227-daec2772fde2", "indicator--820af94b-c159-4456-879b-9387ebc6ac10", "indicator--7a0cff43-326c-472d-b38d-ac5d0f8fe83c", "indicator--10017df3-27c5-4391-8631-896a1cf5f376", "indicator--bbc99d18-f30a-489c-bef3-513e4f859472", "indicator--39334a01-ad7e-464c-b3ed-73f29b15a4ca", "indicator--c5823556-2629-4d99-9add-b1692c106052", "indicator--513c7906-bb82-42c7-8a5e-39ef01f39fcc", "indicator--287be981-61ef-485b-ae0b-4f1886a36ec6", "indicator--a5692d53-d594-4723-947c-6bb8db6f6e7c", "indicator--8ddae9bf-e9ac-4bc3-8c00-997e18ebf789", "indicator--374b9bea-34c1-42c8-86f9-88122eb5aa3d", "indicator--01bf3441-fa87-4040-a726-bafaca60a8f3", "indicator--949750d6-519f-461f-b93b-4afd86338446", "indicator--af0842bc-efa4-4df6-9717-986065f9a0f1", "indicator--250126c8-2fa1-4945-8590-fb33f2c672e2", "indicator--f629e1a1-2516-40e1-bae7-984765c3b663", "indicator--f37f1473-2fe5-4de5-bb4c-74671884e2e0", "indicator--7295834b-6478-4004-908e-0ddfdce9e5ec", "indicator--bfc8d91c-3b5d-4d99-a927-bdc87aebaa36", "indicator--4518fa51-5d00-4d06-a5d0-067d54a0e10a", "indicator--75a21f3b-8801-4de0-9793-82de100665c1", "indicator--817ce363-bc5a-4df4-a64c-e561fde5951d", "indicator--01535de5-2916-4d45-a1fb-ebae1bd9146c", "indicator--40bdd963-d3e2-4969-8068-5b8d7e61e707", "indicator--79633a2e-e5a7-47a0-8f2d-4b521079114e", "indicator--507e357e-7323-4e29-a870-0a3a147ccf5c", "indicator--bff2a864-5b4e-4457-b833-89638e2c0726", "indicator--cdd12f20-c663-4476-9b18-7c8bfc5a53ce", "indicator--d96f339c-abf1-45bf-beba-697ba7e7dc36", "indicator--ca03f43d-aa48-4b30-a1af-cbc435cc0a5e", "indicator--e7bffb80-e25d-4248-8eaf-7beadbd9fd74", "indicator--52b54fe1-718f-4a76-bc8d-a9d48270e924", "indicator--87eff9c9-8d72-4714-baf9-c4c0d2c7b3b3", "indicator--a13a9ef0-900c-4998-bbab-7e7735d66387", "indicator--99954ff5-edad-4eaa-80f5-a4f2ec6dbb83", "indicator--2f857ee8-5ecd-41d3-9655-c99ecf4a0c27", "indicator--5446679b-9f85-40a4-82a3-41878b856c21", "indicator--e809be5e-6dc1-4a87-bfa2-2045ed2b2c69", "indicator--e5d41c96-a3cc-45d2-b675-6c083b74a31b", "indicator--1a80bdd6-1173-4861-980a-13a383fb3164", "indicator--92934abe-06d9-40f8-b5b0-fa1541917202", "indicator--d241d63b-d388-4b16-be59-96eb6f984ef9", "indicator--814764b8-9db0-4fcd-a52d-c32bfa2180aa", "indicator--1f22277b-2582-46b5-85a3-bec6161796fc", "indicator--887ab44f-9e80-4ec7-8f60-8ae6c289a666", "indicator--bd13a3ea-3f1c-4456-af14-ed6156a69450", "indicator--f7399ae9-64ad-41a0-8e48-e87bc723acae", "indicator--e21feb9a-4fa5-4a3f-86cd-4cd0abd588dd", "indicator--2f24aa36-9bef-4c54-b6e2-33d2eca48891", "indicator--5e881208-3678-4524-9007-74c84c4f6c07", "indicator--ca6f43f0-0838-4497-a17e-a858a4271b8c", "indicator--37565e3b-7f4c-43f0-bbc7-b25d024d0a2c", "indicator--b4427bf7-0de0-4c1a-b5b1-11ad5ae342d0", "indicator--072ae9dc-eeaf-4110-aa85-723c31514ec7", "indicator--065b0362-fa3d-438f-9d36-17c3e93fd659", "indicator--36c1ee3a-6ba5-4916-bf48-21c67650f3de", "indicator--5194cf94-4343-4b7f-ab86-3b036dd4c82c", "indicator--63df3056-835e-45f6-9089-bbfdf19fcc84", "indicator--60ea6e8a-5453-4def-a3aa-b926855d965a", "indicator--cf65e111-ea60-4f07-bdcb-ccc9104fcf17", "indicator--f6a73482-7c08-47a6-b7d2-45dfc776d3e5", "indicator--18f023d3-7fd7-4ce9-95b3-0b61aac593fc", "indicator--7ff2854a-b865-4910-b49e-ca2cb8bae534", "indicator--6685bfeb-59c8-4a55-9028-807b4958201f", "indicator--e1160c30-e922-4c3c-baec-dabdbdcc451e", "indicator--1069a341-311f-421e-8a47-b3b7f215f0d8", "indicator--be900820-e4cd-47a7-afa5-6e6bd27671f6", "indicator--1df1f40f-6d00-45ce-b4eb-0b3c4023598b", "indicator--ec12cb37-d177-49f7-9fb8-3f6e84c6180f", "indicator--1d5f3299-a654-48d4-b17a-50c89980552a", "indicator--12867efa-c20a-44b7-aadb-051c132ae63f", "indicator--83ff80b6-ffb2-482c-85f1-172417e88c2c", "indicator--4e0badd7-668a-4db8-8f4c-2319ed8e5c51", "indicator--4d301704-7648-43c0-be3e-51608a0e5ede", "indicator--4236cf55-5d03-49b9-b3a1-208f6bc5c47d", "indicator--654bba46-fad2-4590-a58d-1d24724d7e0f", "indicator--36042ee2-6995-4f42-9d22-d20619b7c22d", "indicator--75ac22f9-be4f-4fc5-a820-26c84794f970", "indicator--78dd25fd-b60a-4aa0-8028-3090ccb7f75b", "indicator--d8b99516-2419-4da7-afed-114abc431775", "indicator--ee1d9899-554c-4a89-a987-9c1df102e59d", "indicator--e128f2b1-b0ec-4cf2-9440-e2ebad57dacd", "indicator--49948d33-0268-4e78-b7b6-837bdaec73b2", "indicator--57cd4502-e5a1-461b-8d96-374ce6ab6a5a", "indicator--57f06c97-8301-481e-90a5-3e5b1a2a34a4", "indicator--50f5b839-3e87-4d15-b27c-48ae7a4ac085", "indicator--c77b4e4d-1197-4739-9af2-c23a319784ee", "indicator--8854079d-066d-41ee-a3c8-621959057fb8", "indicator--2d401f63-bc37-4e7a-b907-7f1f7373dfcf", "indicator--01582fce-87b7-45c4-a4ab-6af9c56579d3", "indicator--495b8e5d-c29b-4a4c-aa66-3cee5ea897ce", "indicator--9cf06050-6186-4298-a4a6-e5c5096b3203", "indicator--a8993134-f3c4-4d29-8170-1b2b83508356", "indicator--4bcc54d3-3cbb-4173-8fc9-f928e191fbc6", "indicator--5b38acd2-a586-4bec-b5fe-62518cbe6b94", "indicator--4d616274-8cf6-439e-92b2-3e53eeda42b4", "indicator--b3354c76-98b2-4fd9-b743-ab336b54de7c", "indicator--5b0065f1-3a45-4220-af61-148b952f8176", "indicator--bc0ad9b0-7211-4ef7-93fc-bc9d37f5c546", "relationship--c7868fe6-90f8-445e-814e-b49f4de013b0", "relationship--5acc20e7-46f5-4ea0-b778-df5fd1ccfdfd", "relationship--9bd200cd-e2b3-4936-b3c3-8c00ac9f6c2b", "relationship--316f7193-ceca-4b6d-ae7e-44da175bf9ad", "relationship--93becffc-4b33-4752-b7d0-4a2fc1ee7f5d", "relationship--a4e42c25-3c50-4866-a0cd-b1a187a7431e", "relationship--6f18a252-f2c1-462d-8bc7-ad369fa42e51", "relationship--6e4e97d6-3f1f-4fb9-97ca-31f3177f0725", "relationship--6fb1e194-a83d-415d-9e60-5d1c69c3fa7c", "relationship--ad263957-6394-4266-a7ee-aa65d36005dd", "relationship--b1463261-7d36-4735-864f-45f2d13679d5", "relationship--c99fbd3a-e2fb-4517-b733-d483ad4ac762", "relationship--2b233453-9341-4aa7-a85b-a636b018cd4e", "relationship--df450dee-f1ad-427b-a749-5260eaff4b51", "relationship--97f8e890-784a-4d20-909f-123aaea37ba7", "relationship--b3d0d51b-007c-4638-849b-8bd1f7af3c3e", "relationship--ebec29be-4bea-46a8-97d9-6250d5ee8790", "relationship--9e04501a-850e-4c0f-957a-9d8557368b1c", "relationship--37c178dc-4e66-42c2-8d26-6041ab0b55d5", "relationship--feff40c1-7885-46ec-8915-851886af578a", "relationship--1ace96a5-7368-4250-8d53-670e805444fa", "relationship--9fbba378-7f38-4049-b0d1-1630513c6f69", "relationship--5be801b9-701c-4c8e-9a2d-e22dd2401e84", "relationship--8ff81b28-9acf-4347-a5f8-8771cb046e07", "relationship--862e4a6d-88f8-4883-99c0-f50b1d322601", "relationship--f7c7b4a1-f446-49c8-9a84-6b42b731ccd8", "relationship--49f74e43-1a26-4fbf-9e98-8e7eafaa20e9", "relationship--ae75a829-8575-4d0a-8fac-8bf87da26064", "relationship--86bd6aea-6419-47b4-8ca5-9251b4d349b3", "relationship--fdaffb99-c660-4c7f-8185-8d57bfd49fca", "relationship--dc16b4a3-4cf6-4bc6-a33c-41e02db88ce2", "relationship--02272361-496c-430d-be26-a9668b0c20fe", "relationship--4a87d7b2-ae57-471a-a016-482bf03c9e4a", "relationship--b76a282f-a532-4b34-b46b-217232e6c19f", "relationship--11f1570b-9993-498b-a1c2-0e48307ce6f2", "relationship--6bd8d863-7346-4801-bdcb-7ac8e3caeb97", "relationship--2f4161e3-f37e-47d1-9b75-fb0f08092ffc", "relationship--72bb0c3e-1d44-4116-b7c0-4718d78e358c", "relationship--36e89e69-f5a5-41cc-a976-4b555970fa05", "relationship--e58cec6a-bd49-42c1-ab48-7a505d3ceeb3", "relationship--04bb5335-af06-4ad8-81db-098504f4ee2b", "relationship--c9ea6ec4-1f96-4d01-9532-f05e05e76e37", "relationship--3839d2e6-3669-44a6-977e-74546cbccf47", "relationship--d669bcc7-add5-47e3-b2a7-0a654a312066", "relationship--b6b5fc3b-f30b-41b6-859c-474c798b524c", "relationship--2a4c69f8-d6dd-4b7f-9fc4-22f72b77ff6c", "relationship--c0d834c6-4ddc-4868-85c6-6c2504ef118c", "relationship--3d3c8554-6b0e-49b9-a628-0937c73746bd", "relationship--ffcc5993-3a08-42e5-91ba-528da483e9db", "relationship--d9bea7e2-4650-49e4-9a73-132bad925ab8", "relationship--e3ffd486-b8a4-4504-93a6-727aaf4e2604", "relationship--59e71939-1b2a-4451-b3ca-44bed47ef7d3", "relationship--c973b147-a897-47a2-8807-613a37fe2844", "relationship--22555143-ad30-4408-90b8-4695339e96f2", "relationship--39a8b101-ffb5-4dc0-b7fc-81bbe0945150", "relationship--43cf2999-f590-4322-a7fd-ed5668ddde82", "relationship--2bb558ae-c639-4c88-b382-a7653a5f9b77", "relationship--41a696dc-3521-4827-9b41-fb76368eafdb", "relationship--4f8dfb24-4fae-4b2f-ad63-a1ebf2873f62", "relationship--88cdd58d-671e-4132-81d3-bff1ab19c0b9", "relationship--867863f0-243e-4f5c-9a9b-a2514ec0a93f", "relationship--f3a596fe-be5c-43be-91f2-6bf2356637a6", "relationship--a4b58365-8329-4c49-bec5-6cb01536cd6d", "relationship--2bca8c90-4c0b-4259-aab9-e3611f0e19b3", "relationship--7e57797b-7b6d-4653-a044-f6ef667a9e92", "relationship--449b545a-e2c6-4eb4-a87a-84c42be6d055", "relationship--4012ee4e-8064-455f-875b-54dccdedbee6", "relationship--5bf4416a-f243-430a-aa10-0c8e9ece131d", "relationship--bdc748d9-5370-4215-a119-d7176fc460a8", "relationship--3d75abcc-ede6-49c0-aa2d-f97a863fd1a9", "relationship--75b78dad-b12f-4e24-8d50-617c6eb045da", "relationship--8f53f205-4505-40c7-b06c-8671c7a9f282", "relationship--06e9a54b-ddbf-4af4-af7b-adcb7b299aed", "relationship--a8cad79e-d4db-4456-89a5-2cbe4d943a1a", "relationship--b0e26e03-5dfa-4589-861f-0feccbf8b7cb", "relationship--6d290bfa-e87e-4824-a84b-0f3f0e79e092", "relationship--04c6993b-45b4-4b63-826d-656fe879af35", "relationship--0b4ddf45-7275-4467-8d70-03640d3c2e12", "relationship--532995b2-b5dc-4566-ae8a-8a3dea7a8550", "relationship--ce851145-9fad-4471-80e0-6f0e512a6adf", "relationship--c44e7035-52b8-40cf-a44b-5459fef5ff90", "relationship--d2729504-51b3-4091-9973-02c5855fc303", "relationship--2bea11bc-215a-4d90-9ae5-ae18406f64b4", "relationship--d4895185-2561-4fc6-84dc-70ab4761a971", "relationship--22d0dae1-bd90-4c3d-a49b-e30890494577", "relationship--f3b419bf-92e4-45f8-8f83-74deec0c814d", "relationship--9feaad5a-6600-4617-b80a-ffe172b49d29", "relationship--3cd0fa03-e7eb-4798-9f7a-bb495068dee7", "relationship--14974c41-c0c3-4b0f-99b2-2537039a6eab", "relationship--e2e801cf-ba0b-44d4-80f4-15e91ddae381", "relationship--c4b06ae4-e3d1-4b3f-ac55-bb5c5f3b1144", "relationship--0d8e2481-3560-4a28-959f-9c2506495611", "relationship--86b8435f-3256-4896-814f-8d64f4fb2d41", "relationship--a5467bc0-7a13-4c7b-8984-b42225b7970d", "relationship--a53f9e62-25e0-43de-8909-9bf1dcbe575b", "relationship--f782654c-20d7-41a3-a437-2648e3f25493", "relationship--6ddcc790-8ed4-470e-96f9-2ad5f231d916", "relationship--8f6a744c-6231-49ea-b341-c0e92a065c7a", "relationship--8a14c11d-cc64-4fcb-a960-7b9919100193", "relationship--650a3e3e-f51c-420d-a6f5-ecae69158997", "relationship--2ed8544f-3cc6-43ea-8e2b-877c514a8563", "relationship--f0e15323-7546-4195-9652-8c7124b2549a", "relationship--86488538-cca0-41bd-8b4d-7fbfd8dff893", "relationship--d52e3389-1a21-4fc5-8224-ff77cb457f96", "relationship--3ddb710c-17cf-460d-8ede-89375b9f86da", "relationship--cb3b1457-b64d-4f3d-a15c-46f265df6fad", "relationship--787068f6-171e-48bf-b27b-66a84d0d0a9f", "relationship--029276a9-79cd-49b8-94c0-3c4b5e4c3f1f", "relationship--00b6a233-f477-412a-b6db-656096a9eac3", "relationship--eb2b3bc9-709d-44ef-9590-801788e78844", "relationship--33e8fbe9-fdb3-43cf-8dd0-a7b16660f903", "relationship--0e148806-297a-4b26-b384-7cba1c9e884e", "relationship--449d46e6-792c-43d9-92b8-2650f7dbb421", "relationship--f72b504d-73d1-470d-b0c1-f475d86f02a9", "relationship--930ea9ce-b5bd-47fb-95f0-2285c34c6637", "relationship--dcfb64e7-a486-4107-beec-02627cbe92e8", "relationship--bc3ca622-9f50-4651-901e-fcda8ca7d28b", "relationship--45ee4f23-6991-4347-943a-615c9c4d7af0", "relationship--13153a4d-7611-425b-9f9b-d622aa82fdd0", "relationship--3829977c-2354-43e0-8b2a-f16139f17396", "relationship--5dae9b2c-38a5-44e0-855e-8b56faa52392", "relationship--8807a6d6-31f6-4558-8fd3-329b1214956f", "relationship--70042ee2-404d-4486-9c7f-1fe2f796c2d0", "relationship--29b5bffd-5a3e-4666-9393-a10fd2627d59", "relationship--449be203-9d85-4646-bf3a-0564b344fc22", "relationship--b2aaaa46-6fff-449f-82f8-ad09ba9904f4", "relationship--70670335-ab78-4928-9f19-f27ccf654d53", "relationship--1b99923f-d297-4a05-b2fc-6ef99dea6913", "relationship--80f37423-6c6d-4a83-a919-ba7f30770a9a", "relationship--bc1de59a-fdf1-49ff-b4a2-1e0900a8858b", "relationship--1f646898-f7c7-4d73-b7b8-2f948100cd21", "relationship--50f660dc-8236-42a9-9f6c-6450116a5783", "relationship--bad25b73-35a8-41f5-a6aa-4f541f6f8b17", "relationship--07d58f6d-d496-482f-82ab-0004ba0ed0d7", "relationship--d5e89f35-bb24-47bd-bbfe-c1eecb5da637", "relationship--e7aff46c-4460-4b10-a67e-bdb9fd79c722", "relationship--3b5c851d-f071-4a81-a569-6c22b949290c", "relationship--4028c0ac-0e2e-4af2-a400-1247a57d773c", "relationship--ea7c8458-6b53-4e37-a6f5-24efeef64a3b", "relationship--e2722591-706c-411c-a68c-03feaa84f085", "relationship--1ec49246-5abd-46b7-98b6-233c70b24fb8", "relationship--8ab8fc70-b573-42c3-92f2-eb0d746c9386", "relationship--345862c6-bb7e-42bc-a8f8-1a029c0cd992", "relationship--942cb5e9-b2f0-4677-86a6-8c82cb3ad562", "relationship--b7f5cfd2-14fa-4be4-9989-c1fa0a033cd7", "relationship--1715e779-20eb-454f-83b0-b001f25f6b10", "relationship--ac537295-b2a1-4d51-ac7b-cb2c4526ff3b", "relationship--0b2c3ab2-9633-4506-b901-a0b44375e7af", "relationship--3aff8e29-e689-4457-97fe-cd9659c28506", "relationship--f0fb95fd-301f-43a1-91f4-7e1f69f6e53a", "relationship--b7b4cead-df57-480d-afe1-b9b5b823251f", "relationship--7f183471-0e6b-4bb3-bd82-a66b1bbcbde1", "relationship--a1d8e202-f149-45d8-aa7f-0cb19c5c8831", "relationship--9e8b9f28-e667-4f1c-b237-7e17658681fe", "relationship--13c21e74-0d69-4da7-9154-414f54d83334", "relationship--59c12d7c-0c0d-428a-99d5-d74ba008b10c", "relationship--db6091e2-db11-4e30-87b2-0ec93f8482da", "relationship--bedb9fbe-0fb0-4595-af3b-b2afb3a071f9", "relationship--ee825d73-a5c5-43d1-ae9c-bbc147accb51", "relationship--3e779541-c5e2-41fc-a7cd-2262dd29ff98", "relationship--e039a22e-7142-4259-b372-c9f49cbccfb3", "relationship--8478be05-222a-4535-8dbf-66bd9a3b21e3", "relationship--b87329fa-0869-4e5b-b00d-6fd79a7c940a", "relationship--8629410c-0e78-464f-80bc-4349c0b4f52c", "relationship--ca6c56a3-32a8-4128-be84-89c4d9c4a987", "relationship--c35966fa-b6d8-49c6-bd2a-1f955cc3dd88", "relationship--50bba2cb-ed42-47b7-86c6-4bd218611a3f", "relationship--17f8cdba-5615-4e24-9452-14d1fba2198b", "relationship--d1c5db06-e112-4aee-8ebf-9c0e87a0224f", "relationship--bb172878-f248-4898-83d9-05bfbf9492fc", "relationship--d22ab84d-3b7e-4652-8dc9-c9a7e18f7521", "relationship--bfd22eee-c89a-4241-8c4d-1675a498da2d", "relationship--45eb7e92-cb77-467a-a4d1-d6492c5ffeb7", "relationship--d0f5a0e6-4043-409d-818d-0c61e491a0a8", "relationship--0513d50a-63d3-4e70-b0ce-eed98c05a147", "relationship--193514af-b426-4309-9054-f63c17907938", "relationship--60ca2547-2148-4d05-be78-834d35c94a9b", "relationship--2a071a87-7b2c-4d93-aef5-c8da97f678d9", "relationship--050253c9-08fd-4b5a-be40-d830acd2b166", "relationship--f3926e54-197b-4202-96a7-f17afc3cdb37", "relationship--0b082c77-b93d-4a35-ad7c-05b17ee730fb", "relationship--803d2926-0a85-43b9-8daf-97a609eac7c8", "relationship--e1ec5e31-bb35-422b-acd7-73ba9d3b972a", "relationship--2868ac5a-60b7-4f39-84b4-2641e181811f", "relationship--769b4636-2b21-49c8-96c8-e5e7826c5979", "relationship--9ff6cc52-68a4-441a-b362-88d2781aa347", "relationship--89a7440a-ca89-483c-8692-f93a4c3b9072", "relationship--5c0b6df7-eb01-49cb-9301-ebd9a8611d4a", "relationship--371fc35c-60a7-4525-80e9-51bccfbedb51", "relationship--e3f7dec3-3134-4a25-8086-7c45f165c8e9", "relationship--0cc7bee3-9589-49d6-8f4a-371116194a66", "relationship--cf1c42b9-e1a2-4620-b98c-d313cd8e2ebc", "relationship--86dafe77-ebee-42aa-8b41-2f5599c00b2d", "relationship--5643d090-8412-4dc2-bfff-142b00a36fee", "relationship--c516106b-904c-4547-80f4-aad6cb660eee", "relationship--5c0c9ce6-2b49-4818-b696-03b628c92a61", "relationship--70a37b9e-89c1-4279-99e6-b2348a55783b", "relationship--7383259b-0d5b-4c5d-9fa8-bb1656a26fa8", "relationship--5fb17c73-8291-484b-a877-da6aace3f2f8", "relationship--d0a188fe-13e8-4b74-8c0d-d009dde026e7", "relationship--506a4684-2eb2-429e-bd67-a1bcce98b084", "relationship--72690ed9-3e85-44bf-9177-8755c6815837", "relationship--93f7b5ec-7b07-480e-bdb7-49a019846bb4", "relationship--c25a80d5-eaa3-4faf-8c4d-e395b9c60756", "relationship--39899c94-a319-4a06-9bdb-a0a545558fde", "relationship--609b45d5-ad20-4e1c-b898-1f1e23a07521", "relationship--9f80a639-5c3b-41b8-8a21-213ff79a1d3c", "relationship--f0e1cf6a-66da-4b1a-a6ba-c3f1e25dd035", "relationship--1772baef-1ac9-45fb-9769-6bbf5620b615", "relationship--44cef95d-8353-4bec-b80c-cda381c9a1cf", "relationship--eb3c4efd-7735-4ff3-a365-f1260e57bc73", "relationship--b2745bc0-62f1-4afc-9ece-7b321d2a8d26", "relationship--bf6b4e19-c37a-49fa-b5f6-52f63140b8c0", "relationship--2a560379-f69e-4e62-9d8f-432b01b62b41", "relationship--287f33aa-dc81-470f-a54e-d2c5e4b84f16", "relationship--3399155b-edc9-4cd0-a384-05effd6c0682", "relationship--599c9b99-7771-4d74-b918-f744370fc075", "relationship--c95a6cdf-cd44-42b8-aff4-b296aef75fc8", "relationship--9fc447a5-89c9-4afe-95b4-cd516c84cd66", "relationship--655df101-c141-45b9-934c-0923918d782f", "relationship--36349fee-2585-4ff5-b443-fcef414204f6", "relationship--33e6baff-d810-4102-b8c5-b670db3a84d0", "relationship--5d03d7d5-4c08-4e5e-be77-d8975e9298c6", "relationship--6e91fc41-8c5d-42dc-9563-d7d5f06c6324", "relationship--b104fc8d-396d-4f2f-aead-10010f8665a7", "relationship--e8eb02aa-7e83-4438-8fca-5821725ad81d", "relationship--2364c955-ef19-4f85-8b11-0a905f29c4f1", "relationship--9a2fc66c-d58a-431a-b18b-0e1fb612711d", "relationship--b210fbe5-70ce-4c36-be15-c7392243526d", "relationship--ae9a96af-7cfe-44d4-b04e-dde0bd7611c2", "relationship--ce4a9360-3fa9-4c64-aa6e-0c779ffa7a86", "relationship--4cdb6af7-4829-40b2-a536-3d6f888e6353", "relationship--5db8c25c-b363-421d-b015-0cdf43e3f6d7", "relationship--4a686eaa-135a-49c7-80d9-80b55c86c8d1", "relationship--99b8c203-daeb-414d-886b-fd9be7f8fd34", "relationship--47d3dde8-3d5f-4d47-bb42-a50172132c04", "relationship--b59d3313-3895-4dd5-8327-6e362176c493", "relationship--8b8d3e36-d05f-4e7d-8fe6-696908220b0f", "relationship--5849007d-21fa-4744-b32b-d50147dc46fb", "relationship--461a2c8f-19b1-444c-ade5-6bf3e7e2a930", "relationship--6a203adf-4262-40a4-a566-3a24ce751ada", "relationship--e3031f9b-0ce0-43da-8589-8d8d2e74304c", "relationship--b516e24e-6273-416e-a5a2-cc68dd86ba7b", "relationship--31735d03-9e70-4db8-8526-d114645927fb", "relationship--a8a633a2-063a-4233-86d6-21de2757a820", "relationship--a08ff73a-d6f2-425e-b638-7b303c372a69", "relationship--b3156bb7-4ee0-4dfc-8b68-400d8f8e288e", "relationship--3d2df166-94d1-4dcf-8afa-cf55d508d5d3", "relationship--a9e08427-70e3-4d5a-949c-b6f7d43b9dd3", "relationship--7061592c-486f-4604-8c5a-e99a5e4f5a68", "relationship--4f9ef1bf-ff6e-43cb-ba48-0fa2d7d58e0c", "relationship--915856d5-a8e7-48f8-8022-06feee38624e", "relationship--4f579adf-5a46-4965-b8c3-4c646c621489", "relationship--cce954d5-58e3-4031-99c7-d397b6ad7ccf", "relationship--f3f7db23-06d5-4a80-8609-4a6e412c2280", "relationship--d7252a47-1786-4d55-a7da-9fb07667067c", "relationship--b1d53fa7-d739-45b8-bc49-d8e388c11b5b", "relationship--151d9e87-3884-4d5c-9392-debd1e34fcc1", "relationship--da8d37f9-9be7-44c4-a98b-4a46391b710e", "relationship--b2b365fb-e451-4795-8d95-a760ac561fc0", "relationship--c838eedb-0f0f-4dfd-b813-ccfb303dd2e2", "relationship--add9b68b-1b32-4d90-b544-8248f70adff1", "relationship--abb07f57-e7ac-4d71-b7b0-a67bb0e92b86", "relationship--26839c92-c90d-45d0-a323-2ea21e9547eb", "relationship--3f0078a5-ce1e-4986-a0dc-50ae7b4bed2e", "relationship--2e969d4d-1cce-4397-aba8-82892e0a695a", "relationship--f9bcb390-d7ec-4bfa-af1a-e5bf2d664248", "relationship--83d8e14a-b566-4274-9935-20097ab75c7c", "relationship--f6deb556-07da-4a05-8712-524428251f6d", "relationship--986aab1c-d5cc-4c6b-8b3f-0598dd99ad4c", "relationship--eddd3fd7-9da8-4ecf-9ac1-0ea9cefd1445", "relationship--65958803-562d-4a2e-8839-74181ef43380", "relationship--fb11ed71-89cb-4bce-8f30-435a0e32d7eb", "relationship--50ca23e4-a608-491e-a52b-906d4e1b6b95", "relationship--21d9ad58-6956-47ee-8812-a742fcddcc07", "relationship--2031ba8f-2b56-4b66-8340-d7434a31aa93", "relationship--05453abf-374d-4f4d-af8c-0bce4c804333", "relationship--4dad3234-8f78-4f0a-bf32-157b683e470d", "relationship--0540d52e-e044-41b3-a164-db229f8784d9", "relationship--cd8f2a93-17f7-44b2-80d7-5d5da2a156dc", "relationship--2ca11909-fafa-4dc0-83de-ee93374c65c0", "relationship--ccde85bc-75f0-4c90-8e3d-3eeffa21e6d1", "relationship--e8cb8a25-7b89-40ca-a951-e86e8a1240de", "relationship--13a53c5e-851e-4755-835a-f399fe3bee99", "relationship--7b0f2704-9e02-4a2e-a80a-fd67574ac8d1", "relationship--6bd53b53-85ed-45a3-bb89-9d077ef5fd8d", "relationship--3c830629-41dd-4acf-b1cd-88890e7f99a1", "relationship--a492141b-995f-4869-b6dc-8ea68dcfb2a5", "relationship--f1588648-b8fb-4da3-aa0b-05456b951199", "relationship--5bd586af-f10e-4feb-9364-0c625e283511", "relationship--c1338eda-e8b0-4aac-8fbf-e6bf9299b14b", "relationship--74289352-1403-4a9a-bdd9-4fd92f45d0f4", "relationship--2b861ccb-039a-41e4-af6a-5454b0d00c87", "relationship--2775c89f-1437-46de-b695-6dbb24058d2c", "relationship--09a1e7c5-7b84-4438-9306-1440ec01d99a", "relationship--404e8690-bda6-4bd4-b59c-efe98284a746", "relationship--2c31e77e-3c7f-49f0-9cb0-d0accd53969c", "relationship--d6b16df8-ed36-49dc-a181-e235d3e08771", "relationship--937b62ce-9772-47e3-be80-b934499f5c0a", "relationship--25fbea24-8276-4cff-b24a-a44bc5cfea93", "relationship--e3e2ef81-52ce-4433-811e-b065327a0c8f", "relationship--5f5cc68e-1cd9-4dbf-a59d-646a7d1a0aba", "relationship--b4ee3e64-0949-4154-be0f-11af64eb1436", "relationship--c6fb42c0-57bc-4b13-9d5f-366718561618", "relationship--13851c01-aeb0-4efb-ac98-c60145e9dec0", "relationship--3679dd85-cf05-4af7-bff2-d8e98500944b", "relationship--4a037c29-83b1-4183-bc7f-d53bb492bdae", "relationship--cd25ac34-cb0f-4c4f-a6a6-766a8577aa49", "relationship--27ee6079-a4c8-47a7-8c21-4fa7e59b2447", "relationship--8c0f0ca6-ea18-4033-994d-ba00529d039b", "relationship--e6fa28b6-755a-455b-a695-c5ef1dbf7752", "relationship--f0acb532-83db-4ef9-ba3f-963be04fc6cd", "relationship--a34de33f-fe9b-41d5-b195-9e71389c27c2", "relationship--83d30a55-3122-426c-92a7-e6c1d2ab13cf", "relationship--def01d53-75f6-4b94-ac75-31f2d45724ab", "relationship--3993e8d0-9124-4d13-b709-c1cee6e57942", "relationship--12324120-4498-4eb9-9690-f91df10af163", "relationship--ef2c1667-b237-47be-b813-0649e369d5f1", "relationship--1b6fbadd-1b22-4ebc-883f-7637d9c80b88", "relationship--58d6b6d6-c679-4383-b8dc-300670bcc898", "relationship--ab381462-33a1-4fdc-83ff-b70524e67936", "relationship--53b0d546-d7dd-41c6-80cd-8c9bb4f0fc0b", "relationship--7d21dcd7-7bf9-42e0-9002-be72c7499f0e", "relationship--631678be-56fe-45b6-9ebc-97559aff370b", "relationship--a677de64-6512-4035-939f-5d9b45b7d1af", "relationship--7b95193c-c956-4232-b01b-fd2af215f7c5", "relationship--ead4db74-d5cb-4926-a0f3-ade8557ffc88", "relationship--1173cf3e-607c-4c76-aefa-7352bd2a21ab", "relationship--70bf3221-751e-43c3-b80a-964ba22fd7fe", "relationship--93ee3cc1-43fc-475e-a51a-03c7d019ebe4", "relationship--df945072-c570-4b89-a4a6-4f21ba277ca5", "relationship--a7748b9a-5352-40ce-b838-88f1c5f19cba", "relationship--af023a49-4eba-45c7-b5b1-acc32543f3a3", "relationship--08a458a3-7a2d-48d8-820a-46ae9130df0e", "relationship--1c584b70-817c-4582-bf8b-9a0059539994", "relationship--fc20a8f6-4d0f-4dce-b686-844486963ae2", "relationship--82d4f9d7-13ef-4d60-95f2-f05b90f727ee", "relationship--1b40c400-7d31-436d-8336-3661c070fc6a", "relationship--de6fb14b-a2ba-45ab-98f9-0acc95a7d330", "relationship--b0655726-1b0a-4258-81b5-4ec768eb3000", "relationship--328ef7a1-dafc-451c-8bbc-c3267bb9183b", "relationship--6825a45f-ded2-4115-8c85-2c6434972ee3", "relationship--a67bde39-b7b2-4a28-99c5-7e19c09e8cc3", "relationship--f389cb61-dcea-44da-a881-a0566165edc4", "relationship--8d1d2030-0708-4b68-926f-fa011aa9a987", "relationship--4da225f0-3c5b-4397-a9cd-4287f01da29c", "relationship--ef365fa2-9eab-42d8-87e9-22d88f0fdba8", "relationship--1688c59f-10e9-45d4-a23e-f531b3930748", "relationship--af999231-806a-4317-8d1f-4c48a639b4b9", "relationship--bdb360bc-6c74-4f30-b277-c46c2f27968d", "relationship--6e810be2-3fac-415e-b841-4e9e0e7579dd", "relationship--bab464aa-8781-4571-8d9a-821bd77b3792", "relationship--9595afe1-4a84-4aa1-8e03-0c8f2dd0a66b", "relationship--e1a3b72d-0e89-40d8-b406-bb6034abf494", "relationship--43896d2b-f506-490e-a365-4bf4e70c35af", "relationship--29805428-16d8-4e21-9492-019028b95b99", "relationship--e2bf45db-83f1-48f2-9d94-0cd2f45ae879", "relationship--fa6f588a-671b-456c-92d5-f502dd952822", "relationship--98f6afcc-af56-4b60-8b5f-8511ed11b8b3", "relationship--be98a440-0208-4462-9dd2-a2b9cb640af2", "relationship--fe25a47d-f245-4103-9b8a-e3bf2dbbd80c", "relationship--6a610929-b473-42b6-a78c-3ca3f2f6b0f4", "relationship--54ee7a12-64d7-4b30-9543-faaca59b2eef", "relationship--aa98aee2-1461-4bd6-9ffc-ab5719cd5463", "relationship--6d414c1a-0c50-4be8-a3d4-a246f3703270", "relationship--f4d1c5d1-66aa-407d-b6eb-6b0c7c8de2b1", "relationship--cebc802f-e4c1-4ced-b988-e9e8fb2a55a2", "relationship--c3608587-cdd9-40db-b45d-8eb60db6481b", "relationship--f20da4af-23e8-470f-93ee-1d42e64f81a9", "relationship--2dd891d5-472b-4552-92ed-58644b4adac4", "relationship--cb88d176-e3ab-4b10-82ff-9f0dceb4fb93", "relationship--e2b7bd30-7146-4a98-a621-d91251f0fc35", "relationship--9b6b586d-fff5-46a9-a89c-32c0950a7f94", "relationship--c13443fe-e4e7-4c2b-934e-0cfc5453c0ca", "relationship--2691e8cb-db1c-4a64-a708-29b4cf26dd00", "relationship--8229815a-b68d-4eaa-a27b-8acdde996eb0", "relationship--b46e9d54-b0be-4fe1-b5d1-6939e765a66c", "relationship--5a4a6ecf-5b7c-4cdb-80fc-87fea678ceaf", "relationship--d6418308-40fd-4256-91af-02d97b804d6d", "relationship--8f8ef5d0-d757-4497-af0d-ac2374f59498", "relationship--cfc0fcd3-9308-4794-a4d6-9e926af830e2", "relationship--80de05c5-4a35-4a9e-b022-754579336a31", "relationship--0fe3cf2b-2db5-460e-934b-4af3d9c36976", "relationship--5b9f6f46-aee5-4417-99e9-fd58cb93c9c9", "relationship--d75cacd5-3384-4d20-9d66-f5c21e4c462e", "relationship--0e5bba5c-c72d-43d3-9a59-27fec9607f6a", "relationship--635de190-fd0e-4d77-b775-27490e1a924f", "relationship--7a7d538c-92c9-4238-bf1b-5ecadff8227a", "relationship--80df2845-9f14-48d7-8825-5e2ab52cc39a", "relationship--ce4f35bc-4cef-4218-8b70-00bcc7f4b0a8", "relationship--1eb52fc6-37a6-4a4f-845d-0bdb8f32468c", "relationship--23192066-293a-4ba5-a4d0-d1717b789245", "relationship--013a8e13-7240-4b4e-b0cb-cda8aac7641d", "relationship--5ab26726-6c15-4be7-b745-1eb715f4ed61", "relationship--618ff64b-e531-4b15-9d13-1e7cd26231d6", "relationship--dc542906-bf41-4101-8d89-85f79d271a27", "relationship--d5c88a39-918b-4193-93cb-6aa091d6c4a6", "relationship--abfe6b43-dcb4-4d32-b110-c3abec9c81c7", "relationship--f24e8444-3030-40d9-b1cd-342de8478fbb", "relationship--d0469adf-f057-4be9-9511-48f106a64893", "relationship--8e99d99f-0918-48b9-a97e-a032de7e9bee", "relationship--84857a44-85ce-487e-bea6-a6b40427d596", "relationship--953fd5bb-b4d5-47ce-80d1-3cf2fbb47c22", "relationship--e188d37b-df8a-4d24-91f0-95b940253642", "relationship--c0da93bf-b411-4f4b-9817-668ffe299f87", "relationship--0be87d6e-534b-4425-b175-2bff45d84cc3", "relationship--b57c4e32-f7f2-4b4b-8975-2186f2f066f7", "relationship--50f3a011-4d5d-4208-8852-12653a342309", "relationship--d81ad7bd-ffc2-49fb-b614-9370bb38a176", "relationship--dd0eb710-7925-4400-ae7d-da0a752fc7cc", "relationship--1d914894-4e9e-41d9-84d1-14de62d65b12", "relationship--28237a79-3f1e-4a40-ade9-978a65499bf3", "relationship--28f06de2-651a-4ef0-aed5-1c51c8716928", "relationship--34d1f984-b5a4-4add-b99f-33894dbbff41", "relationship--417c46ec-6f11-400f-bc5c-15022aac15fc", "relationship--a8aa697b-4e7c-4306-92cd-89c0c5e95cb0", "relationship--a0681447-67c6-415f-a3a7-0dcb3e120b46", "relationship--ebd3d9be-a27e-45c2-a01a-1fcd00e53d35", "relationship--7c0774ce-fd09-40d1-9aea-9c4eb01caaca", "relationship--f37aba64-a5b9-4625-a804-6ac41e2bb2d2", "relationship--22e83d80-a345-4417-8198-87973e851d99", "relationship--0cea2bee-6cb7-44d4-a6bd-df146ac26f25", "relationship--a200d28d-f08d-4584-9f5f-a53292e19286", "relationship--2c25bcd8-ccc4-44c7-8a52-00bcd03c1f15", "relationship--384da09d-0caf-439b-aecf-141336ab298f", "relationship--70ffabc3-ad96-47f3-92c5-7ddb3b719bcb", "relationship--36478a2b-690b-47a7-95d4-f4b6d94ee91b", "relationship--0da129cc-e68e-4bd9-b2a7-a42d974ea927", "relationship--27080f2a-1edc-4d81-a5a6-17b8710d0a5a", "relationship--0af4b04a-33e8-4320-91e4-01a3369b753e", "relationship--76b1c9a4-a92b-4b11-8aa4-e61619a4dd77", "relationship--29288ac1-5536-47b3-889a-e8e7aa5b3e61", "relationship--dade5bfc-5757-4edb-99bf-5b47b0183cd6", "relationship--c1c87ce7-e7e9-4f4a-892b-c9481bfcf4ea", "relationship--5b941859-f28a-4a2d-921d-66c9f8cac839", "relationship--2502f737-8de0-4c41-bdb2-b6d88526578c", "relationship--57d18c25-1ff7-4b2b-81e9-1d990abb49e1", "relationship--f80990f4-b64c-4b4f-aa4a-53c939ef749a", "relationship--5a52dc4e-b340-4b6f-b498-72482adaca2e", "relationship--b587853d-13ed-4ad5-8b0f-d8261e100b02", "relationship--2225ab9f-fe1d-4e7d-955a-d2ed83c1a888", "relationship--dcda053f-20aa-4d1f-8fa8-fe6ae964ca3d", "relationship--bf11ac5b-28cd-4ac1-a75e-960de01f2c53", "relationship--3f1183c2-baa6-4231-9802-d4d5c8f8a039", "relationship--95cf8efa-bbb4-495e-a74b-35d72d7b8041", "relationship--ad7274d0-e826-4ad9-9a1e-bc68a3c5e0eb", "relationship--b11e76e4-a34b-4c95-a1f4-939d34f982cb", "relationship--62554399-9fb6-4de9-b6bf-7ff29ded4fc1", "relationship--7ed3d99b-1772-41c3-9b16-1e4e817ca6f9", "relationship--402693d7-0978-453f-b530-7d8d4d6ccadb", "relationship--a9bdbb95-9719-4ce0-b0e5-0c9e7d58eb90", "relationship--daf37e6a-9d66-4fc6-95ad-560bc8f0f09c", "relationship--90f3fd4a-f2ef-4092-b213-7184ab8ad805", "relationship--37fe17bd-0ae3-41a9-9d53-340e6530a616", "relationship--06f58b88-558b-4bbc-b13e-26b01bd598db", "relationship--a752db74-f2ce-4b2a-a4e9-b275b8f7bd8c", "relationship--77daa137-39ee-4733-865a-de85b63a5508", "relationship--91d71e04-2da2-4d15-8827-f405030d3e8e", "relationship--2e2ec88c-5f36-4149-ba6f-843092f295ee", "relationship--e633d0e9-6965-4aa5-a5e3-59851c052b15", "relationship--d2629b73-0889-40e4-81b7-5a0b352e9f8c", "relationship--f318a36d-f7d4-4049-b7a0-b52346317b5b", "relationship--7ca60ce4-6754-4574-9de5-0592055b573f", "relationship--a59a79d4-35fc-42ff-af16-a6124634bb5e", "relationship--206e323a-09ac-4765-a559-2d3118a65873", "relationship--4c0b939d-321c-46bf-92c7-468b56dbcd97", "relationship--cab2182c-89e1-4d30-b577-849275bf77c2", "relationship--9916d552-a10a-4d3b-a71b-7027f7b429f3", "relationship--70aa8b76-7eb2-4d8b-aec8-19eac73845f3", "relationship--3181b24d-0813-453a-a12f-11c373d42342", "relationship--0cbd6fab-1cdf-4932-8b74-1cb1ff507e18", "relationship--4f43a7f3-f3d2-432e-a4db-c21ee8b747bf", "relationship--7b227e1a-4e83-4ddb-9e96-4fbca715a3ae", "relationship--b4e9a8ec-345e-4b92-a799-b10ba5f22751", "relationship--e648f83c-8116-4ea3-bb52-29861ce24070", "relationship--06ebd63a-60d3-4278-8397-ed0d4f006149", "relationship--506747d1-1b5a-4764-a7cf-3fc358d9feb3", "relationship--eea85ab1-06b1-4fbd-b257-0a5812232888", "relationship--c0d8dc76-1627-47b8-87a4-f9f617292efd", "relationship--1f0b716f-ac97-44bb-a515-c537bbf3af54", "relationship--7df5ec7a-636a-4c74-9997-60fc2f02784b", "relationship--66e12304-0a18-4d2b-be2c-f2fede9399d2", "relationship--d4bf629f-cd06-4a9d-a841-f5bf6a395f5d", "relationship--10b8ddc2-f9b3-4ed9-b706-b25d78218905", "relationship--796cf550-21eb-4d91-9801-e9ff69b27c84", "relationship--88d8fc9f-818e-43d3-82ed-b5289253fa96", "relationship--be117ca9-e4f0-4010-ab3c-6d5cbd602d2b", "relationship--4c7240c9-9779-49ad-9a30-ffd804cf0fa9", "relationship--c4a30313-56d7-42ec-9152-af3a028a6258", "relationship--cf3c923a-1ed6-4ec3-a703-d741eeb78b3b", "relationship--5748954f-6c8d-4bb0-a273-d374cf053238", "relationship--720a807f-3e35-4281-9eab-0b587672edfb", "relationship--1a5d65ba-8349-4656-8306-927ca27b399c", "relationship--3dd22af3-fb51-479f-86cf-81aaa4e38fb0", "relationship--0f5042b2-fd4a-4002-8df9-f50ca52a9df1", "relationship--aca15082-6672-475e-9920-9da92bde04f6", "relationship--840e1845-2b47-41ae-9f43-a0d114db9bd2", "relationship--7b94fad9-6696-4b8e-87f6-6fa8d619cd9b", "relationship--0a5da7d1-0194-42ec-bef3-9889455bed63", "relationship--4e1f4531-0bad-4927-9bfc-b6049d0d0b0a", "relationship--cfc59048-26df-4bce-9168-a74d5000c6be", "relationship--74056d2a-ca87-42b1-a2d1-1392a84cace1", "relationship--d2ec36ad-6dfc-4aab-b302-1e43bdcaed8b", "relationship--ecfb848a-b228-48b6-9908-1976f893c5c2", "relationship--de1009dc-a644-422c-8f36-e8673f79ef9b", "relationship--9c75c089-ea28-4585-adb7-be83fcc3411d", "relationship--2579f532-4e09-4da0-a4c2-26212e776c5a", "relationship--271061a0-ea74-489c-b1f2-e99a762bacab", "relationship--f75ca4f5-8c0f-4c59-9f6d-1e6898f016b3", "relationship--f28e91a2-cafe-40f4-8ab3-58ff233948ca", "relationship--f8c3d265-8575-4785-835c-ab7d6a3afa76", "relationship--42042236-b43d-4069-bb2d-efd2542afa2d", "relationship--c32520c3-7921-4a4e-ac6e-2d03d9853bb5", "relationship--e98d4c61-66bc-4877-bae0-387418cb3dd5", "relationship--28676ce0-0341-4d37-a2aa-777898f6cfbb", "relationship--88bfa666-0e64-4c4f-ae7b-06818bdc3e1a", "relationship--2f3c6b7a-7095-4f1f-8c2c-916b6c1ccd68", "relationship--e5c2c0f1-a4d0-44dd-b0c9-37bcc927c1a7", "relationship--c9ee1f82-6347-40bc-8596-104db6372d80", "relationship--9ef71653-b6f6-4a79-bc56-826be67d8d70", "relationship--40996d0b-0831-4df2-91cc-b09629b08da3", "relationship--5ea712c4-87b7-418e-bcdd-cf994183bb0c", "relationship--6987713c-8be0-4c13-b2de-eae0f798e0e1", "relationship--24a3e833-ea58-40a6-8094-8e5c09244850", "relationship--17a90171-12b0-4b06-940d-9251b7d630cb", "relationship--dc47ef8d-65b5-43a4-8754-7cb8d2eab4e8", "relationship--9320b249-f662-42a2-8669-b0fa7c2ac665", "relationship--c5168cdd-e646-4f60-8b6d-79812fff81a6", "relationship--90c48bdd-ed09-42d6-a40a-b59eddde1f83", "relationship--207aacdc-7068-4c17-b206-f3d13ce71947", "relationship--22f0d806-99f7-4b86-9fbb-2392684e91e9", "relationship--1b712ca9-cbc2-4b51-89e6-e2411a54082d", "relationship--24f81949-0def-4970-aac8-25ffd92317d4", "relationship--048ebd56-fbbb-4d25-bd05-9b92e0c300d3", "relationship--74661cdd-f66f-4481-bb18-0ceacfcf8707", "relationship--9f5a56ed-0ae9-42ae-80c3-d86c1c95fcc7", "relationship--c29699dc-80b9-46d4-be05-668820a00ffc", "relationship--bd2e973f-e02d-4990-ab9d-109f29673783", "relationship--0cb4d4f0-5699-48f9-acb8-df22af615ca8", "relationship--1059dfe3-6c34-42bb-9433-a03a4425681d", "relationship--04223562-a712-4132-8050-72a60500b577", "relationship--fe0f5e35-8b22-47ee-ae5f-f09095fe8d54", "relationship--df8d3547-beb1-4ed7-b136-047b628d7bb5", "relationship--d1c9daa5-b4e3-47a8-aaa3-c6469e3e7447", "relationship--95037cbd-9715-4ba0-a799-84f40cbd4305", "relationship--6d061102-f21f-4f3c-9b3c-f44b49767ae3", "relationship--08f44776-667f-408d-bc0e-5a2fad360f25", "relationship--b7e364b3-7962-453d-a7ad-5ead8aa0e679", "relationship--113eed20-22f3-4f9c-8c64-59710caf28a2", "relationship--af374728-586b-4426-8407-2d5867d37ba8", "relationship--25e5a956-1bb9-46e1-9632-fc3a8e3567c3", "relationship--c13f2d27-8fbf-42e6-aac3-278b3f778dab", "relationship--f8c47b66-79c7-4ac8-b20d-f52a21d2f4fb", "relationship--426b5706-d72b-4ca5-bd97-1ee4078957d9", "relationship--f5c93692-8f84-486f-b25d-eb89296ab4ac", "relationship--980afa4c-6217-4116-a42a-585e6664c2b2", "relationship--0614c9fe-53ac-40bd-886b-561fdd401622", "relationship--6a9b8ebb-e0c5-46a2-862a-e98b8b4c235b", "relationship--579d2dd0-8c1e-41ed-bd6b-e966162523d7", "relationship--d827bd72-5f12-4b0d-b1b5-82cb2386be7d", "relationship--adf26d96-4638-401c-84fe-a291a7f5c37b", "relationship--eb3c3e08-0097-48ec-8d02-81e7e90ea14f", "relationship--6a082b48-3a83-4696-9dc2-9ad27cffd4fc", "relationship--e59b4450-07b5-4a3e-9d5c-123fc4af00cd", "relationship--475a7f1b-4bac-44c0-a882-208cde5e81a7", "relationship--4517ff38-b83f-47a8-83cb-1e7cf00a3948", "relationship--cdd4cb11-c224-4b44-9d03-68f781525031", "relationship--8c3cbbfe-5487-43a3-9b4f-21c08d1b3ba8", "relationship--76af94c2-b8de-44f4-bac3-47d226d4b44a", "relationship--a2892def-cc5a-4491-8168-085695026d4a", "relationship--7d7721bf-fd8e-4e3b-af01-fabd14114a0a", "relationship--ea248a6b-8881-48e1-b1bb-a9ee5bcee10e", "relationship--1d04b0f0-98d2-4efa-b841-ac99267052fc", "relationship--756d3071-a30c-48e5-a373-7055efb0d38a", "relationship--5548cd80-0b9d-4eb1-82b4-94cd5162aabc", "relationship--cf02647b-a673-4da1-ace5-f052929e8a93", "relationship--7617d5a1-6745-4bfe-ac38-3a73164483ce", "relationship--1d1c4866-949f-4ce5-8866-4b4fc5ad6ea3", "relationship--23ac5f75-01b0-4d4e-9984-665adb983650", "relationship--cb2930ab-6891-45ac-896f-e801a1a2daa8", "relationship--d80ea263-69f0-415d-9e34-c83f07b53232", "relationship--5c9ce30c-4ab8-41a6-ad54-0a6000ba8871", "relationship--4fab19a0-8a9f-4aef-839b-212f52861e0e", "relationship--d47afefb-8ab7-4a02-aa43-8bbf54f88496", "relationship--70e61198-bb11-4612-a508-795129bd865c", "relationship--4915cefe-aead-4284-861b-65162fd30dc8", "relationship--47de2a19-0e3b-4cea-9b1f-f4ecaa3486cc", "relationship--43f6bd3c-0318-4656-8483-6dbc57b57330", "relationship--55384a60-8086-472d-bd26-2c603a6be40e", "relationship--c928a54f-f153-4cea-b8af-5a129fbac55c", "relationship--87c279a9-f9f4-4a6f-aabc-28e913cdcdf5", "relationship--7aeeedd2-3da4-4685-aacd-635516b059a8", "relationship--1b14f022-6d62-473f-ad34-a141e524426f", "relationship--0d2488a7-6c69-41dd-b3a9-cd0963a236cb", "relationship--1d29e34e-19ad-425f-80d6-98ca56de6e46", "relationship--b262dc23-963c-409b-8f54-a9df1d52cf71", "relationship--be6b90a2-96e2-4e8b-a1e1-4b446a4b7e48", "relationship--0fe0bc98-9a4a-4b94-923f-112dd720dfad", "relationship--310f95eb-71f0-4f8e-a2cf-a59db21c466d", "relationship--9b1cf51c-7d1b-4c83-8d2c-e657985166ac", "relationship--4e741147-0103-48cd-9f42-1eb307e7067d", "relationship--7bbd92e6-f80d-402c-ada6-44d59494d5fa", "relationship--195b2346-e36c-4578-a92c-8664596b9303", "relationship--3ef3278c-e070-4c95-b0df-dcb765690504", "relationship--e576182d-7320-4f14-bc95-df779707b61e", "relationship--940fc3d1-2fc2-4704-9d4e-9612e0cee0c9", "relationship--7b0651ab-7530-49b1-aaeb-4c913a7a72d4", "relationship--a8e50473-9b1a-4218-9b50-7da1a20fa3c9", "relationship--25c2739e-c846-4dce-af8f-c853fc9952a9", "relationship--7ac9a937-1edd-4105-99ec-775bd14e7f1d", "relationship--cf5fee96-7f03-4c8b-bce3-d3cefc2279a4", "relationship--91770797-d022-4c50-8f48-c937b35cb721", "relationship--1adb382c-9067-4396-a725-a17b6a4ad0a9", "relationship--12abfae0-42e4-4b65-8989-da810e8caba2", "relationship--a44c3a79-f16c-450f-a34e-4c253c721cc2", "relationship--1b1bab3a-8028-45ec-a592-a82c21bc921d", "relationship--1e39e9d9-55c0-4dd1-9ba1-47fbcc015bdd", "relationship--5f86f786-5314-455b-87fc-8bfed2c65150", "relationship--08bc2603-f7ca-49b7-890d-ac5f307dce3c", "relationship--618ada4c-5e3d-4809-9c05-eaf82f52478d", "relationship--f114dbe5-cfde-4f76-99d6-2a86e33b32a8", "relationship--e201579e-32b9-431e-a063-62763f8f81d8", "relationship--02e7a8fe-3a36-420a-91ef-52a519d89ab6", "relationship--dfec0882-f258-4c59-9f27-a7d65322e3a3", "relationship--8b328f28-97b5-4941-95f6-967b456f3a95", "relationship--c9b18ebc-5448-4368-88a2-bc04671fb4e8", "relationship--91864bfa-a3ae-4dad-b4f3-54120757316c", "relationship--98143eb2-2770-4bce-b081-75d3e1a198f1", "relationship--150a4648-79f7-4cd5-acb4-ab59ddb805ca", "relationship--38f32c81-510c-45f6-b186-0e7138767809", "relationship--baaf981e-9a18-4213-a3d2-00197d198df8", "relationship--bfd902f7-a0e8-4fd1-8eeb-1921a830f73e", "relationship--edcff748-0b02-4575-b0f2-68e8188fad5e", "relationship--649f0f1e-2f28-4cf0-af4e-c95892f27336", "relationship--7f89d20d-eb7a-45b6-a44a-588b3aab1331", "relationship--d7fe9b8b-02de-4f9b-bdf4-a1c5b7504af7", "relationship--dd828718-44cb-4c60-97c7-7a8d11872a84", "relationship--a514d924-1ccd-4c7d-9879-7fbbe596076a", "relationship--a2f2753f-3123-4f38-bfed-9ef4ef29a8f9", "relationship--8c6ad4f8-cb79-4c63-afac-1efa9e879d7f", "relationship--63cbf723-364c-4351-bd9c-59563df16f4d", "relationship--bb73d66a-1fff-4952-a94e-73986075b277", "relationship--49e65727-8bfa-4d50-a68c-264a24dbd4b6", "relationship--be32dc2e-58d4-4670-b0e0-b1c013f0db67", "relationship--0583094e-5786-4017-be74-d114e29b3463", "relationship--0a7f4dbe-bbe6-4a00-aa5a-6fb55927a3b4", "relationship--b7c2b8f2-6809-4e18-89a9-eae950a09361", "relationship--92213a2e-1890-4ba8-b186-023aeb1175f4", "relationship--272b8f46-b331-4451-8d4b-ca4ab81952e3", "relationship--f394f6b2-2e6f-4eef-acdb-62c3e3f537fc", "relationship--0b3c27fb-755d-4013-99f9-254b8eedf4e4", "relationship--e5939875-2cf3-4202-bd1e-57152e34140d", "relationship--e9b2de37-14fa-4768-8179-5aad78fba157", "relationship--eaddf5e6-6e6d-4d58-8d62-01013411d394", "relationship--7a9c76df-a6d0-45de-b575-91769c51bf4f", "relationship--4181ffba-6cb2-4f3b-8038-fc7148b42a29", "relationship--ac734417-264c-4f8b-b961-22f15ebc5703", "relationship--66cb6504-1da3-4855-9901-edf6a7238692", "relationship--0176707a-93c6-47b8-bc3f-f97d4b608f43", "relationship--7656d2dd-4bd4-4261-80fe-50f65f8f8ff3", "relationship--cfe53b9e-680a-478a-9144-667a7c72dffd", "relationship--fa04df63-e3c9-4ed4-99a0-a55b308d90e9", "relationship--ec456cbe-9e5c-40ff-9743-a664fc84fbc9", "relationship--9027d242-3305-4418-b01f-4ceffe88c850", "relationship--05bc161e-5555-431e-a39b-68aa64ffaaee", "relationship--f5960a54-a22b-4c65-a161-8c7feb9b600b", "relationship--398a09d0-4d73-424d-af5d-797f77192962", "relationship--fb872b5b-bee0-4633-b20c-9a616d3b6741", "relationship--e8519b53-44bd-4927-b9c6-3266572243fa", "relationship--d66af478-98fe-45d0-acfe-3e6ddd12bd54", "relationship--9fd25444-8309-495f-882f-8b22dcf601f3", "relationship--aa028bf6-5bd7-49af-aa37-10ebadebebd0", "relationship--f15c7965-fb49-4248-8cd2-200756fe93d4", "relationship--bebbcc28-3815-4191-b802-36888d45e55e", "relationship--3182f322-c078-47c9-946d-adaba729c13c", "relationship--4e210d9f-8ec2-46d3-ad61-bea6fccb3482", "relationship--c1c02398-3434-4849-a4c0-9f2fab961c20", "relationship--0e59cc4e-d1f4-430d-acea-08bb54c86df1", "relationship--e80ed666-cdf5-4dab-bdcd-a7947db841b0", "relationship--401906cc-533f-4c29-926c-63996efdd974", "relationship--9985043d-67e1-44cf-8e76-fa2cf2f52ab9", "relationship--f17bb5e7-fd85-4b71-ad1b-74cf278991c0", "relationship--f3314d31-198d-4da9-9b5e-5bd40e7f7dc1", "relationship--86051319-3958-4ebc-abfa-472c0367d9dc", "relationship--07328df5-29e6-42fd-bb6e-ec802654ad5d", "relationship--6dd418f4-591f-4ee9-bd6c-9d87e5c6b189", "relationship--6579b6bf-7835-4670-9bde-31738d190c2c", "relationship--b19e107c-db40-4796-ba28-1480f1e2f81e", "relationship--5ca08100-30d1-4e47-bd86-b4c74493b1b4", "relationship--b41cc550-e618-4c65-8683-306760f5cfef", "relationship--e03d037d-aba6-45b4-ad5c-9d46362141fe", "relationship--dd2be071-1078-42ef-a57b-9aa6a05714ba", "relationship--8e260f61-77db-4b60-8fa0-667f5db3be6b", "relationship--4cbb3744-df9b-48c7-9654-7869aed2696e", "relationship--38291072-5ed8-4229-ad6f-85713ad8b8a6", "relationship--2b0350fe-6d88-4a90-b74f-f4aeb175e6b6", "relationship--714cd0df-56d0-4afc-bba2-f8499b0fdeb5", "relationship--a15e9533-cca1-48d8-a92d-f528d79b1840", "relationship--37c6b7b0-d138-4254-8abf-057f3355acec", "relationship--d3ccb6b9-7ffe-4c3c-aff6-a08622bfe8fa", "relationship--3bbaaefb-f1bd-44fa-9aa1-c956b104bb7f", "relationship--3473e907-c15c-4c1f-8c09-f2cd3bbbc5de", "relationship--adadd1d1-d9f4-47f4-9bff-6dc7601dfc03", "relationship--dc4e5209-f3b2-44ec-9097-30c6f08d4206", "relationship--b836752d-2fbb-4686-afd0-34bdda0359ab", "relationship--2ac97ae3-961f-41f8-99f7-7530e47f213f", "relationship--653a9514-af5e-4d5e-83c7-cc2d25b6934a", "relationship--a1af0e44-4767-4570-bd12-ead3e919168f", "relationship--aaf7fb17-4b5b-4b93-9889-3315b970183f", "relationship--001ca5a6-f1da-4172-8ced-c22e035dad26", "relationship--5f4aa784-6abe-4a84-858a-c788f482ea7d", "relationship--64800318-19fc-4c0f-aac3-2fafc7bcd046", "relationship--72c6c85a-8e78-4f7a-b69a-6a80c2815404", "relationship--efba64aa-e8c6-431e-b19f-d7a09dc6dbc3", "relationship--53a1862c-3c56-4145-84eb-f2d8a7dc5dc6", "relationship--011f0f74-e31c-48d7-92f1-83a6459f2d1a", "relationship--bbf655ec-dd86-45e7-ac6e-a831151adc16", "relationship--8a565fb0-7ba5-433d-933b-54e8d96a77e3", "relationship--b9f9d880-4f25-478c-b6ac-0b6ee4520a30", "relationship--e24c78d1-e0ce-49f5-806f-d6f7053b2c24", "relationship--4a434557-d037-4018-936f-cf837b841338", "relationship--76fd1d8e-dd13-4456-adde-a897fe834c10", "relationship--5ccd2437-28ff-49c7-9cab-ccdeb0f29cc9", "relationship--92a3adc7-0d7c-4a45-8301-e32bed2bb1dd", "relationship--3208dfec-1e6f-4b6d-ac60-d7bba2685de2", "relationship--9f698d07-f295-4f00-b38d-920a32ae17c0", "relationship--5e181600-50d0-4d5f-aa67-0fcaae02894b", "relationship--db659e90-c27f-499f-b656-b16c47f56a2f", "relationship--8fbef56b-ffbe-4232-aa84-c7cadb21bb21", "relationship--46d5f200-cce0-47a5-9a5b-bab01f6d24f3", "relationship--0acc9043-2642-4762-add7-0d5885e53157", "relationship--fb9e6282-dd37-46a7-bbc2-4370cf8377b0", "relationship--a7b0cf7a-0072-44af-b5a5-afba3c1aaafd", "relationship--d712000e-8e5a-4d16-80ac-9344edbaccef", "relationship--14a92e49-87f0-44c4-ba78-65b62b18b58d", "relationship--2a4fea30-2ab2-4d0c-95f9-316b22011303", "relationship--9c932393-6314-444b-bdb7-1cca2004a9e1", "relationship--cd4da6d9-cd20-4e98-a3c5-4c91f869cec7", "relationship--1655a120-7b4a-4e4a-b4e8-7bbe6f6261d8", "relationship--7f486797-7987-4ff4-877a-cc1b08e59e50", "relationship--eb31fdcf-1823-4f32-9c95-61cebd8cd12d", "relationship--d7bb5684-525e-4de0-b008-a60b89639eff", "relationship--7a16b8fb-bdc8-4a71-a60c-601ff5bc7a5d", "relationship--b4499dbd-ff38-4cf7-9106-cb127b0b1809", "relationship--930b1264-2f6c-4dbf-89a9-6c006d13d364", "relationship--9bb6a42e-517e-45d7-b159-c72c9a028907", "relationship--83707d3c-a27c-43ce-b94c-17785195bca1", "relationship--7f79eb4d-1948-4ad1-af18-8f3103e50339", "relationship--2790f771-4329-4ba4-9fce-21ea939e93c7", "relationship--4d54f10a-d124-41cd-ae89-4e4fbffaa80b", "relationship--839d4e5e-ce04-4595-a24a-a18d7fdb30e4", "relationship--bc2c2211-7600-4125-8023-faea78cdc2e2", "relationship--8d92e076-4189-4d15-be91-79f7dcdcb52b", "relationship--baed6a13-8f2f-43c8-b6e5-66e2b876e912", "relationship--c01f37cf-99d8-47f1-8c7f-be453f214b5d", "relationship--3387ec2b-70ba-460f-8b64-0549be221304", "relationship--ddb6754c-4c76-4923-ba71-6451039a418f", "relationship--e77cd55b-e18c-4349-bed1-3c85b99dd47c", "relationship--5cb92ee4-a349-4dc4-a874-1725bf322c0e", "relationship--1845247f-6355-4715-ac22-2459c7529292", "relationship--3a6d3919-1f45-4b99-89f6-60961f79fe45", "relationship--20c238d1-ab5f-4922-8c72-e50f1884ab61", "relationship--20645816-3a34-4415-8a72-a1576b3bf8e5", "relationship--91f5bc66-2cc1-4a5f-a63c-f5a2315a81e2", "relationship--ff7dbd75-0685-4501-a409-1dae846c4579", "relationship--d83c4aa9-f268-4d19-b1ad-7131b141ecd2", "relationship--eecc7c1f-74c9-44e6-a4f0-246d5aba7644", "relationship--35d1a862-e3ea-4f12-acd5-59d8fdceda49", "relationship--b03b51c2-3833-4bcc-b12c-69b9653c2fd8", "relationship--1b72dd78-e687-4687-badf-427b9eb9c5f0", "relationship--5d04a9e5-5d66-490a-843c-a010b41eac9e", "relationship--d53ec462-d8ba-4f56-9ff9-81e5327cf094", "relationship--ff398409-0b6e-4f72-9d22-a7e7c906edea", "relationship--1e63925b-04e3-4e81-9fca-c1435227e705", "relationship--8c8caa6b-01d2-4c32-95f2-59f07b2c4f73", "relationship--e0c46af2-2cd7-4a65-8c90-6ea31692610f", "relationship--0e0e3a07-1e22-443d-aaeb-a5993654847b", "relationship--0e85b39d-06ab-41f2-931a-5f5c68cbdd89", "relationship--c6f907f8-a29a-4d47-bafa-7f4eaf41f8e7", "relationship--a8873d07-5ddd-4a2f-8cde-ac682b192b2c", "relationship--6d289256-2339-49e6-b2a9-aaf4033cab0e", "relationship--569ee7bf-f3c1-49f9-aa00-9706f12e365c", "relationship--492884b0-5395-45d3-b066-99a0921bf643", "relationship--f88a9846-0c58-44e3-aed7-a4209a749326", "relationship--ee8d025f-600c-4b42-9d52-8f420ca3762f", "relationship--be1a15ea-af82-43ce-9f26-0dfc907535fd", "relationship--8e94f3ba-b92d-4c2c-a5ff-e23b09233948", "relationship--7dbf1238-2252-4d1a-be54-63393da7e96e", "relationship--9e4a3c3c-59ec-4f23-9c02-431b2d426a21", "relationship--a008749f-619e-42c9-aa97-fa9935977b64", "relationship--661f9b07-188b-43e0-a9a5-7508fbbd43bc", "relationship--bf7b6df1-041e-49fd-8d43-3d8cc87d1039", "relationship--2f375e5a-3b65-498d-96bf-03ae7fa77f72", "relationship--7c9db0ae-8eba-4f14-9b2c-14c74d77bfd8", "relationship--cbd16dbf-cdb7-4ec7-a760-9a960e7e33df", "relationship--fc50c280-c164-4f78-9ef5-b551dc21df21", "relationship--75f2bccb-3df2-46f8-b8fe-6340da83a4dd", "relationship--055372e2-4b78-41a7-a2d6-1f2ba0e32495", "relationship--c2e059fa-a091-4c1d-ad63-2ec2db18f95f", "relationship--88dcde49-4680-4b42-a65c-4ccdefa829c1", "relationship--763753a4-1c49-4eec-8e1c-00ac46a5dab2", "relationship--a36f776c-406b-4610-bf99-393c1479e2ec", "relationship--35c7ee1f-cbdc-43bb-8b1f-805db6102ae3", "relationship--e0e6089d-bd4d-4839-9c30-ecc67f3def53", "relationship--1ef6196c-5f3f-4257-b15e-a08c3b26d5bc", "relationship--2f04736b-d209-4742-86e3-f036637788e4", "relationship--b17e5520-1c34-414b-ae0c-77a9e89085c0", "relationship--ba0f4aa3-490d-42f3-8066-63dc51cfa515", "relationship--641d812f-ac95-4e4d-866a-90b2e428befe", "relationship--aaa3e60b-00ef-4b95-a407-8e5af6f98658", "relationship--68547101-2da0-48b5-b677-17242bd9b51f", "relationship--ff0af8c4-7fef-448e-9bf1-db1047980e22", "relationship--ab4d3ba6-9442-40f3-b4d6-0e40c64d438b", "relationship--e2ec83ff-0c4f-4dd9-95ce-f6b4c6b01763", "relationship--2ef5aa0a-afed-4c00-9278-c81acde2b8e6", "relationship--c432999a-1c1a-4978-902f-5c89654be61c", "relationship--3daefe0d-a86d-4c80-9231-2ca6b58d474f", "relationship--43bf5448-37c7-4b12-945a-5e2ed67abb1c", "relationship--3c7ba5f2-f11c-4e3e-84e4-1bee39308742", "relationship--1c589551-511a-4635-9c30-50f0e88fea30", "relationship--e70d6ef3-aef4-4086-b56e-6b1dc19f22e4", "relationship--ff2d9a24-2cde-4cef-91ab-435139ff3d33", "relationship--dc1fe550-f8bb-4603-9a05-fb6d4b4ff2e9", "relationship--d8959eb8-e0a1-4708-9574-c92d35d22177", "relationship--4e8da83f-3ab9-45f6-b30d-a4a8820cfb5d", "relationship--9ff2bbfd-9591-4c73-8b80-6e7c111d91a5", "relationship--ef147b7f-086d-4050-a9d7-c7b690c8c215", "relationship--7cc0b87a-5a7f-45cd-98f0-de2d50fb317c", "relationship--62ac3675-74f9-4a9b-9f9d-30da3963562f", "relationship--d8f7f6a9-e230-43b3-9883-0a4120b35d92", "relationship--8c186ba6-66ae-488c-b218-dcf568653805", "relationship--ee5df312-0b61-4c14-90d1-832199678ba9", "relationship--3cd05688-c502-4fd1-b571-db11a7d0408a", "relationship--78432ac4-9743-4d8b-a544-63ccf21de616", "relationship--7b293bc2-1bbf-4928-9e0f-b596dc71ad96", "relationship--c8b6c9a5-424b-4565-954a-1f16cc699826", "relationship--8a3b5474-9f75-41f9-8454-22a12740c03b", "relationship--ab66772f-485c-40c3-8ee3-65126942cc69", "relationship--5af322db-b7bf-4406-bd83-ef8d26d4178c", "relationship--a31f5b87-3629-4487-adb2-6e2068de89aa", "relationship--9f10f4bb-5d4b-4397-b930-6f8c47e58c26", "relationship--36b0da3c-b8bb-4ed3-af05-106e78fa41c0", "relationship--560495d7-b1d0-478e-82f1-db2407162961", "relationship--3fa1e34d-70a4-4414-baed-6f578cbc6dc2", "relationship--cd36a5b6-4797-4457-82a1-42a734115314", "relationship--2998e373-f193-4f2a-932c-05d625f59384", "relationship--e499246d-5da8-4fec-98d2-b96e034049c5", "relationship--7ad4d3ed-32cd-46d0-b6b3-594d01543bb8", "relationship--8b0ad798-c914-4e78-a75f-bc2deb11c9a3", "relationship--8e2a12cc-14f6-43ab-a9b2-4a53fe5ec83a", "relationship--aa028f57-9a24-466b-904d-5da0e9cf2e39", "relationship--99333926-f11a-4350-b762-7b27618765a3", "relationship--e95da2f6-4dad-4d90-ac84-c7878d9fba1c", "relationship--eec55010-499a-4fb8-852b-01f4e7236ed9", "relationship--8d72026b-8add-46e4-9465-3d9572ae5462", "relationship--a235cb9c-b1ae-4a31-80a5-edf1eb480d49", "relationship--45f4a409-e347-4794-8853-68bcfd9c0848", "relationship--17d8c49c-1c1b-4b28-a2de-76c2b3e2e896", "relationship--7b70b2b1-058a-42f2-b914-033335ee3fa9", "relationship--3d2eca5e-bcae-415b-ac1c-0cd74833b952", "relationship--11218c45-4f07-41c2-a572-b6341eba0be7", "relationship--dd9a5b13-1b2e-4b4c-89b7-c5d7cce6df56", "relationship--d399553f-bfe5-4d1b-9740-cfcb6c48f7df", "relationship--8d9ace1a-6bb3-4418-a0ea-c352e31108a7", "relationship--ef86188d-acaf-4c66-a085-dd5feffb6441", "relationship--51299664-d410-4695-a81d-5c1876f65ad3", "relationship--6c70b74f-7f7a-4607-8ca5-7638648b0289", "relationship--8f170794-306b-4a1b-9bc8-d295c6467c46", "relationship--0f4f8c50-0ae2-4a1f-9a24-4e83fa956913", "relationship--8eb76e0d-6cfe-4695-9557-cbc3d53611a9", "relationship--39d2c786-167a-419f-9a7c-bb06dfbe00dd", "relationship--e1a8d546-0612-42bb-afab-c76ceceb61e4", "relationship--5c180a62-729a-4cea-89c1-34cf2c4e08e2", "relationship--114e6fea-e33b-4a6b-b69e-632a5c2e8055", "relationship--3f5a0810-5fa5-4abb-93e9-3549a73bb447", "relationship--711cc622-d472-4211-9f67-18d0ce09091a", "relationship--17befcad-cc87-4f3d-a4d9-97760291dbdd", "relationship--62785fb6-b44c-416a-8164-300b08841d26", "relationship--4c4760d2-9aee-449c-b62b-267812500305", "relationship--985cb01e-e338-40f2-a73f-8fb653ce55d9", "relationship--be5bf08a-bfb8-48dc-810a-445b56edc8ce", "relationship--ce4f5dba-ceff-4fcc-9752-81d16f7b46ea", "relationship--65b69d93-4c1e-4e52-b025-ab66edb65240", "relationship--e7cc6970-ca2d-463a-90b7-13b6945ad681", "relationship--8eef67e2-6ecf-4d5d-a9ca-3d164c2764fb", "relationship--4c72c4eb-0965-4f76-9bea-cfaf415f33f0", "relationship--0481a7f9-23f0-4d39-936d-38c4d86ea176", "relationship--06106db4-738a-497c-96c1-c04e84c67075", "relationship--73d8fe18-9ec1-4d0a-be43-cb6315ec9285", "relationship--3755d8f2-8018-4cff-a8ef-01b89b1c7ec5", "relationship--450184be-1066-44ae-ac64-2d85fc220799", "relationship--c1f54572-c602-42c3-86fe-412128bd113a", "relationship--cd082c97-50f6-416a-a05e-a27ac0562ef0", "relationship--216eeff9-fc7c-4862-9564-280a9aaf0bca", "relationship--f1c4faa2-d995-4adb-bd47-05e6b7735aba", "relationship--bceae17d-cfac-4d37-9c68-15d506d2ad31", "relationship--94e9fc58-034b-492f-8bdb-1f050a493554", "relationship--1ee05e82-f05f-444a-996a-547d14d9d843", "relationship--b05bf316-6863-460d-829d-c9a30bfc2109", "relationship--4cdb4bc6-b4df-4ca0-ab36-cd34cdcc1cc4", "relationship--51ca70f8-65a5-4ca1-823c-949aa4979467", "relationship--3bf57043-7959-4ed1-98d4-6b7f94c8a35a", "relationship--77100d9a-4f01-4877-9cf3-12c4ee915f4d", "relationship--7e4ba806-cd9d-4f86-9667-4a869b22d44b", "relationship--d7b5d1e2-7816-45f7-a133-f33f9e898083", "relationship--75868281-a816-4c0a-815d-bbdfaaa3071e", "relationship--4a33fbf8-23a6-4242-9890-6b354b4026c0", "relationship--87ea1b17-da52-4fac-9507-4f265de2d815", "relationship--37827265-c838-4fc3-bf2d-159494318320", "relationship--3a224858-5904-4982-b840-aab8b2ffb371", "relationship--b3af5a5c-8298-4f22-9989-dbb2873ce323", "relationship--10d594b3-66e9-4b4a-8ecf-194925b0869a", "relationship--27cd7bf1-f991-4983-8362-186134576e30", "relationship--835eac7f-0372-4924-a751-522e0471e209", "relationship--461f4c14-629b-4882-bb9a-d5d0dbfbc8c2", "relationship--8de991e3-2da2-425d-94db-64c29ea70382", "relationship--b05daba0-7ad0-46a8-bc4c-7457d38b0477", "relationship--eba44935-4a66-40fd-9e06-30b50b5c33e8", "relationship--fc75b882-13b6-4b8e-aa28-647ed89b3ebc", "relationship--a15fe21f-dd20-4672-93d0-44bb672a975a", "relationship--d31dcf3b-24f5-44b2-9049-58685a6f666f", "relationship--a5357931-8d3d-4218-bab8-87afc7ca9159", "relationship--85a86926-4867-4e66-9010-192f280ccc48", "relationship--e7e2b640-d9c9-4eef-9099-2832dcb1dc6e", "relationship--a9fc7093-e402-4699-a0d4-8fa719c9bc45", "relationship--17b25f9d-0311-4202-b633-1fdc67964bfe", "relationship--943cf922-ba42-49b4-a808-93c566645a1b", "relationship--1afb08e1-d0cf-4c33-901e-0c24521f2c16", "relationship--5b371b58-12d9-42ab-8987-ad7d35819c0c", "relationship--8fcb92c9-4819-48eb-95b6-a20c5254b1ed", "relationship--3efc1391-a185-48c9-957f-a81e6f1fc354", "relationship--1d6822a7-7cef-47f6-9051-82dae9902890", "relationship--36a3e6cb-989b-43f3-bd43-d15473d2b331", "relationship--f75c84f4-12cb-4601-8f17-c14327e9bdba", "relationship--e542cea2-6445-46ca-93ff-ce44f86c6948", "relationship--5e4e308f-ab55-4ae3-9185-ddc0150f3b63", "relationship--07560729-0f04-4261-b07c-4faaaa6e9aaa", "relationship--804461c1-6dcd-4b60-888f-43c9d5ca5361", "relationship--60fcc483-e88b-464e-aa70-fb0cb5b9016f", "relationship--022aa70a-6627-4a7e-8ddd-d8142aa709e7", "relationship--5c4b70a5-408e-4b83-a3d0-fe6d3534d800", "relationship--7396cdfe-14bb-46e4-bfaa-137ce95bb490", "relationship--20bee001-799c-4ed8-8860-3ed8f89a9a45", "relationship--dd3eb4f1-cae7-41e7-808f-a7b695ad5cf3", "relationship--f98e4709-4d4e-4ee4-81ee-cb567910e875", "relationship--c23dbd98-ceb8-4c0e-b170-65b00612d39a", "relationship--52b2fede-bc58-4dd3-8cba-bf6a3d7b6073", "relationship--654a715c-1594-4488-a3fd-7b8c7d39dd0d", "relationship--c4fae698-934f-48a5-bd3d-f5a228396197", "relationship--b839ad11-b7b9-4798-9f1e-fd80d4c40bc9", "relationship--1828742d-409c-4e93-96b6-92bf6d3ef3a4", "relationship--323fbdbd-1a86-4abb-b0f1-3aae6d95e8a9", "relationship--4872070c-977f-400a-b15b-19d0d63daff8", "relationship--e58ccecf-bb87-4980-858a-eba35124dfda", "relationship--e4364386-481e-440f-9456-edffd8f8a716", "relationship--f487aa71-8c11-403a-928a-aaadf176d38b", "relationship--f3b44bb9-71b0-4add-bc4c-271cc4672196", "relationship--052b1ba9-1473-41f4-8836-4661115e5934", "relationship--7ac86398-a993-49c3-9f00-987a38da6c8f", "relationship--9a58773c-a24b-46f2-a493-edaa93450235", "relationship--50cfa2e3-43c8-4586-8405-7dd1a19d6b18", "relationship--e975fbc1-f569-4e2a-8b70-76651f2ec0bb", "relationship--2db6a00d-4153-4e73-a2d8-9a81528b9990", "relationship--e597a7b0-afed-4387-893b-53fe17bf7aec", "relationship--8fed8c0e-097e-4c71-85a9-0f4fd867b287", "relationship--2a565af7-d8fa-4b1e-bec4-aefcfadd5b32", "relationship--8d1a4e98-fff2-4859-ac1f-264e5ce1c94a", "relationship--d6741c64-0642-43e9-bc2c-59e36e9154fd", "relationship--b34704ab-764a-424f-9e45-8b68c0e65d57", "relationship--28294a0e-1a39-432b-a75f-52eb924e1474", "relationship--b2c72a72-64bb-40f8-9006-7b2467a5f5e3", "relationship--97f3ce7d-6681-4c34-bad4-d7a184076575", "relationship--89cd47a1-6664-4972-942c-4f179f788e27", "relationship--693a84fc-d17d-46f2-86d8-3176dd88fe46", "relationship--9b630cac-1bd5-4a49-96c9-ada7a5ed839d", "relationship--42334386-f08b-4eef-9dcd-f206de9293bb", "relationship--e145bb13-2734-4e7c-b7e5-4f21e05eb048", "relationship--37ac6ae9-5331-4c4f-99f5-ce5718172edb", "relationship--aa048954-f521-4c50-a155-d6d17305d361", "relationship--f4f5527f-230c-4270-a18a-4745e751df8d", "relationship--b45d31eb-76e5-4f79-af9d-357577c48623", "relationship--22f9bb82-02ea-4355-a887-f98fffc512a0", "relationship--75f2b13f-fc55-4539-8cee-fc714782f1fe", "relationship--47f2e6a5-d0dc-451f-a4e5-41e21f647e20", "relationship--455ba546-a8bc-4bc2-8b18-6e937e817226", "relationship--a7c238b2-034c-431f-9c9c-4553e01b4114", "relationship--e8f0d0ff-7e4e-4b2e-b3d3-99bd5a413d71", "relationship--9fa38136-c8b6-4b29-8dc1-8538b1e2de72", "relationship--50b5e60e-8fec-4836-8be3-1a82eaca7739", "relationship--ba6a39b9-dcff-4bb1-8368-bc91a31daef4", "relationship--d366e8c3-09c2-4900-9ab4-d6bbe6721c03", "relationship--94547420-951f-4799-9dc4-0358e0270c49", "relationship--16f894b6-faa6-4bec-93a5-5e933a50e554", "relationship--033e21b4-7663-448e-a21c-3864c43c2c32", "relationship--8b88d5c7-4ac1-410b-9630-b117f619a2a4", "relationship--a09fca7e-4666-4d30-9cf0-fe32f9da9216", "relationship--951029b7-c4b2-479d-8e6d-75851553083a", "relationship--9dbef554-a369-4cb5-838f-1d5ac1f82197", "relationship--6c3235f0-fe23-4b7b-a548-7b4a115ec95d", "relationship--64786b77-a9d0-49a0-ac4f-745f64888937", "relationship--4969f727-c75e-400b-9498-a0746f848136", "relationship--12c00dca-e002-4599-839b-15c213192b7b", "relationship--88c3cda4-c600-451e-bca1-081367e53771", "relationship--56051929-5c00-4b47-929f-538dc31b7763", "relationship--79fba917-6665-43f0-a8f4-896c5e187063", "relationship--eb2ea3c8-91cd-4e8e-844e-f5c332838b55", "relationship--3376db16-c06c-4b6f-89a6-9d3698bc7f34", "relationship--76cb8570-e6ac-4b90-a9bc-6edb2253cfe6", "relationship--ceb36c38-05d1-4d8b-81ab-670d35c96b9a", "relationship--d8626b68-1180-47de-af65-7468fd38d4fb", "relationship--298f2f9e-ee3e-4df4-9a29-8db12727dbec", "relationship--d86ae158-fd8c-4671-a95b-0891e9accb48", "relationship--9b0e425d-030b-4630-b0e8-a01ace87bfc3", "relationship--779b0272-8f05-4001-b194-91ace7961e09", "relationship--d8801411-89ac-4313-b5c1-50b2111061eb", "relationship--152919fe-14fb-4a90-b668-123326a9107d", "relationship--95f2d4c5-255c-4b28-9c86-a9c013af0420", "relationship--8777909c-b0e3-4aa7-8919-b4abe044583a", "relationship--2b9f5886-ca65-493c-9e67-2556f364feb5", "relationship--60ca5ff2-6366-444c-a2f0-d1e40ef6316a", "relationship--2cae5bbe-e453-485d-8cfe-ed833c2b6bf3", "relationship--668ac46f-afa3-48a0-aa5a-a46d2258c5d8", "relationship--0bbf735d-edce-4f95-809e-420711ef9eef", "relationship--28dbe701-5c88-4de3-b7b5-9ac13dadd0fc", "relationship--6b838f43-ec0f-4a11-9861-557592f6f070", "relationship--4e2affb6-aa61-49f3-b74c-6431bcd93f65", "relationship--c931a871-f5c0-43c6-a3fe-00ed9ec5eacb", "relationship--2387fed4-5131-45e0-b682-cfc24367fbd5", "relationship--115eb85e-34dc-4f44-affe-15daf7f33659", "relationship--90f6d0ec-734c-477e-b973-9ae1dfe68b71", "relationship--eaa6b3c3-5752-4460-a31c-8b2df6290a67", "relationship--52c4fda4-97dc-4a7f-ae27-d74e6062ff04", "relationship--48df0940-907a-4d06-a40d-f53ad21fe76d", "relationship--b02e2594-3280-47f9-9e9c-e17f27bd1d6f", "relationship--30f7f9c5-97db-48d9-85f4-c8e291702242", "relationship--d0855a44-f15f-4b4e-836e-a731efbe3947", "relationship--da2d6a8d-4c41-49cf-aa12-1fccbaeb4d8c", "relationship--404efbb5-289a-4a2a-a186-4a2d7a6cf340", "relationship--e88e364c-9696-48ac-be59-e523718fc2b4", "relationship--497c9708-f95b-482b-a002-939277ded228", "relationship--87dfe98a-0ba8-4f79-bcfa-31bab4cb0edd", "relationship--006fdbbe-9627-401d-941f-580589942b56", "relationship--47d60c80-793e-4672-90db-def18ab414ca", "relationship--db620233-55a5-465b-8805-26390071538f", "relationship--c9b493a7-8189-4e2d-85cb-f33b95b9d7ed", "relationship--7dd1088e-2f15-41a8-ba29-8c65cc208a2b", "relationship--a4f7cd90-8f10-483b-b481-b84a001257b9", "relationship--b09db867-2f12-40f7-8915-e4a2fa48ad3e", "relationship--3bf35f62-ce18-4b79-af87-a42aea663eb6", "relationship--d745ff61-8c84-4fa0-825f-ad4c7178bd19", "relationship--04f0f5a4-fe90-4cae-9d59-685875272922", "relationship--b9814aa3-8fea-410c-aeac-533812153985", "relationship--1fbdb7ab-9034-4b34-966e-586b5da6a312", "relationship--6844762f-16e8-447e-a93e-08517894732c", "relationship--e0595275-0a72-46a3-b902-6910ee20b9d0", "relationship--f7eb2884-f763-418a-bbb5-73617784f4c1", "relationship--d498f838-eccb-468f-9593-372a351631d8", "relationship--8cadba6c-912e-4dcc-9f1e-da6efe7d19dc", "relationship--4e17fdac-7bd4-4aa6-a2da-8bb2c5d6d10b", "relationship--80917567-6a81-477e-9618-be117343d3fb", "relationship--6b560ea3-415a-4621-9d01-d9b15f18615f", "relationship--6fc2d507-ee78-4e2a-bc1c-a995eddfa96f", "relationship--db90843b-166d-4bef-ae8d-c06f18455b0f", "relationship--cfe89239-0bdc-401b-bbb4-874797ba18ab", "relationship--f4141c25-fe62-42c8-ae79-eaecd88370dd", "relationship--1e00914a-b136-4588-b35f-7192fc4d802e", "relationship--e5451fe6-0609-44a1-b215-b8a536cefb85", "relationship--bf97fbf4-d7d6-4bb4-8416-81ca876ded97", "relationship--8fee0fc5-5af8-4b7e-8153-85ac490d4f6d", "relationship--6ba68ff5-f44c-4e84-999a-da1fc92d917c", "relationship--83561584-8984-41a2-b5af-fa0b32b019f1", "relationship--90bd3afe-11b7-4774-adaa-e69c21a325a0", "relationship--b5ac208f-4cef-42d1-9787-7907597060f0", "relationship--35883d75-452a-458b-9707-24a2d51d2569", "relationship--bc243c84-781c-4e9f-a844-02e3bbf6cf71", "relationship--9e4852b7-bab3-4681-9d0d-7fc5e15800c0", "relationship--a1b7bdca-992b-4eab-960f-8e934dd5ddfc", "relationship--301e7790-9cc6-4fd8-898f-8d594e41c1f1", "relationship--ce35b06e-4e61-4e27-b913-2b0b4afe2adc", "relationship--654c358e-46fe-45a0-aa0e-43679bce7263", "relationship--23bd90a3-109b-4a0b-b30a-d960e237b3fd", "relationship--e5f9839b-61dc-4830-8941-98b03db2c537", "relationship--ec1acb22-33dc-4dd7-bbfd-ad7d29ae29ee", "relationship--d46f9e8c-c4b0-4be4-9e0f-2292ec725771", "relationship--317571ca-1037-40d9-a67d-1c0a2f84f98b", "relationship--32cfcebb-a653-438a-be2a-862c33adb038", "relationship--e0190b79-bb92-4ffe-8d71-707f2564e941", "relationship--fb8a145c-9111-4e58-b06f-ea415552e5e6", "relationship--9dbda286-5647-4c07-8476-d13aec558084", "relationship--552c5ce6-823b-4bc5-aac9-11f9a0fc8f86", "relationship--6525b4a4-36f1-4f20-91db-b800f6c7e7b3", "relationship--df53fc3e-b80f-4427-ae2c-5151c0bdb342", "relationship--6fdb5d83-4ddc-4110-8628-73d63d4c67b5", "relationship--2863245c-609c-4260-affa-6d24265fed92", "relationship--0e93de45-6e60-4b14-832c-5f4ac10c33f2", "relationship--700a6c79-04f3-4dde-88e3-a62747cd8340", "relationship--d6293430-a94c-4df8-bc9d-7170f09418cc", "relationship--9acec536-e7c7-44d5-ac2c-9671d724e02a", "relationship--8d6d79bb-77fb-4418-9f07-1393b10ea2d4", "relationship--cbe8fd5d-0a2e-4393-8643-3fa23b7c3cb2", "relationship--e2e1947e-ab38-4b87-bc33-ed879b1a888d", "relationship--033d8260-b542-4a4a-9fe4-30048c2b746d", "relationship--c21728d4-117f-410c-8a50-8739bf4b3960", "relationship--053827d8-55e4-4099-badc-b298a1e9bf91", "relationship--bf55a44f-b6c9-434a-9a61-d5afe6542256", "relationship--d6249af3-2b2d-4cb4-acd8-2415130dd2a8", "relationship--8e1f303f-7198-45c5-9449-b44d7d6e275a", "relationship--f2e416ac-11d9-4bff-ab24-d3e40d37fd26", "relationship--046aed0c-101d-4e27-ab89-5d9e8f8a9250", "relationship--949c0b68-61cd-446b-9b85-843fed09ce98", "relationship--9ac617f2-14a7-44c2-abda-d9aeafe48acc", "relationship--41fd988d-b47c-4961-b143-d85c75088ec5", "relationship--5d1d025a-5a0b-440c-89ca-18cd6f8fd8a5", "relationship--540099d5-ee99-4d03-9e41-708d16e6d370", "relationship--112d9193-5515-4253-8900-2e30462697bb", "relationship--b4a264ff-808e-4523-ba88-7dd027ee931f", "relationship--395dc8eb-5196-4699-82dc-f0f611e95042", "relationship--6f18b4bb-36c1-467c-9e16-ab89975b713b", "relationship--bc031a19-12f4-4bdf-81cb-ce7a9dd1da86", "relationship--ed8e4afa-6121-4b05-b79a-1e7dcefc13d3", "relationship--42681f7e-5296-4939-b9e0-0dbc40e2a668", "relationship--a4f2079f-7f1a-415d-8d7a-e4c0a4768de2", "relationship--a125ff2e-6671-41dd-8af5-d9974281c972", "relationship--da814273-66a5-4fb7-9e73-dff2b6e1effe", "relationship--dbd30481-e261-4537-b102-2f81db2ac0e0", "relationship--f09ef62f-5b23-49d4-b5b2-b83b54ef513c", "relationship--cdfa43bc-eb1a-4a28-b47c-d7e77c62dc0d", "relationship--fc2c875c-2c68-4e47-afdf-d6f2e613e7fc", "relationship--6c2ce1b8-50dc-4545-af04-dac6bd94616e", "relationship--d5feaab9-b504-453f-ac8c-248f1bd4e461", "relationship--92135654-b91a-4b86-b61c-6b4fb42ff00b", "relationship--5b331a1f-0914-4874-a486-776f99d60a3e", "relationship--e3f90503-f08f-4b5d-9e0a-f2e49c79f76a", "relationship--ff491124-83dd-4047-9e92-0b015c54088d", "relationship--f874d685-82a6-4c23-ac92-72d63cd3795a", "relationship--22fe6efa-ff7e-4e9a-bd9c-4c99ff678bcf", "relationship--e4ed3be5-66bf-4cad-864f-39bba709b589", "relationship--ee122107-7827-457e-98b5-bd2e39ac3a13", "relationship--5905e9a7-7c55-4c9b-a5a1-6ddee42883ae", "relationship--c32e9137-adfa-4b91-8e6f-9ccd39689329", "relationship--bf1d5155-5d99-4878-8d58-572305bd22e4", "relationship--6b0ad9cb-ecea-424a-b04d-d51e09327fe3", "relationship--d9c3f2bd-8da0-49a6-b6b9-94be1cb54d44", "relationship--bab25374-fa61-42b6-9dc6-0e8b2c9ef92b", "relationship--a427ab51-020f-4634-a2fe-5696c5e51964", "relationship--67783ad9-c156-4700-928d-a0d65a6b7a58", "relationship--bd8816ee-2ed8-46a7-a101-45d22f290474", "relationship--a5b268c3-b6a0-41b3-a35c-8094df1287ad", "relationship--aec348d5-b019-4d5d-9b50-21f22fbc349d", "relationship--c73bd907-1af4-4360-b9f5-878d0c677f48", "relationship--0019265e-862c-48ac-a9b6-0a308bdbd73c", "relationship--10a2cc4b-ce57-4974-8ef6-4f3e2ca63506", "relationship--e8255b88-f3c6-46cc-8a3d-03e7d1dbf22d", "relationship--6a9d01a2-3ff2-4f5e-892f-e923bc3d9638", "relationship--06900a1f-edb8-4de2-accd-ec6029f1b280", "relationship--95c6847d-6b2b-41ab-8773-42f3f3cb3913", "relationship--16c2866b-66fd-4217-b3bb-a0c564868e6c", "relationship--b7fd287b-dff9-46cb-9400-b5e8de0adef1", "relationship--c0b680f5-2476-4a2e-a824-e837f2724cfb", "relationship--00253d02-b877-45c7-80d6-726092f8fc6b", "relationship--0850592e-78b3-486d-b624-30fa34c328c8", "relationship--f787f4bb-abc3-4764-a703-6d220ec5df31", "relationship--c6b0ecb3-905c-4978-9088-9520220a4084", "relationship--dc5be1cb-494f-48b3-9012-17dc1201b1cc", "relationship--624becd0-393f-4454-908e-e16f692c9ac5", "relationship--9b9cc3a7-43e3-4b90-b481-d00346cf071c", "relationship--c2fd7f6e-583a-409f-ba01-0c8508394600", "relationship--195f6edd-d5c7-4860-a2ce-6514dfab345a", "relationship--8be8175e-695a-497d-a2ac-53b8f64a363c", "relationship--47ada41a-aa38-4942-95f5-e512686bc867", "relationship--b237b268-b2f3-4c57-afa7-4d05dafe7e7c", "relationship--8b129536-7e08-4304-89b9-dd9970fd2ef3", "relationship--dae57acd-b98f-42a3-b14a-f4584435bd4f", "relationship--50555a89-a4ea-4cf3-8460-eb0ce66a326d", "relationship--1395bf4a-6e32-4941-b2ed-17f6bbf3da90", "relationship--f2d2cdb9-5326-44ba-b049-243993b82369", "relationship--9a0ff123-1c65-4a0a-9a68-0ab38fb71d57", "relationship--1ad2f7cd-4fcb-4ff3-b4c8-9db03532fe83", "relationship--400be1a8-c4f0-4479-a990-b8eabe6b2f92", "relationship--03615f61-00fe-47b8-ab51-10cf34b73025", "relationship--2f4b7267-5452-447c-b984-d891163cfd46", "relationship--edb4e080-53cf-4e3a-a825-eeabc8c3a162", "relationship--69b317b5-b2be-41a7-994b-da16fbd238a8", "relationship--39fa5eeb-3a94-4247-aab7-49256a820cbb", "relationship--0da5d529-e563-46a9-a7a6-baa579b4185b", "relationship--7a269b5c-6d20-4622-b656-1a444c2de91e", "relationship--387a46ff-af64-4ab6-b007-4bda9d235225", "relationship--5da72d0f-c755-4798-a2c0-620d1c3e8a91", "relationship--d1a83fd9-18a2-4e41-a42c-eb4ed50d6820", "relationship--1f50300a-b2bf-4d5e-be4b-c9abfd949ee3", "relationship--8debe86f-4645-4612-ab1e-4ccb33e16426", "relationship--68f55880-5872-4021-b8fb-5ef1863fb538", "relationship--e28657e2-bc1d-483c-aa56-b3948f97200f", "relationship--67302338-9513-4776-b359-c0b28d876ad8", "relationship--9ea324b4-7ee5-4e69-9a08-3cf9b53ef1c3", "relationship--2146b894-2790-4ac5-9255-1f7eba52607d", "relationship--86f69ba8-df07-4016-a90c-46122325bb48", "relationship--3d152c2a-1bbd-46db-951b-74c4e5a4626d", "relationship--389eabab-8fee-461d-bc1a-8f365e35f719", "relationship--d4b7314e-4a95-48a8-96ec-8f11b420cd3a", "relationship--1c9d812f-f017-41e5-b773-f8cc6dbf322c", "relationship--22e58909-0198-41db-8195-4a95d83862fb", "relationship--18a6acf1-9e46-4722-a3a7-61ca9de4f39e", "relationship--079fa11f-1caa-4971-8598-85911e674c81", "relationship--158829e9-5c10-496a-b712-73e5ab0400eb", "relationship--aa7875a7-52b3-4fe2-b622-c55f44893e2f", "relationship--e7afcb46-07bd-492e-902d-23c007fcda63", "relationship--dd94c443-fa27-44bc-bf6c-79af743f57e6", "relationship--e6da2216-b7dc-415d-8d24-15fb364415de", "relationship--a9f2a6ec-2d23-4c05-85c6-454092b3ebbb", "relationship--b0798e97-b625-44e8-9ea8-2356893f52a7", "relationship--0bd42405-f8e1-4bf1-803b-53ae06f01535", "relationship--f7eb8676-6f61-4ebe-846e-825bea095955", "relationship--8655313a-a6b2-4c0c-9d22-f62f24445292", "relationship--d4599b19-ee3c-41bb-b133-ba96655f0cb0", "relationship--613874a1-a7fc-4987-83cf-eaf97dcd7617", "relationship--02b9de6d-4fb9-4027-a2e6-0a9c1ee6ccc5", "relationship--b44477ef-79a6-47e4-a260-a7079d8ea9f0", "relationship--a34b000b-887a-4803-929b-90c058efbc15", "relationship--5e6fddc1-9e1d-49d3-9671-81a5cf0dadb6", "relationship--fdfd95ee-9897-45be-9b2c-9326d0080f4b", "relationship--93073bdc-9b00-4cc1-bd92-926689de5c85", "relationship--76061f1a-a560-44cd-ac0d-44773fe2a6fb", "relationship--dc1957a7-9ac5-436e-b107-cf45b3ea3258", "relationship--eaafca1d-4d51-48af-9f32-8861f4768ce8", "relationship--e9597d2b-0767-4485-94a3-a84d4df7b93d", "relationship--06de4e0c-e0c7-4793-b0d0-565fce928f04", "relationship--1ef66de2-303d-48fb-93d3-f3cf2ef658de", "relationship--3999e8bf-b5e3-40dd-8a57-4cd18e263ee9", "relationship--06490b25-3104-4e60-b102-677f460513fd", "relationship--c89caa8d-36f2-43b5-aaf6-da70b976b72f", "relationship--e992d08f-f705-4a6c-bca3-afffedf00740", "relationship--e719e380-137c-4fd1-9a46-c610c3274de7", "relationship--fafd2ae0-ead6-44aa-a819-55d67534aad6", "relationship--b9961d65-6ecc-4015-9e3b-1e5ce2ebc987", "relationship--81fa6932-de1e-4e87-9d9a-f4a292e1e5cf", "relationship--3912531c-b6c3-4f98-9675-a0d491bc400e", "relationship--25c92bfa-2b82-43e1-a683-4faf6a9cb49b", "relationship--831f5d0e-93cc-442d-b45f-97469a345cc9", "relationship--8102af8e-f7d7-4cc0-981f-fc86b4a81c05", "relationship--8df700d9-8497-4a5f-9959-02ded7c03b5a", "relationship--246b9102-f7c0-4f12-9157-6c859ae4aa02", "relationship--c61eaf69-06a7-47b0-8a6f-0595a106dd22", "relationship--a7405f69-989d-4866-b544-34403836e4ef", "relationship--e723253a-cef2-4c8c-80a7-20bc2ee3c3cf", "relationship--4040b049-c42d-42f3-8b1f-2a74321d1dcf", "relationship--dd7ff0a8-e425-4128-866f-f1c15e63ba19", "relationship--8db6a516-821b-4c63-9b82-6205489da8a7", "relationship--bbb483ca-d7ee-405a-86dd-3c5994a81a0c", "relationship--0dc26387-cd8f-420f-842f-a33b869db367", "relationship--5813f330-4e0f-4bc9-927c-05a1b08cb954", "relationship--34279216-57ad-4c0b-a685-6df54959198f", "relationship--00c0a506-b77f-41f9-a281-7b09c4a3d9fe", "relationship--c03a5549-8be3-4962-85ac-1893857c9734", "relationship--eb9a38de-da76-4a67-820e-54bf7ca54f1a", "relationship--458e285f-efce-4773-92d9-2960dabdf28d", "relationship--791fbd92-115d-4128-bce2-c1485fc31cf3", "relationship--3cefaed3-b776-4fa7-be53-02dec27b32b4", "relationship--a9f73867-e814-4fe0-b886-44dcb61433a7", "relationship--5f676361-8e08-4b61-bd71-6734ba43bc93", "relationship--8a1aef01-8bbc-48c9-9c4e-b63aefbc6847", "relationship--3f12b91f-ec78-4cf4-84e3-b94028d1ae5a", "relationship--e29390f1-31eb-482f-92ee-94af744817b6", "relationship--db63ff69-45e3-403a-898c-fa09f36040f6", "relationship--107200af-adfc-49b9-b7fb-ef86b332189c", "relationship--a91376a9-3be5-4fa3-9a37-a7fab098a338", "relationship--c8f85f5d-a434-4b1a-88d2-5c941ff1fd98", "relationship--79441846-5a37-4ec0-8231-a9b1d660e39f", "relationship--3c9a8371-18f7-4165-8a6c-725c1e14db3c", "relationship--5b330861-ce93-4ca5-b468-231efbf91d66", "relationship--8f8a339e-d2b3-456a-a59a-8fa9047859c0", "relationship--00159bb6-c614-41bb-a9fb-61afa92241ec", "relationship--a4427c4b-b0b0-495f-97c5-625645513465", "relationship--e925fca8-86f4-4e6e-a5e0-e390fcc37060", "relationship--378cc001-c710-4b13-9829-816601745ede", "relationship--d266739a-0963-490d-8e24-f8f79e2af26f", "relationship--c761dc58-87c4-4d5c-a319-12f037df3e3a", "relationship--dfb33360-1da9-4807-ac8f-b7df97072177", "relationship--4392111e-7315-4196-9e0e-95b6bfc38ee4", "relationship--e6efd9ad-e8d7-4067-9de5-7234c65c511b", "relationship--60e4b234-1df3-4678-ae94-3f73408797c9", "relationship--bd18420a-50f1-471d-bd60-7f80081e731c", "relationship--b3735638-152b-4dbb-8c6d-36ada816d6e4", "relationship--be263f1c-c844-499b-9a04-50e25f126a87", "relationship--9923c603-0643-4cc0-8700-ff5ccdd1d729", "relationship--e1180ed5-7468-484d-b1a3-89bc35f612df", "relationship--74a3ae8c-7c7e-4496-b9e9-6f6db9b15735", "relationship--4bf12644-81a0-4adc-aaae-06ee3b9bec4b", "relationship--3bff69ed-72e7-4209-b3ae-1f928b3278a0", "relationship--46434220-452b-48fd-b03c-f0ee3e985fcd", "relationship--de72f9e0-c74c-4e08-8746-bdadfd631a1a", "relationship--4c225dcd-ed1b-4593-8435-41c44f3e9a1c", "relationship--20affda8-7078-4e8a-a9a4-2b76bc305838", "relationship--b4c1bc3b-402b-4c90-bde9-89a601cc36da", "relationship--5eb29ca8-db31-4de9-9c21-f0033c23ec08", "relationship--d3e9dfcc-f195-4d97-8cd4-b4960ac254f2", "relationship--31990fdb-4efe-4aee-86e4-91c13cd6a5b5", "relationship--87a66743-b8ea-40a3-b2ff-d6fb05331229", "relationship--70d3bb82-e7bd-4476-b800-b36ec50c0c7c", "relationship--894b9a3a-3592-4007-9e70-32a3c50c1200", "relationship--5ac6d0d9-1770-41b8-99db-e38733a922b4", "relationship--a7e2e0f2-8366-468b-8c55-1f68b97a35b0", "relationship--e28d6cdf-36d3-4e32-88b1-9288d36d157f", "relationship--51715844-ee69-400c-9551-8beef8ba057b", "relationship--71f106b8-0d9f-499a-8d34-e168230e0b8c", "relationship--49caef16-9f0a-4a8e-91e5-8c0be4f640fb", "relationship--50a751e8-6bb0-47b0-a97c-2dff9bd855ce", "relationship--d37dc212-4c4e-441b-a674-9091d6526c82", "relationship--c4ba9fc8-8cfc-4c57-ac64-41efe56e8fc2", "relationship--816cad1d-30c1-462d-a90f-2bd4048c4d11", "relationship--c34d5adc-358d-4875-b238-82a5a495dbe9", "relationship--9060e89c-771e-40c8-adf4-51255a4fd956", "relationship--7329a703-f69e-4d86-830f-66abf83dd4e5", "relationship--ecb389a1-d901-4eab-8ca6-07208c37694d", "relationship--8a83608d-051b-469a-9528-f214145c6c88", "relationship--b1c019ab-7f28-44fc-b2f5-f232214749ed", "relationship--1cd0c3ea-bb4d-4234-960f-a66b80de65b7", "relationship--b88ce477-5705-4080-a5f4-4b347c0fcf31", "relationship--7ccb0237-78cf-4f4e-a8e4-4ddf12e2f1dd", "relationship--9dd91a4c-99a5-4d17-8935-8bc0585439ca", "relationship--2f1341ae-0d15-44ca-834c-d1617adaa43f", "relationship--7d17b2a6-19c5-4a2a-b647-044cf2d1ae4d", "relationship--efe7cf76-5561-4d84-8849-1d52c3b1ff3a", "relationship--6b1595f0-b9c7-4f5c-a05c-b5c2e808619e", "relationship--e855dfee-447e-4168-84f2-7de8dc9aac65", "relationship--eda9cdf0-38c6-4b18-bc59-b0e68ae1b4cf", "relationship--da66e3b8-6b0c-4278-b59f-60a2f23e54e3", "relationship--c902450f-05eb-4ffb-a5d4-772893aff514", "relationship--4c6135f8-23ca-4be3-9331-8f4d94c63d4d", "relationship--577b6731-87fb-4f43-803f-0080c0ffce0e", "relationship--abe0dcd6-9066-493c-b9b0-9475897aabde", "relationship--85357a3b-05c5-495d-9c16-ea2e4f3a700c", "relationship--7bad20d5-aa31-4a37-afb0-52b5428638c3", "relationship--2084cb20-c432-4d13-8427-910211dfa0cc", "relationship--34c6edc8-4eb3-4fad-9c19-6785be35238b", "relationship--62f123b7-2d5b-4328-ab00-f32317ba3acb", "relationship--b618fa2a-25b9-49f6-84f5-533367918aca", "relationship--3d8a1758-3821-4f46-a8c9-1e1e40ec38f3", "relationship--49cd63b9-1dbe-4bfc-b6b8-4305c4b5a739", "relationship--5619664b-96ff-4a5c-bcb1-d948e706b543", "relationship--ae51e2f0-90b0-4eb5-9439-dfbd96ba905d", "relationship--478b9668-b790-4db0-90ee-cbaeaa920e67", "relationship--e690c455-7876-4d1a-a04e-238861603a31", "relationship--3f15e800-8246-484f-84e6-2670dfebb3e1", "relationship--d9d75675-9c70-4f4f-bae5-1c89fba1bdb9", "relationship--86bab45f-6455-4689-b820-92fd383fe51b", "relationship--586b1e90-a000-46cc-9c26-955e10edd99a", "relationship--6a595b11-5bea-472d-8247-725d20425ece", "relationship--a9ff0c17-cd20-4ba2-83ce-acc491a9afe1", "relationship--441758bc-2947-4ac1-a8a6-e315f4bdeddb", "relationship--0bfe7c96-27fe-4771-963b-aaf30bcdb6e8", "relationship--53de47f5-a2e1-40d5-8b62-cd6eeec41579", "relationship--25e42a77-9c60-4467-bb3c-a848a3863096", "relationship--00fbf7b3-daa6-468e-8900-f7f5b9877dde", "relationship--5e4c13e2-0095-4702-b8aa-963d4c4dad31", "relationship--21491377-82e8-4653-9aff-92df5f48528b", "relationship--cb820c67-aebc-458f-81f7-3bd6140ade2c", "relationship--0c7aed56-ab88-4558-92ee-887f305a097f", "relationship--0b0246d7-8a42-4d24-8591-8fae41395682", "relationship--788af696-c319-4468-a3ba-8af28e667a51", "relationship--e70960c1-8d38-432e-bf89-0360f0bb4f94", "relationship--16c84f9f-5fe0-45f1-9cf3-f460928227d3", "relationship--c09b5e6a-bc46-47a5-9b98-2c47afcc9fb7", "relationship--ce762c1b-4b87-4f66-8595-d0552c79c469", "relationship--f0adcdbf-3680-44a7-b8f8-81fdef89c4ff", "relationship--c81d7866-942b-41f2-b126-b187fe7cb133", "relationship--60b4abe8-236e-4a68-bfc2-d55f2e0db9cd", "relationship--c6a7a508-b690-423b-a194-7bf2c609699b", "relationship--7175af80-b66b-4003-876f-cc606509f5f0", "relationship--d0fc2de7-7334-4afd-922c-d05e968cd4e1", "relationship--913e36fc-c58c-47d8-9fd0-f9ded42909f0", "relationship--e749f979-11d0-46de-96a1-b3e99a13504a", "relationship--dd2fad01-a6f6-4b67-a1f3-753f8e4cb3ec", "relationship--e205efd9-32ed-40bf-8df8-d8b7ee304259", "relationship--4b80dd16-2eb3-400a-9d97-b7d6d84fa50e", "relationship--bdebc564-dd0e-4693-9098-ecfc9e705796", "relationship--26c688b3-8d2c-401e-8f92-47513b868718", "relationship--44cf549e-104a-43fd-a4b2-ab5cb33cb3b6", "relationship--b44125d3-dbb4-45f5-b7d7-40573c3030e7", "relationship--850afa46-43d1-48d3-b918-23127373601a", "relationship--9577883b-4da2-4b4f-8071-75262e371837", "relationship--89ab1d34-c98a-4c53-bb35-c3cc73fb912a", "relationship--3bd76427-2e49-4810-a2a3-7e817444082a", "relationship--b0e66878-b6fb-4006-b192-9bf1034561c1", "relationship--e321e0a4-bec5-4df1-8ef9-c7af5d36e704", "relationship--1b48bd2a-7862-412a-9f77-7312ff67730a", "relationship--7a574d2e-94b6-43f8-b6f4-434db9161d87", "relationship--6665cabb-046a-44ff-8e82-a1c8e43ac585", "relationship--2c3639eb-57d2-4ec2-935b-4fc99fff3c74", "relationship--e1f3239e-f4c0-485b-b8e4-18f9f07a2b91", "relationship--9dedebfd-3690-4167-8aae-4157ea587097", "relationship--d5afe724-1e36-47f8-88f0-8d6401117633", "relationship--452d0efa-e616-4d04-b843-6fe00d18d220", "relationship--44d2b1b9-5bbf-4e59-8f9c-e53b4ab705b7", "relationship--b7f6d1e3-cf93-4962-a941-3b71ead2d768", "relationship--208bf0eb-329e-4c14-a57b-3f74b746e03a", "relationship--68980f57-010a-409d-8bad-5026de764302", "relationship--3304043f-e3e1-461b-b13e-368018596b87", "relationship--a8706368-2559-4303-802e-f7554c4b09b0", "relationship--5d1166e6-fb39-4f92-a5ca-50cd1c74acd8", "relationship--ec043fea-936f-4258-bc25-c9aecb0cc984", "relationship--0b621ded-929c-44f3-a0df-99c5d1dd51d0", "relationship--462a4ec9-a22f-4dbf-b435-cd6c56cc72a8", "relationship--bb621311-9ebb-4b1b-a890-253d394e9314", "relationship--e69a30ea-d4fb-47b0-95b4-0b88ee3f6761", "relationship--50fb229b-aa9c-4b27-8b51-398c10c503c7", "relationship--3f1b80a2-47c1-46f5-95c6-10f7e61452b5", "relationship--e02102d8-233d-4223-861b-c8a9c7f27c22", "relationship--0c9d3892-a48f-4915-ba50-1f95b8b563a3", "relationship--30f66c4f-4b48-4dae-ad6d-dd49a02b6f6e", "relationship--efb7893f-cec6-47ad-b729-506f27e213f3", "relationship--326cff49-36ad-4a79-acf3-7c9b9d743c08", "relationship--6a21cf36-1e1d-4e1e-b408-a0620f247f44", "relationship--8691ac9b-40ff-49bf-b239-ac1834a4dbed", "relationship--2193ccc9-3337-4315-b04a-437d56ed25a4", "relationship--914d613b-fc62-47a4-81ff-99db2ad1fdd7", "relationship--5dab77bb-f0e9-4232-870f-1c1cc59b8487", "relationship--d6ed623c-1be4-493d-9554-db8275f8714d", "relationship--e22e630f-e2b1-4215-967f-206ce6f7bddc", "relationship--68634cc8-5ff4-4ade-bed6-9fbb30da1950", "relationship--3848d30a-5404-417b-9b68-7b49ac7b131d", "relationship--965c69a8-d953-4a03-90ca-a7520919fb8e", "relationship--3e06c40d-f47a-4435-8d8e-15a039188873", "relationship--9a60607d-f7b0-432e-bf1d-cbefe3d0b23b", "relationship--0b100230-532a-41e9-98fc-fbd101c3f50d", "relationship--8cb22668-a2c3-4649-b8ad-c3281f82512c", "relationship--77ba10d8-6f73-4637-80e7-589f5712f93f", "relationship--ed27fa55-a7f5-47ec-b02d-b46ccf0412ef", "relationship--d31b5fb8-57d1-46b5-a834-fc4bfa14586a", "relationship--b97c40ec-89f4-47d7-a859-9c7e67a722cc", "relationship--5663de26-0644-4426-a8c3-8309a759394d", "relationship--3184ddae-9ea6-4ca3-87e9-9bad27812deb", "relationship--c5ceafaa-fe26-4d1c-aad3-8f3da22c8531", "relationship--627ac82b-0af3-4d93-a0b1-846dd20f588f", "relationship--cd58d2ec-0297-4211-8966-55f52aea2fe6", "relationship--02a35f6c-ed9f-4a53-8e46-8f9d2ca4b3cb", "relationship--d6368af9-88b8-4e55-b0c8-0020919a03cd", "relationship--530fad53-401c-473b-bf15-337c68d68fcf", "relationship--4739aacf-52b5-4bde-b89f-55af05fb1333", "relationship--5168819c-cf51-451d-864b-37d06d211ca3", "relationship--8eef494d-038e-4529-ba9f-c9fdb2ec93e3", "relationship--5c7dab50-2c82-404d-ae4f-174406ff016f", "relationship--ae6656f1-7d40-4b03-81ed-673487e6dc36", "relationship--c1214c5d-0aa0-4d57-b760-57d9bdac4bc3", "relationship--5c7c4823-ec2b-46e3-b193-ebd708f58cf9", "relationship--5cc2f7dd-d9bb-4003-a149-f66731e3afcd", "relationship--f3310f75-900e-4a1a-89ac-a80e00ce1bde", "relationship--05dd5b75-616b-42b3-9a0c-7ec298074d11", "relationship--ccd9d27f-08ab-4d2a-97e7-c97775f9b778", "relationship--e3d88e71-c2c9-4414-9f0b-89d07de473bd", "relationship--39024320-0cd9-448c-8629-9a710144294c", "relationship--ce6a8311-1df6-45a3-ba3a-85dc02fc8915", "relationship--adf0cc11-8b99-43c1-9fe6-cb6b7ad3418d", "relationship--d8e24d8f-9f94-4493-80a4-63d9bf674d1e", "relationship--a31895e3-457e-4bd3-aed2-6fcfb2834e61", "relationship--727762c3-39ec-470b-a112-76def61d67bf", "relationship--2dd12abf-160a-4e51-938a-97f4efb4e994", "relationship--f864e8af-727f-4cff-8768-02fa1ee14825", "relationship--64c5e628-c30f-4815-bfb8-d764113a214e", "relationship--fc425871-c98c-4c4c-829f-754a823e0679", "relationship--11831234-eef7-4e46-b0c8-0cdbb9773a77", "relationship--31277766-e831-4381-8cea-3afba68f45e6", "relationship--42ca48c3-8b57-4eef-a102-3cdb5f6e2294", "relationship--107d9882-c67e-479d-9d04-d3ac902cdf13", "relationship--adab5276-1ddb-4bc8-b1f0-14a90175586f", "relationship--bd467df3-c40d-47b5-a634-f5f9eb5910aa", "relationship--1ef28b5c-d535-4e24-80e1-e06e29d68107", "relationship--5a6835fa-d0d7-4054-88e0-febdba76422e", "relationship--b5b4e7e6-8b56-4073-a565-9e7e8afbbd43", "relationship--822a1184-c995-4833-948b-c77a52e6ff02", "relationship--5cccbe77-042c-4b01-96cf-f46e36cb9970", "relationship--7097b7de-ba8b-4c51-b99d-45873c4434ea", "relationship--bbdb0666-ef15-462f-90e5-6f81972ea583", "relationship--91260347-22db-4b6c-bf01-7e6764fcba92", "relationship--a60ae6d1-2a02-493b-b979-941c8a7908e5", "relationship--337d1fec-2d9a-4051-8b8f-4d1d319f722f", "relationship--fbd05a15-a5b5-49ef-90a5-e5e3fde505ae", "relationship--efd0e419-3670-4bf9-a173-8068a9a0d463", "relationship--4c300d37-a997-42bb-8dab-1903a39071e4", "relationship--620fdfe4-7d55-44d0-b1de-8ab0290f643a", "relationship--fb4ce7c2-977d-4d37-a858-66b40ac047a6", "relationship--ee577004-63a1-4c78-9c49-deb448601a86", "relationship--8f4c946d-dc91-4c69-8d4a-e52afddf335b", "relationship--028fa5c1-969d-4927-99e5-632223cb7068", "relationship--2d9fdd5a-dbd0-4b02-bcbb-1650ad76f95b", "relationship--a2a97fc1-9153-40c4-9d44-f8c2691258fd", "relationship--49dd34d3-3c0b-41b0-b1f1-689908fdca3e", "relationship--356babcd-f120-4338-8609-71779f5f8c68", "relationship--c5b9db4f-efec-4011-99e6-795b4b1fdb69", "relationship--efe699b5-b3ba-43bf-9a6c-2fe886a329f3", "relationship--35f16f10-8a24-42f8-aba5-d74f2b45c3eb", "relationship--54ff57e0-4e48-446f-8966-815b037c734a", "relationship--c7b30a9e-7cf7-41eb-90de-09477ef6616a", "relationship--0d97b8e4-0aa2-4cef-8da4-e493233fb7f6", "relationship--aa95261f-d568-448c-8f50-5448a09e0ab4", "relationship--69042081-f52c-4258-9cf2-ec2b7e847202", "relationship--0b712f0f-8e85-4634-93fe-c7a8c91013cd", "relationship--3a91f4f2-ec95-418f-8ff8-fd26e3bf2dfb", "relationship--eccef1b3-a4cf-4401-9bfb-0145ca411dc5", "relationship--67172cfe-ef50-4f67-b6b4-eafa4e67811e", "relationship--3a1c20c2-a1b0-4d57-b4ba-c0310b553553", "relationship--75172c86-c352-4dec-b238-8fe2b82ee374", "relationship--7f9bffcb-ba56-4126-a96f-478c869b4b1c", "relationship--603aeb10-2280-4cc9-ba27-652de693a645", "relationship--c1bbee3d-2922-4611-a6b3-678009d2832c", "relationship--e155f0ac-280c-4568-9ec8-f3c38b7612bb", "relationship--6d2b6463-113f-430b-89d1-6dddfff000d8", "relationship--42c05493-d5b0-4cd4-9644-b1aa7d3cbc93", "relationship--83fbef9a-a369-40c9-bfbc-db7b3653022c", "relationship--5a2378ed-2e2e-4349-bc71-54ab83667680", "relationship--b6d016f5-2ce5-4043-88b9-a969c8a971be", "relationship--aaf4192e-af80-43db-b61a-bc27ed070e1b", "relationship--28ac2f9c-b095-4148-a694-1999671c8a84", "relationship--2f701f0d-e10f-4bac-947c-36521bfa55cd", "relationship--d90c6f45-94a1-469a-aaa1-fec741fa4373", "relationship--cec6d0d5-1ddc-4cfa-bebe-083b8dae99f6", "relationship--2d65c625-275e-43ab-9451-1515235a5804", "relationship--5d81a6d8-e3e4-4885-9415-41dec2298822", "relationship--4fdb3af0-75cf-486a-a773-0644f381c969", "relationship--dfc62e87-e5e6-41a6-9d47-3e6ba4880a4f", "relationship--750fc50c-0835-4218-ae6b-5c816d6335f6", "relationship--92c8ba03-d6bb-41ce-997e-dbc3f0656092", "relationship--a5f3a19a-46bd-4734-93f6-19f2e0d4ec69", "relationship--989cc3bc-34ba-41bd-a37c-93260fc5383e", "relationship--8a7d26be-93cf-4dc0-ac55-491775c73073", "relationship--8221258d-c635-422a-8e5c-c321fdd08f2d", "relationship--7f42a562-e6e5-48f7-b3d0-8b13f2ede73f", "relationship--73374dcf-2a68-4bfd-accf-7d2f98128776", "relationship--5f7eebb9-7a0b-4a84-9eb2-e7818428853f", "relationship--7f88e38b-fc2d-4d6c-b757-a01380302623", "relationship--ae1d2d67-730e-46df-9d8d-e2527d648bee", "relationship--94f29293-5c36-4b9a-9d9a-eb7955935165", "relationship--018200f5-38b6-47ab-a27e-7711210a1144", "relationship--52bdb0bc-2697-4caa-a378-fd478c51150b", "relationship--139a1847-caca-493a-aacd-1bf7f7f96aa7", "relationship--678830ed-d8cf-4b45-b60f-ea688a4dbecd", "relationship--ff6ebf76-90a7-47bf-8f71-7d73de5924bd", "relationship--034888c8-3dae-481c-aadd-1309cf5ee82d", "relationship--464acf32-b784-4a9a-97cd-30dfb7113635", "relationship--916d9789-6064-44d2-8493-ed866d51d8e8", "relationship--babc4440-eea0-471e-bb8b-a1bf9215a89d", "relationship--776c56bf-b0a0-4368-848a-327f72f63d13", "relationship--47890445-a74d-425b-9b66-ba4a0d98028f", "relationship--f664e7c6-b5c2-4f38-a969-6a137291fd1a", "relationship--21ff9040-5cb5-4662-8130-1bf3ba3c08db", "relationship--d7838b14-9fa6-4d73-bad4-fbb55736e67e", "relationship--3b0d74de-de59-4537-881c-6e58c36f2045", "relationship--b640d663-1439-45f1-84a4-c7290c70b979", "relationship--d5b47a4b-14a9-44d4-b137-a86c5b9ba88d", "relationship--49d6db97-e610-4602-ae6e-d1173004234f", "relationship--fdf263cf-285b-4fb2-88d0-a06896ffe490", "relationship--d7fcfba1-15e2-4277-8a86-66d43067a0bf", "relationship--f3814174-0329-46be-b60d-4404bfac152f", "relationship--c74b9fbc-c58f-4f93-9fe4-8fc8e41738cb", "relationship--f02c6c1d-9821-4c6a-a860-44a7ced125b6", "relationship--c4ac8e37-aa1e-43e2-8908-8cc2c55fd74c", "relationship--1b40368a-539a-43d1-9cee-99ff235aeff7", "relationship--b49eaf13-dd98-4e45-a9d9-56b31696d2d6", "relationship--a79c3212-a2d8-4aa7-877e-f68bfec8411c", "relationship--b4de9b59-eee9-4a74-a17d-6daa6beb5473", "relationship--d8a325aa-da02-4150-9931-58fd53ccfdb0", "relationship--204d0be3-9f72-4045-a0f2-600e1ee926b0", "relationship--beaa2e8a-2065-4578-b338-45f3e80297fe", "relationship--5eccb1cd-d3dc-43a8-8f85-fd21137a0896", "relationship--4642234c-79f6-4e04-83b1-fdf2265d9fdd", "relationship--69084b02-cceb-4692-ab60-77816ad8ed2e", "relationship--dab25762-6228-465c-9134-698c9275d8c4", "relationship--706a5a52-7629-42a5-9e68-42bebd6fc978", "relationship--b7672071-1f3e-4d11-8a01-be7c506c9d3b", "relationship--ccef0a38-fc04-40bd-8d60-4381cbe62743", "relationship--a442f070-229f-4946-bd29-b04445d8bbb7", "relationship--26e6f507-81cc-4fa5-9e76-3d7168c56b9b", "relationship--92910d74-a901-4daa-b563-a058878b0def", "relationship--6581dc30-5f20-4c7a-b459-fc4be29894ac", "relationship--c369f10e-331e-4a28-ab43-f2d1e26040dc", "relationship--c50f8f97-dae6-4058-988e-8547d595fb14", "relationship--21619c1c-72da-403d-a644-d28cf9c00c5d", "relationship--1859f0b0-f1df-4694-8210-f26b019a83fd", "relationship--b1920bb3-c669-459d-8c20-d639f71f4eba", "relationship--fc77f451-add0-4bf5-93c5-69f8a47656a6", "relationship--3e146d33-b415-44a2-88a8-2c09b3ac7ad9", "relationship--8f383a91-f748-476d-ae90-069c66741c70", "relationship--4630a679-8dbc-41ed-a29e-bcd1c6380f61", "relationship--9dbc6235-760d-447f-ac49-921e626b1324", "relationship--37448beb-00a0-4a47-a488-1f65149e4601", "relationship--8ed032aa-158f-4c69-8662-e276e0b654c9", "relationship--8f3ec54d-7a0b-415a-a61e-befbcf54bb64", "relationship--769e6504-601f-4181-8076-175f6e455f8a", "relationship--dc4e2617-d548-4b3c-932f-2f647b8fbf78", "relationship--7b16702f-cf15-4a98-be2d-30631574182f", "relationship--042ba9e7-e0a4-4dcc-ada8-c0a90b2b1173", "relationship--79db3719-de7e-45ea-91fa-0943c2a4037f", "relationship--4a96d669-bcde-4f4f-8eb8-f615902f6d45", "relationship--42a4b521-c445-491c-a35f-a9c168d5d7d6", "relationship--6dfbc71d-0c09-4750-b949-df6610e5f68e", "relationship--99aed4ce-1173-4314-8646-b1724c1fe30c", "relationship--ba14fefe-37aa-4bf2-8a5e-92e6791d3100", "relationship--ded0f96c-3764-4b47-9e48-ae4703452e98", "relationship--45d90e07-b7ef-412c-9e5f-d3e4286b14bd", "relationship--2f70c08e-8ce6-4755-b557-db32bc3105fc", "relationship--d191ad43-b88f-4f29-9cb5-b25920b2f171", "relationship--302ef3ad-76c2-49e3-a089-f2de4773cedd", "relationship--476dd40c-8674-4af6-b889-49333eda1d8c", "relationship--f0bb85d0-76a6-492b-a155-0f3f425ce341", "relationship--dc4461bf-f3f4-49ac-bedb-b84ff454baf2", "relationship--076e28f9-1091-44ed-976f-4a29437f077e", "relationship--a2ffdda9-3f1d-4e3f-baa1-8728810dbe98", "relationship--3544a842-dacb-4f7f-885a-4a5ad55b80cc", "relationship--d2dac58c-af80-41f3-8614-58af0bed4cde", "relationship--4eaba8bc-28a8-40cb-a90c-76920413cfb6", "relationship--37d39e84-9ee2-4a5b-a31c-a073b1b5ed4f", "relationship--6bc8c489-3291-458c-ab69-99d235b5fd79", "relationship--0a1779ef-941c-441a-a4e9-a6d7edb83b5f", "relationship--ce9483c0-2045-4683-a123-491220d285ef", "relationship--54a3998a-8c27-4a8e-b73d-85ecbdc0bb8c", "relationship--3e127cf3-d07e-485a-85ce-2975c164f2de", "relationship--9cf31e71-9483-41c8-8eba-d11849782656", "relationship--cdac9962-603e-41f0-8535-e82125213888", "relationship--a4257893-2c96-4e1d-b050-c1399218afeb", "relationship--76eecab5-64ca-4b64-829e-13dfadac5e40", "relationship--6723e81d-3222-450f-80a6-2cde415694b0", "relationship--0ba4731e-6303-4e2c-a39f-600f9d307d15", "relationship--e724c6e7-c48a-4f89-8f37-9613e82f8213", "relationship--bb6f170c-847c-4df2-956d-b2742af0ec54", "relationship--2c81b1e0-ff19-4d0d-a7bc-72c059e3f7cf", "relationship--7747b660-c017-4aac-accc-cad40fb26b85", "relationship--bf3d5fda-2bad-4408-8126-b6dfa9a22834", "relationship--5e711b90-a603-47ce-bf4e-4e95c2443470", "relationship--0d6c1847-690a-441d-8ea4-21933eb8037e", "relationship--f6b29794-e0e2-4696-ab53-663b59b1d077", "relationship--743b6e6d-a278-46a0-9dcc-8f247a9baf4c", "relationship--773f65a6-91aa-4280-b45a-665e2e598030", "relationship--c7b59a5b-1414-4148-9bd0-015aa9411c40", "relationship--50953fba-aff4-48b0-8345-3156a2d86754", "relationship--bd89841d-d694-4523-8611-f6a8a7e920fa", "relationship--092c5785-e229-41ff-b3e4-292f039a8f42", "relationship--05c89133-49c3-4150-a149-76a17ff996f7", "relationship--ef1f8736-a31c-4849-86c8-c20caf02fc1e", "relationship--1292f9cd-00c9-4d19-a867-e396f3620761", "relationship--f9d60177-2a8c-4c74-9e69-9514a90d374c", "relationship--c1aea908-9ee8-4991-a499-0926340aebd2", "relationship--28abf663-2b60-402b-82f3-35497643daa8", "relationship--f99029d8-2b4c-4f67-b702-a5162dc036ba", "relationship--064eaf97-e9b9-4b59-8092-3eeab7aa16bc", "relationship--f947f135-84e3-44a6-890d-ed81083959a6", "relationship--2f7fb442-c497-4114-a5a2-e9ac484e2612", "relationship--1be169da-4a5b-4243-82a4-d46d43243f54", "relationship--035a0c8d-5a5b-48b2-ba11-4d7f309a2e89", "relationship--7cbe3217-c207-49ba-b511-a8b4eed6f149", "relationship--0da63f33-7645-4a36-bcb6-c3a3f5c576f4", "relationship--d457b383-c9cb-4f65-bb2d-ebcd30722d2a", "relationship--d6793eff-a7f8-44cc-9c0e-68b45e4b8ac5", "relationship--71d7002b-3778-450f-ad3b-aa8d492fea51", "relationship--4732a2b4-5483-4432-bdc7-b7ae8d29a4d5", "relationship--e39b77d2-017f-4a5f-819b-5513e0a61a9c", "relationship--1484ee25-f973-41c2-95b8-9a47feec40bb", "relationship--14a43e0c-9749-4712-a149-ab8807396bb9", "relationship--8eebc5ad-2a83-4321-a795-65e6449a14f0", "relationship--174a9b63-2438-4657-b718-7e74c6461f5c", "relationship--2c723027-d43a-4bc4-98c2-12caa0f336f8", "relationship--2a7b3cd6-bfa0-45ff-950e-aaabcfaec55c", "relationship--6c692f09-af9a-4d85-a6e5-729b7eaa0e60", "relationship--21aa3df8-ffad-40cf-85d8-051bb10abe6a", "relationship--a021aeb3-9204-4a3b-bb67-d37f60082e44", "relationship--327edc09-cffb-4f7a-8031-69367a2e987f", "relationship--016112c8-e3c3-49b5-a32a-aea657028bf4", "relationship--25334719-6c7f-4055-9cd3-3439f6fb5475", "relationship--095a55cd-c169-4761-a4a1-8d9937f34b3e", "relationship--fe8a4ea2-b515-4296-b4d0-0f479b3f81f3", "relationship--ed89161a-f8e4-4dd7-9ff1-f810093c0a1a", "relationship--4ec63609-0592-4889-9630-86ea474b170e", "relationship--28693876-219e-4063-b37e-411fc77c7679", "relationship--e3295e05-50ae-468f-9113-7c56cfe9650f", "relationship--e87c78d4-290f-4019-8710-f3b5a80ad6db", "relationship--e4ca93f4-0274-4c89-9698-2e3b3cbab189", "relationship--10167ea3-aab8-4f74-8cff-451aefc4a950", "relationship--0ff97d15-d6d5-473b-8347-0e85f33aeb3a", "relationship--30ed4499-5844-4579-9088-4c7412ce7b9b", "relationship--2bd985c7-9dd9-421e-aa36-0925419dec9a", "relationship--73aa736a-5880-402a-8d12-d9a18ae99a30", "relationship--c44fdf8c-e865-4181-9bf1-eec3b05cdfbb", "relationship--581e5d1c-398c-443b-8ef4-df757ebd4520", "relationship--ed5df317-4417-428c-b198-0704a214e112", "relationship--62073309-41c9-429b-bd73-d44dd8826a1d", "relationship--52544857-03f9-4a46-9eed-310e7f3e3b74", "relationship--f70de6fd-ee3e-455c-bfa1-e73ed7d59249", "relationship--5640370e-a549-457b-90b4-52929b148e00", "relationship--8081be2a-2b1e-4fe4-8a84-9abceddb530c", "relationship--9f18cc04-e1e7-414c-83cb-240abc88d729", "relationship--a6dd4cf0-e22a-4418-8683-6adaf957ec70", "relationship--49a7eda0-9175-4a90-8e01-818cfe1306a2", "relationship--78f1ac68-2e8a-483c-b6ca-f3fbc9e76f6e", "relationship--03bed81e-ac9c-4427-b0d1-2cbf49cc0d62", "relationship--aa2dcede-b50c-4beb-a2e4-0f94b3395f89", "relationship--3a381af3-b5fd-4941-9f01-42d17276afcd", "relationship--6eb04b8b-9028-4d95-8f69-488b7fa6efe0", "relationship--dbb3351e-b39d-46e1-a842-095c6cb9a8f5", "relationship--8e157cc9-c5c9-4792-bd47-176f6e72ee8d", "relationship--c99e9146-2475-4425-b8e4-4cf3de427909", "relationship--b6b090cc-08b9-4d66-8fdd-9654f7e56d2d", "relationship--87a5a335-05e1-4d2f-9354-1b5f94a1abb9", "relationship--755389c3-cc95-4183-9525-9a71f85b4fc5", "relationship--e4aef750-255b-4090-b654-7587b992d0bb", "relationship--2f5996ab-9c61-4e60-a5cb-0951356546d1", "relationship--a516eb3a-6502-415d-abc7-ce417026d1ae", "relationship--0c721160-baa4-4fe8-8f1e-d4edbcd64046", "relationship--aebb4542-2ad7-43ee-bcb7-8d462c35cda4", "relationship--c973f9d9-d088-4e9d-a793-720aa8015475", "relationship--2f5dc835-cca6-49ec-96d4-bcb3bd50a577", "relationship--92034e68-9f19-4687-86f4-5fde0434ec3e", "relationship--9bbe7360-a496-4f4c-910b-5e6c36b117c7", "relationship--df4a8f87-4665-4950-aa64-a4f3e14492a2", "relationship--9ef57d23-9449-4d2b-aeb7-b731d8ab9faf", "relationship--532014a9-2007-4519-875a-c2bdb62b7aeb", "relationship--485681cd-03f3-4337-af4c-ba38573c9c9a", "relationship--0377d437-3097-4e2f-9a9c-2e976d10ad36", "relationship--900e1679-3edc-4bde-992b-aa37c71215ce", "relationship--a8374e6d-f8c5-4a1d-b888-0821dd9820aa", "relationship--b34f9b5a-0d2a-474a-983f-4f74d95ced36", "relationship--8d3e414f-03c1-41a6-bf76-b85e0711755c", "relationship--2f19b3ab-3646-4ad7-b113-ed5a826d1c7b", "relationship--377d5dda-aa68-4195-b566-3f9f48d5291e", "relationship--624d0134-f3ce-4634-99c9-5164b961679b", "relationship--a39deed3-0e67-4313-8d87-b23356179b89", "relationship--cfc8d081-54d8-46a5-91cf-730e80584eeb", "relationship--ae6baf82-cf24-4cbb-8327-7eb2b442f024", "relationship--29a483e2-ba30-4de9-955b-b80632e805d6", "relationship--25c8b173-5de4-4d66-999e-01bd4013a76f", "relationship--6b3e0096-4f91-46bc-bd5a-f105269bdcf6", "relationship--072c295d-8a7c-46fd-9963-7de7e8c30e6c", "relationship--c274bffa-b071-4de5-8cef-53a0be471d3b", "relationship--d4546592-1090-41b3-96de-e8a98919ec0e", "relationship--250c524e-b9b8-4f36-89b6-c0207fd1c56a", "relationship--3d0b616c-1662-4bbe-ae15-cf3d8bcca0ad", "relationship--3bab0dcb-4795-40bc-8513-d8632e04d02d", "relationship--3d543979-6901-4703-aa2e-1e9d8963d114", "relationship--318bab73-20f2-44dd-b44f-79f96e31a710", "relationship--0c4890f1-2f11-4d30-8c46-c3f6993e691c", "relationship--e2c2c8d8-a112-4915-9eed-f3ff51dd5744", "relationship--49878b19-dc10-4fb0-848a-d765858d5530", "relationship--6802d520-6993-4746-804e-9f8cbe34440d", "relationship--4de25f77-d966-4f53-acfd-448f78edecf9", "relationship--900eea6c-1b7e-4dbd-a7ce-ba2cdf0b8de6", "relationship--32c8f674-fc02-472b-ab16-a10cc1ed83af", "relationship--c7f0d3ad-90a0-4fb5-81ce-c91cc33f6e37", "relationship--5a6a3c7a-56f7-4f02-a7ea-fe862d0a421e", "relationship--0dc25c96-fb35-49c6-aeb7-d39a68e6d5b7", "relationship--0ca4392c-4a44-43d0-9b95-691f0bc2bf62", "relationship--0e7099c4-2ba2-4093-97f2-5a991281ec16", "relationship--c699bcca-1f6a-4c9f-b5ab-2f923456f021", "relationship--63acefdb-13d8-4221-b86b-223284341977", "relationship--104d3dc5-ef17-4b87-bfaf-ff9eb9f812f3", "relationship--60db353f-9de8-407c-b252-2e803558b164", "relationship--9a6fe723-7a89-48d6-b158-1c10ac8fbddd", "relationship--53aa9558-b3d0-4a7f-81f8-38cdd5f2b4c1", "relationship--f5ecf604-abf7-401a-9ce6-6d382fecc7ee", "relationship--109879ee-2993-4bb3-a076-dfce2acfc2e7", "relationship--0c707b99-e3a1-4208-bcb3-6ac4518d8a63", "relationship--53cb4856-022b-4ef3-8604-6ad7d5d30a61", "relationship--efcb7ef8-4fec-4cea-afb7-7a8229e2878a", "relationship--c7b042f5-e8f7-4473-82a7-35094e9c0d19", "relationship--7d122bc3-09b1-441f-a239-cf35f05fc7f4", "relationship--01055090-74bf-443a-9481-5e56002810b8", "relationship--09550e3a-0c57-4ea7-933a-7938504259ce", "relationship--3a9bb78c-3684-4f96-b78f-c6c34572649e", "relationship--c7fc2dc3-9a25-46e1-b35c-6c2a2e90b770", "relationship--8e5a8503-2229-4ec8-8282-452c74da7cbe", "relationship--94db20e2-3091-45a7-8e32-1b0d8fd5ec6d", "relationship--79bcc0b5-e2a0-47f3-8ed3-2c20c49e607d", "relationship--7a96fd8e-1719-495a-bba5-aeb00ff7952f", "relationship--5fa3e39f-1199-4b24-a5a1-c40c1c3473b1", "relationship--23f8e601-edbf-47e6-b8a5-090e3be3e92f", "relationship--cf7edad2-e0aa-43a0-9b0f-1ac8a8a9e759", "relationship--0282b8ad-9245-49d2-b728-3ff2536ad6a3", "relationship--558e256b-69ce-4a84-bda7-2e2e80158fa3", "relationship--56cf9923-c9d4-4e26-a9d5-4228efe1199f", "relationship--cca99e89-080e-4cf2-bb9c-996211ad1904", "relationship--98e58653-58b8-4e8e-aefe-239c799156bf", "relationship--4db579bb-96f9-49c7-9481-3e4163b087b1", "relationship--ecbbd66b-9428-4705-9d7b-ba7478789a65", "relationship--6253a2e4-67ed-460c-a1f9-c8c41c2c14a9", "relationship--ed7a330e-9ba6-4af9-98c2-4f58783ce99e", "relationship--ef05df7e-6a37-457b-90df-ea6a8a08af96", "relationship--d11eab10-aa8d-4613-b718-d364b991fe93", "relationship--16d3b333-3432-4ad3-ba44-8ee8f7382c7c", "relationship--18509a32-ff9b-4ae5-9fa5-346d07020ac5", "relationship--79e47351-6feb-467b-87cb-c6eef9932b3a", "relationship--2b2b79c8-b969-4985-a9a7-0c3725655903", "relationship--762e36a8-d0dc-4774-887a-3f6179ad624e", "relationship--8932455c-fec0-4f5b-b4bc-0e5b723ad2e3", "relationship--61c2d27c-55c4-429f-a38e-3c93c395702a", "relationship--56e51c8e-acbd-404e-8ef4-d81bcd4807d0", "relationship--b8e6b00d-3ff4-4fbd-a8c1-ffa6a0dbc0f1", "relationship--df8a9d9f-adac-4436-8fed-608a74cf0fda", "relationship--0c167aaf-12fb-4914-9e1b-65a98d4177f7", "relationship--5eec21d0-6020-4465-8e2c-646b22a0cac6", "relationship--3490198e-7499-4062-9f0f-0dda6308b41f", "relationship--aad8f59f-800c-4a35-a50f-4a021360c1ed", "relationship--e736be44-6728-4cd1-986a-1ba1b548596a", "relationship--1c7321c7-7e4b-49d5-ae60-5620bc960258", "relationship--d87c5869-3f6b-4fb2-aeea-bc708eb9e9dc", "relationship--255cbfbd-8f5a-465b-85ee-05e31062395b", "relationship--76679ff9-b667-4c86-9d76-c9e5a6bf2aad", "relationship--2d2e0193-0507-42a9-a154-0f475d21d142", "relationship--ff3e676f-422b-406c-9c6c-17fdeb71cb46", "relationship--32410b2d-c470-4468-9f85-1da9b2b9e312", "relationship--211306bc-ebb3-4426-a087-ff1a2dd5df38", "relationship--9cab9433-59aa-4c81-b76f-46f78d75d82e", "relationship--b88b6b46-0b55-4596-b7b8-b0899be281f8", "relationship--98bb64da-e78f-471f-baef-9c4b8e19ac2f", "relationship--398324de-208a-4323-beff-a552f43a4f69", "relationship--e9f44922-5355-45b6-ad2d-57a8808205f1", "relationship--e4b26242-02bb-48c3-a47c-dfa9080ea0d6", "relationship--9478722c-f772-4223-aa22-6fdc43bfc8e2", "relationship--105a2f57-6933-4b87-a9fc-97b46947112b", "relationship--0b051c86-69b0-4850-8cb3-8600c320ffa7", "relationship--1b67ac5a-075c-4f91-b5d2-b1bd622eb07b", "relationship--39db25a4-eaba-453e-8e84-a9bdf5fc592c", "relationship--b8bd8e54-1d7b-47be-ac84-7564f00adb18", "relationship--58ddab10-3209-4a22-9dcc-72ee4cdcee87", "relationship--397ea1b1-d0ca-4ab8-8bb9-b244a64610ff", "relationship--422d3da0-b477-407c-9852-f18aabddf06c", "relationship--c0de1351-ebdf-4c37-8449-28879430f287", "relationship--af3950d3-f2db-47f5-8fab-422879949ac7", "relationship--7494cc4f-c274-4b7c-9340-07562801bc93", "relationship--9b364d57-c7c4-440c-b58b-813a6dfd5054", "relationship--307d5135-03cc-4d26-bc1f-814aa5f3f593", "relationship--810c972b-fc2b-42aa-8f85-b4646cebe0a9", "relationship--ad00e4cf-dc11-4b25-9acc-740aef742453", "relationship--48339101-fa7e-4b59-b849-dfda02df5d41", "relationship--3143c80f-df44-4fc8-bb8a-a5da40dd9acf", "relationship--9292f52c-d592-424a-b424-c704af3a9b1c", "relationship--bfddac0a-a006-4851-a5ea-5a98c7f2cae3", "relationship--fdbeda67-caa9-46f0-9564-a8c6722a01be", "relationship--eeb35056-5c68-4e7b-b63e-6db906ebb228", "relationship--1c4842e7-05c2-4fc3-86aa-bf994a5ef6ab", "relationship--7e8fff5a-4300-449a-9549-6ef5aef8edac", "relationship--6ae6b3eb-b07f-48e6-bc4e-a3efd152242a", "relationship--56c61cad-5bac-4f0a-a62b-b355e44e4371", "relationship--85417158-0e87-4a6c-94b8-c6aeb94c5c46", "relationship--e354e1d0-3eea-4464-9304-093f7e5390c8", "relationship--b2b839b0-8ba1-41b3-a13b-fe6955cefdb2", "relationship--131f631a-93b1-427c-8101-8406603538ab", "relationship--bc2126c7-715d-4d7e-ad81-2a9ad7a31b66", "relationship--7233ef02-f198-4282-93fb-311b5149b12a", "relationship--25c09679-476a-4c7a-ae4f-1ba232945c91", "relationship--4a03d623-7ea0-4558-ac95-8d4ae11cf2c4", "relationship--fd69d3e5-1ff8-4dee-b62d-1098c5b0a9dd", "relationship--b69e28f1-8573-4dd3-9484-17de510a6006", "relationship--0b570c40-7d46-4729-8960-f757cf0dd225", "relationship--8d5ff35c-b8c5-441e-b121-57b0deb72057", "relationship--ff9c59c1-af2d-4889-a608-fea080f48729", "relationship--a5f93507-41b4-4283-a9ff-d6eec6ed3746", "relationship--aa6af7e4-7401-4ada-bdbd-6cab5dd4a415", "relationship--20fca6ce-a0b2-432f-afab-520c3e781e1c", "relationship--2a69c343-29f1-4fad-97ce-db567875607b", "relationship--3c7a888f-f082-44d0-ad8c-4ad299219ea3", "relationship--2ef5974d-3cad-4f2d-9bca-8762ac2391a6", "relationship--b8fbed94-f67b-4d12-aa52-9c61dcc34028", "relationship--c5a5f2c1-afd1-4416-9a31-4b50734acfa7", "relationship--60a5ae92-74a1-427a-8c4f-58d9adcedb95", "relationship--497c744c-d75e-42b3-923a-fe6f1c7907c4", "relationship--ffd18087-aabf-494f-bd1b-98aa8c3c6b2b", "relationship--af20b0c6-853c-4615-9b04-6028a41f649a", "relationship--392c2ef1-fdba-411b-a540-71e236309253", "relationship--f7ea91c7-b510-4708-a2b5-3134dbc385ac", "relationship--3f572b9f-fb97-4bb7-95e5-17576242088d", "relationship--0ded6c63-f638-4fc9-b29a-ec3bd24cf4c5", "relationship--5a02c9a6-3953-4414-ad23-12f66accf61c", "relationship--d438787e-459d-4458-b48c-f64dd05bbed5", "relationship--3e4e0e26-7865-4a6c-9546-4ee42db7b907", "relationship--1048b0a4-c61d-405a-a9ab-2e02c6f42530", "relationship--417243b3-5419-4454-9442-f4438072b7d6", "relationship--0ac6a959-bc32-4a7a-b914-0a59b5e71122", "relationship--798218d9-5ca6-4ccf-8a1b-1d250a79636c", "relationship--1f0b061f-2cce-461f-900f-4a6bc6aea1fe", "relationship--b59f479b-7073-4a7d-b862-ab07ef3f55c9", "relationship--bd7ca91e-b716-4eec-99c1-74c50007822b", "relationship--b242d006-4310-4e41-98d1-2d1e3ea0268a", "relationship--1f5ccf65-8655-474a-a669-a3cacaade966", "relationship--f4491dfd-1549-4d11-acb5-6a31829d1172", "relationship--ece45ae0-f8c8-49b0-85cb-2f96ff3f5334", "relationship--36fbd1b6-db66-420f-a0c6-7fa4521df7ff", "relationship--ef7f21e7-8197-41d9-949f-d864a9d4dacc", "relationship--819d8471-12f3-4c96-86bb-46036ac846da", "relationship--2d0b8c38-0deb-46c2-8c21-0105055ed239", "relationship--62092060-634c-4d41-93c7-b8887bae6bc3", "relationship--30fae0ae-7712-47af-941d-6230e8db25d3", "relationship--21a5ea42-40af-4343-a5ef-37ab64919cf2", "relationship--973095b2-6ac6-4c3c-bc64-78b4e1f70fd5", "relationship--c7acfa27-96f9-4f7f-9353-4680abaeca67", "relationship--ed5c1ecb-5809-4ad2-8bfb-bbb0aa69f01b", "relationship--77f43a06-aaa1-436e-b764-27ffd04575db", "relationship--345bc165-2973-4607-9416-31aed166a8c3", "relationship--f2fd9dd1-9f5c-4674-aaee-34b52c4567a7", "relationship--f8437110-aa18-4cd6-bd62-b03813778a65", "relationship--597f99e7-95b1-478e-a870-b1894a29a712", "relationship--845291eb-5319-4f8b-97d3-86636b18b664", "relationship--d04a743b-fee7-471c-853f-777f54d16bb0", "relationship--2e77c4db-b373-4b7d-a8f8-fa81b3f6826f", "relationship--bebe928a-c9fc-4c23-b8d7-1a746377a1ad", "relationship--4301d3df-02ab-4af7-ab3f-3b8f2c4f1bf2", "relationship--f76f79ba-d88d-4dc2-ac7a-aed5ea2fdcb7", "relationship--944f6d05-5934-4f9c-b5e9-2843493e38f3", "relationship--f2e48dd5-16fa-4460-8687-b5f367998603", "relationship--22129fff-3288-48d2-b189-dc960427db14", "relationship--2d0b4224-ecce-40cc-a07f-fdda37f69709", "relationship--3a9dfeaa-4f23-48de-ad7a-9354f96dd609", "relationship--ec7f84b6-1989-42bc-94e6-3de43970b688", "relationship--2c78ec02-81df-4c52-93da-7417306e41cf", "relationship--31b802cb-1564-4171-b469-b6b11937c8e4", "relationship--36e67e96-be09-4de6-ab49-20a10c66d1f9", "relationship--c99a5742-aece-4ce4-834c-d2c7012e590a", "relationship--65140566-2be6-4a1f-9f25-10ae64c615cc", "relationship--4bfeca9f-c8a6-49bc-a62c-b64bed0468b0", "relationship--285414e6-b2c2-482c-9b02-5e565340a79f", "relationship--fa15a240-10d1-46db-94f4-37df418a0f01", "relationship--d5f9ca78-0f25-4498-8178-8f133b514ae6", "relationship--2db35962-8c82-4036-ab56-1a4fcd9904f6", "relationship--13acbb9a-c301-461a-b14f-3008035f4172", "relationship--32862d6c-45ef-4bf9-a213-3d14df390b60", "relationship--61a6f881-8fb1-45df-b18e-9a3feddc8c8e", "relationship--bc136208-400f-431a-9161-4b4318dddb31", "relationship--f2d6c0b3-2931-4286-ac15-68fadd8d7281", "relationship--79d51b64-9230-428e-b796-8693fb2b89b6", "relationship--ef03be71-1802-4526-8897-db67a9d96f9c", "relationship--d1046b2c-8dd2-41d0-9a96-aa8085b16f82", "relationship--71d1d2fc-3a02-411e-8f60-d98bb6198b8c", "relationship--8ccd53ec-0d37-43fa-8fd2-eae4fb428c0e", "relationship--724b55d6-a353-420a-94fa-fad68c347643", "relationship--25ba88ac-bf2a-4349-8675-1dca23e5241d", "relationship--f5e3d0bc-e0e0-4d74-9bec-9bceb5c37f92", "relationship--1dfb2207-1814-48a1-bf92-54da15a634c3", "relationship--8b8f4f13-ec8d-41c9-8483-4bc77e1a620a", "relationship--3959fb1a-a4bf-49ca-8ac5-5ff06d387e53", "relationship--54c512c0-e531-43fd-8d56-792d6dfe2462", "relationship--29df6d0c-99ed-432a-8102-8087c3c4e4f6", "relationship--a9215e14-2a08-4d79-a952-afb963929f20", "relationship--8b76739b-4598-4b0b-8d07-6faedb1cbd4a", "relationship--ead1e0f2-246b-45dc-b51c-6e8f2ebb502c", "relationship--e02fed64-2bdb-4c78-80bf-b635e383aa1e", "relationship--a9b0c1b2-138a-419c-a88c-59bb956db0d5", "relationship--060a16b1-b44a-40ad-9fc3-c4dc8b376282", "relationship--b7f12e3d-eee1-4735-8c82-dfb8e3d5abd1", "relationship--b16c04c8-ff19-4893-bc4f-5e4532d64560", "relationship--38965fad-8e24-4220-bf01-1c2c96c75208", "relationship--3eb31dd8-30a1-4cbc-88e1-e27b4849f832", "relationship--e65d5614-6d08-4ea8-9249-aa0b01953fe1", "relationship--7e1f3238-b196-4491-b590-8cdee06fd5ac", "relationship--b28cc8d8-fba4-40b1-abae-5000ad711e02", "relationship--c6d93d01-61b9-4114-b536-ee33742cbd94", "relationship--27df4b1d-961b-4ecd-b610-130da866a559", "relationship--8b7e4797-2320-4f57-86e7-1591ed5fbda3", "relationship--8816b453-71a3-415b-85b0-bcc0dc518468", "relationship--2546e904-eab2-4704-8e07-45ae4f4ba435", "relationship--97d95beb-0fe9-4a01-9cd7-dd9d2d238597", "relationship--8ece357e-a0fb-4cef-b36c-45d85c65126f", "relationship--59d0d150-9e9f-4683-b663-1188d107a365", "relationship--368f9340-ae23-4966-a500-9019f6d4be0a", "relationship--b4ff39e6-fe81-4a0c-95be-0977d0299e2c", "relationship--791744ce-d479-472d-88c3-4da96e29ba1d", "relationship--ec502e0a-4e1c-4c19-88a1-9313dfa51675", "relationship--3c057682-9222-4503-b489-20382e3c032d", "relationship--82a3bb74-893c-4ab3-803c-2b3672e4122d", "relationship--6449dbb8-f705-43a0-b829-f51c98a4ae26", "relationship--fba4f2bc-6dd8-41a3-b278-b82b69b5f3a8", "relationship--231ff8ca-50cd-463a-82e6-897c31e5659e", "relationship--956e2886-827f-4ede-8fa4-f414aa119643", "relationship--5bd6d1ec-05be-46df-9cdd-33d7fb97af9a", "relationship--db2ca1de-ac0c-4a5c-b632-7d5d9a4a921f", "relationship--fa8632a7-6801-44cf-9725-c7b64ad1b3fe", "relationship--8fd48f07-fe94-4e0b-8764-733c0720aaf9", "relationship--beca01a8-ed86-4377-96f5-a85a2a4f086b", "relationship--a348e1c0-f4bd-4baa-966e-48c014953a80", "relationship--f9c22b1d-097e-41c6-90b1-9eec79fa21fe", "relationship--f5647087-3236-45da-8a20-a42d4d192913", "relationship--8c39ac81-66a8-4681-94f6-cf51afd82f40", "relationship--f3c5c023-c982-4fc8-87c7-d28928248c45", "relationship--ef33bd1e-6ce4-4aba-8deb-6427bc840b05", "relationship--35a0194d-d9dc-43b0-8f23-79eb0c091c06", "relationship--d35a76e0-b727-4322-bb1a-c6e3460005e9", "relationship--ef94c8ea-d5b0-4b1b-b563-7be56b2cc383", "relationship--5667edce-9ba5-4783-88b0-fbf66c3e8eeb", "relationship--787cb93e-df1c-4b6d-b013-c26ec86952b8", "relationship--e8196455-3e11-48c3-bf76-49c525363969", "relationship--ccdb51e3-f037-458e-bbc2-b2a399531a85", "relationship--ce158a99-aaeb-4842-8c94-8ec482f4a751", "relationship--4a51c7aa-b3eb-4f06-8535-51c5d902c187", "relationship--88733437-119e-4424-a955-e4a46f299ec6", "relationship--98a572d8-b813-482f-932f-18fcbe654604", "relationship--b58e9cfa-bcfe-4994-bdad-37029fc05b82", "relationship--60278317-b4fd-4b35-b17c-6ac7a8d67ea7", "relationship--4f4f257d-45c4-4262-92bf-71e452981ea0", "relationship--c81c38ac-00ba-472b-9ae1-4e57d5ff9cd9", "relationship--28b85e68-e298-4f93-bf04-38cae0038206", "relationship--3ca21f49-3ad8-48bc-a4da-d874cc816955", "relationship--06d83d78-7bf9-437a-9a8d-c3394e23210f", "relationship--b0f57218-5be7-488e-be2f-cae14d6d43ee", "relationship--9ca987a0-bd06-4ff9-bba7-f025c0291625", "relationship--997075ee-2e67-48ad-b11d-ca7c9cbc52c5", "relationship--3946ec1e-4a52-40fe-8eac-6bb970bfdee5", "relationship--c8c027aa-52cd-4348-9abd-76dfa5a989a9", "relationship--2b1a122e-b2ea-4e8a-8f5c-2fbed9525886", "relationship--e72fbecc-d5f7-43be-9f02-2f3eb10307fd", "relationship--b27f2fc4-093d-4be2-8267-e0b0a4888eb9", "relationship--f9dba68f-a634-42ee-948e-e36ca8425898", "relationship--15b37e40-5568-41bb-b4eb-b07c9919fc5c", "relationship--741d1475-e390-4af8-9f87-a829debcf7a2", "relationship--077eb290-b8ad-4ffe-8f6c-fbed30ba61c5", "relationship--739e5581-874b-4411-81a1-c7b52024601a", "relationship--2bda617c-d1e8-4ab5-9769-ca54aff8cf36", "relationship--9863c0e2-effe-42a3-ad26-dc56c7833d97", "relationship--257ec93a-771c-4203-b8bf-518de8e5aba3", "relationship--99aa8d59-2236-41f5-9066-5162203a2b4f", "relationship--448fcc46-3178-4076-8ee3-f769ae44aafe", "relationship--b00f8674-8bf2-429c-bb1f-73abfdf54e6f", "relationship--3260b829-52a0-4720-92af-222c30a53e91", "relationship--5aa08a6d-45ef-4c11-96a6-45a39fa1e9ab", "relationship--d196536d-e847-4c7c-91cd-562c8d9c96e8", "relationship--65af18b9-dd18-4a47-8a36-a2d632c39099", "relationship--371c5fc7-ea42-4144-a444-2b696ca24fbf", "relationship--b6415001-9ed6-4b10-af3d-50bb6deaa541", "relationship--2a29f667-4956-4eb2-aabf-39aad36b5886", "relationship--e53a8b1e-5e19-41f8-b030-77a977f88b6b", "relationship--60f81605-343b-4c48-986b-58f6aa832f27", "relationship--e55a59cf-1209-43c1-9a36-6dfb863b40ec", "relationship--69206b9a-f3ae-409c-b3dc-19f1ce24ab4d", "relationship--71aab292-9d0d-4e49-8ba8-1894c71a97e8", "relationship--ee0578af-137c-4825-8541-169b46a44b57", "relationship--9f62e557-a150-4b9d-b762-812da504ec25", "relationship--4f98cf40-4436-4b92-9a13-35a5139e0758", "relationship--2f80d590-6a35-463e-a03f-53fab30ef05d", "relationship--4c7a072b-f17f-437b-bfc2-513202f01a17", "relationship--c90f5952-90c5-4d68-8dc2-8e772e9d9413", "relationship--30f95d1f-4e7c-4a61-a5b1-63d38a2a43f7", "relationship--44ff2bc1-52fe-4fd4-85eb-f6b44e96947e", "relationship--4cf9c6f8-8cda-4ffa-b164-30e92824fa65", "relationship--4734dbb4-bde6-4351-9aba-65dc53ff4133", "relationship--06501cd3-f6ec-45ca-887f-be63abf20862", "relationship--834fbc2e-1523-4650-8fe3-23e337c7c3b4", "relationship--b45ac83d-795d-4d2b-96cf-63f9d862a912", "relationship--f93686b7-8988-4c00-bd41-793af9222e0c", "relationship--dc2ae750-30c4-4b1b-bb20-988ac66224d9", "relationship--6d5ec130-589d-44d3-bf26-5e00deaa7fa8", "relationship--667ca962-8a26-484d-a26a-fb76c2a91c98", "relationship--a7f8d16f-2f34-481d-bc16-c2a089028dd9", "relationship--2980553a-8b11-44bb-9a40-9479e56b56c7", "relationship--adc956c8-0781-4f55-82a7-ffa60317af95", "relationship--b243f345-fd9a-4a5c-a410-81f5f40e03c5", "relationship--95abc5b6-9a5e-4b76-a812-d2b5ae206db2", "relationship--7f5e3da5-c8b7-414e-9c0e-8b3fb2d91012", "relationship--420972da-dfd9-41ac-bddf-94589e68e73d", "relationship--22f02ff4-da26-43d0-b0fd-f15bf77e0bd9", "relationship--55ab5a2e-4c3e-49d1-8bd1-23fc0ab76a0e", "relationship--dcef3077-035b-4856-9734-f8bdaa4114b4", "relationship--dc395906-9c24-457c-a94c-db8c36d5786c", "relationship--bd452682-572e-4ee3-9842-eedc07d14e6c", "relationship--056de69b-379b-4785-bd51-1f847ce8a44e", "relationship--ca0e02ba-d8b6-48c6-a5e8-1fc796e7fb98", "relationship--8f47076c-0639-4abb-b606-1c011bdb78e4", "relationship--bf9006e0-81cc-4c23-afc6-58e1dc52c1a1", "relationship--8558574a-b8e3-4b4d-8b8e-86f681ec2827", "relationship--fcec11a9-9d57-4731-a3c3-b408c36703c4", "relationship--a1f87748-26c6-46eb-b6a1-92f827df0a6c", "relationship--0115d207-ea46-46d6-917c-c1f1e03beb83", "relationship--c85e3253-3897-4e65-832a-cd7d53e0da9e", "relationship--1875362b-f137-445f-9dfc-6f3d58b57b5a", "relationship--9c232f18-3eaf-4ae7-90f4-f2cbde69c716", "relationship--b24fac4e-6353-4bd3-8886-6acf98ca8e7c", "relationship--d268c0e7-3467-4f9e-99e2-eb6960de9929", "relationship--b23eb652-c6a6-4446-a02e-360cebe39c6e", "relationship--66cc9c1e-df7e-4ed8-a054-afd9686217d3", "relationship--966aa40b-5ac5-471d-8945-1e868738ba90", "relationship--65477316-9a3f-41cd-ac4f-8bd63bb62d55", "relationship--64274896-de12-4c66-a4eb-9deb4a898af4", "relationship--8901cd81-3a44-4b9f-862c-0c8a42d097d7", "relationship--15009adf-2bf8-49db-9946-409e94394477", "relationship--f4a5a64d-dca5-4ef9-a952-cd2fd18e97bc", "relationship--5bef6c13-3020-4522-83cc-7a87121be2d9", "relationship--bc98dbe8-a250-4352-b086-ea5e987ec51b", "relationship--fb561961-1a77-43d1-ab8a-713d4cf0623f", "relationship--e9b76e11-ea60-47eb-b320-ded73fc70e5c", "relationship--d316897b-8148-4edb-a55c-df0cd6a3357e", "relationship--ec9aa1fd-122e-4f1b-9861-1467c22233d4", "relationship--17782aad-9507-4dc9-af45-c14c0a023744", "relationship--6d555f6d-1e4b-4179-a240-e64d9643c758", "relationship--25a08c53-4bd5-447c-8f79-e6cd2bceea03", "relationship--c090210a-b07e-442a-a494-5db90abe866e", "relationship--3b09668b-f05e-4b42-b52c-21b4c2ddbe63", "relationship--dddb8371-539c-44fd-a821-3f5c48149488", "relationship--0aa5b468-1028-4f44-8bff-c57195ed2395", "relationship--2495eb69-6fcc-4317-a1ee-702f79c0a492", "relationship--33f4b000-67aa-43a8-9e45-57bd127d1205", "relationship--aa76c95a-9d31-421a-9fba-ed6c1f9f9757", "relationship--df0e4078-52b6-42ba-8ad1-d4991c31f1aa", "relationship--6255dc82-3b82-4707-8ac3-07809d5dac07", "relationship--4836b42d-b063-4247-a76c-65d49855d082", "relationship--e09daa33-7100-4a37-a7a3-9252e9a1b841", "relationship--33967d6d-2f0c-4fe7-8ee8-54a33274d243", "relationship--8aedf8c8-7244-45f7-8974-9eb138cd9a7b", "relationship--c3831d90-b853-4cee-bbe3-f5ede87602ac", "relationship--960368b9-e5ba-45e1-bc0a-1385edc1a84e", "relationship--3b6c0d34-ed03-4834-ab14-8f5ba6b13741", "relationship--42933e34-3a3c-4e38-a59e-6d01b9d6367d", "relationship--cefc9740-dcae-418b-b3b2-ff4a55da6d1a", "relationship--56614dba-6d3e-42d6-b7de-04ad28991733", "relationship--edbe975b-4a5d-42f6-84c0-24e25df18cfd", "relationship--a8cc7d44-1898-4332-aed5-defc0be42361", "relationship--b15450ed-f395-4f69-832c-68bc3b57a9e4", "relationship--47976236-238d-4a5f-8936-d336de65d4bf", "relationship--befa5c7e-60dc-43fe-90f3-40adc957033e", "relationship--7f3f85ec-6941-4342-a377-ec1a5c6376e5", "relationship--f8bdc675-4cb8-48fa-a750-cd2409a50e7b", "relationship--cbd04170-43c8-402e-9780-a43a5f4e943a", "relationship--675a8d36-63ea-48a6-a231-66933dd7033f", "relationship--346fe44c-8a94-4244-8331-c29d6f046053", "relationship--a12dd9be-62d1-4223-9685-e28b67dc58cd", "relationship--63934d08-5b85-43dd-999d-1f39ebcb7fbb", "relationship--aba1a17c-6b15-40e4-836e-6fac97e68ff0", "relationship--f6fd9a77-e60c-4bf9-b03e-f145ffeb9b2b", "relationship--f7639fc0-339f-43be-8902-c8f0f00f0b38", "relationship--f81d496c-a993-4f2f-8edf-2fe7cb68934a", "relationship--c6645639-d5e3-4874-b85e-ffbb275ead1c", "relationship--e2506665-1e33-4510-adcf-24b602d7785a", "relationship--e11f1472-c06a-4fcf-9dcf-689e77806187", "relationship--6acaf239-c8fb-4c03-b37f-02a0952e83f5", "relationship--0846ac39-e6d1-4523-aaaf-219d235351ba", "relationship--246c5fb3-9c83-4545-b53f-51a4b618a81c", "relationship--8627ced1-1b9a-47c8-a0c4-7c1bc6aa490c", "relationship--07210171-6eac-4f13-8e1b-6170db87cfd6", "relationship--33a66a72-071d-4f47-b279-c2d0d7e58c59", "relationship--905af27f-e3c3-4564-9526-dc49eadfa59d", "relationship--b1bfeed3-f727-4108-bb8d-9cc78f2a612c", "relationship--76842977-500c-4c37-bad6-dbc38a480bf8", "relationship--9baf2965-9c42-4eae-8f7d-b7dc40fea23b", "relationship--4d58f4e3-c321-4c1c-92e7-516a8ccfc6a4", "relationship--34af1802-7fea-4ebc-8fcd-2bfbbddb8357", "relationship--1338f3fb-467f-4040-8919-bec72e891910", "relationship--7afa6128-d855-4fb3-849d-56bc26804791", "relationship--e45f542f-3ea1-40d2-95ec-60dafa03631a", "relationship--442a64df-437b-48e8-a065-947a66dc18f1", "relationship--296f2557-7525-4824-9ca9-6e6c0f8b8c0f", "relationship--f1576dde-bf28-4515-a6b5-410f09a4270a", "relationship--983d8322-33f6-422a-a33a-357e23216955", "relationship--3dd7f9cf-afff-482c-b893-584a90de712f", "relationship--496a52d7-6549-4f6a-a57a-1c90482ccb05", "relationship--8d6c75a0-3f5e-4b2c-9de2-91d2204f6789", "relationship--e109e08a-8399-4780-a3e1-0ddbc5a375be", "relationship--e2659ac2-cf5e-4a11-8225-190757ff63be", "relationship--333f2f3c-a479-4b8a-a4ca-d635c98084f3", "relationship--96c138a6-8187-4c70-8031-cf760ad8a154", "relationship--a7a86a80-3c3c-4eb3-9beb-18b36fb021af", "relationship--74dce16e-7d52-447f-baa9-c9ecdd0625d6", "relationship--b35f0b04-444a-4d82-8fa1-fc08f856342c", "relationship--910eba9e-f01c-436c-b54b-dd4933eac64d", "relationship--43b60cb9-20bc-4eed-aaa7-dd6c2750fdaf", "relationship--c126fdbe-e534-47b8-ba32-dc03d17a65fa", "relationship--167479e8-6e4c-4acf-8a95-fd0765c0a188", "relationship--9f71a7a3-277b-4323-8a44-e73f6857234c", "relationship--4fd8e3c1-7024-4334-b1cb-0ce38bd66981", "relationship--046f1103-4898-4048-a625-5ecd8f3636dc", "relationship--0d17704f-bd11-4567-b86e-df66c2134b8a", "relationship--86e7c26c-c25a-42b3-8563-3d295a131deb", "relationship--4506ef5d-2f71-43fe-9c3a-6ed0f4890e28", "relationship--c8ba4d1f-329a-4493-8e61-e481799ee58a", "relationship--ea7e0e88-590b-45d0-b29e-a6b653257440", "relationship--bd44c269-70e1-4229-81c3-affbed0c04b7", "relationship--436a894a-7357-4fd9-bcb6-177d2a824394", "relationship--66245607-663e-4bf0-91d6-5ec9d19360c6", "relationship--1197bc6e-ea83-4fd2-a7eb-ebc03bbc0291", "relationship--b8ddcd88-7f96-4b3d-9495-2d657c4294fc", "relationship--2e590d4a-d80a-40d5-94d8-58a43a701327", "relationship--05627380-6e1c-4a01-abfa-9fd20a6a1f9c", "relationship--ff9e86c2-4205-4986-9a44-725027dc7e76", "relationship--e7f67791-4c18-4653-ad5b-7ed191cbf1a3", "relationship--b7993d9d-affc-41c3-b537-1e41222f170a", "relationship--d8000c0b-7875-4240-8067-d18de9d851fc", "relationship--e5d0cf24-97ab-48fc-a70a-fec22e6d1223", "relationship--4b7b6fa7-52ab-42a5-9936-94283a20de35", "relationship--8c7413f5-3949-47da-a778-cdfad5587c08", "relationship--6b53527c-5eef-4ad1-86c5-6427ef88fb35", "relationship--3423519f-c803-4308-8c61-a8889959abf4", "relationship--b4c46ad1-bc06-41a6-ab91-19807994883e", "relationship--4e79c49b-7825-4e85-a836-960d4ede8fb8", "relationship--03c03eb0-e570-471f-a5d1-83aa83165834", "relationship--7e356be3-5484-4882-8cbb-650eead427d7", "relationship--e372daa5-53e4-4fe1-8e2e-b7da5b1fcea7", "relationship--56f8c516-32ff-46c1-874e-81dd5ed4465c", "relationship--0dd76cad-56a9-410a-9e0e-ba304b47a203", "relationship--1317f604-e585-48a6-99c3-442f9167b246", "relationship--d618b7b6-aea6-4b55-80b2-86aeb64eef51", "relationship--df6661cd-e679-4339-823f-9b53cb514266", "relationship--f4294db7-4ee3-43d6-aebc-60839a609aed", "relationship--f0d20f51-de97-4993-a596-25b374ee654e", "relationship--29fe2040-c792-411a-95f4-954c46b7df48", "relationship--9132263a-2055-45e0-ae52-12a87459a772", "relationship--a9bb6f6a-c747-495f-bad8-c610828778b5", "relationship--485a9ca3-890d-4dca-852e-3c2135c1eccd", "relationship--2087a9c5-5b43-431f-b436-c05b7b4d8019", "relationship--5e5c8529-c2c1-4bb0-932e-506df1fdaa84", "relationship--ea7f0dcb-e855-4769-b0aa-9559ab89282a", "relationship--644b1cad-fccd-4f1c-898c-1f8128c4c9a0", "relationship--8bcbcad4-8e12-4b06-9f55-1685192cfc0b", "relationship--3ee058a7-f0fb-4664-894a-8b9b1274f606", "relationship--c5f975bb-3952-42d8-987e-08ef550f9de7", "relationship--6dbf313f-8731-49d1-83c2-571b4b1ebd6e", "relationship--6cf77d2a-c6a0-45ec-98e7-a3985b3d8c0a", "relationship--e8b83f93-9c76-4d85-827d-6abf0c2fe29f", "relationship--c9280fe6-6ff9-4f1a-985a-7af9c5df3547", "relationship--167820d1-2014-46de-8060-41a63e8e27dc", "relationship--807c9355-2fc1-400b-98b5-eb890531abf8", "relationship--0ef5f3fa-3ef8-4ae9-8b63-ab709f94bc0a", "relationship--cf470ac9-047d-44cc-8bd8-3afb157b140a", "relationship--70ce288f-ae3e-407f-98e3-697bd731084a", "relationship--4958c7b6-8149-45c2-8b2f-8db7b16030ea", "relationship--5f217ba1-b9ae-4935-bd70-80bb984626fb", "relationship--7bc2af26-99cf-4c63-9748-cbd66b04bc91", "relationship--dc5924c6-ab4d-4f4d-a224-5a7050ce32b4", "relationship--fc1f8be5-1f2a-47d7-b2cd-90a229177920", "relationship--0e16ed92-2020-4d10-b935-d94b5eb463cc", "relationship--8ad1800d-125b-4383-b955-1a8dde73e85f", "relationship--48f512d3-91d5-4b6c-b07f-953d48855ef8", "relationship--9c34bb2e-696d-4a65-87df-9273e8794d95", "relationship--2b0daddc-6b06-4b5d-803e-820cd7af426d", "relationship--313d8b82-d83c-4403-88fb-c14a293e5d99", "relationship--6e1b180b-84a2-428b-bef2-176d76bb08cc", "relationship--41f1c44b-f29d-446d-bc91-d20838ca41ea", "relationship--7946db31-9228-4c1c-964e-4e2d15411ea1", "relationship--e7ca0281-5b97-46b6-99a5-9c9c9c769865", "relationship--e6015bcb-c82c-403d-ae42-d56c1af4e83f", "relationship--77de43d9-156f-48e2-ae4e-5b14c3e19841", "relationship--3eb1360d-206e-4ca2-95e7-4f6be335116f", "relationship--d4400ae1-1af2-47d7-b95c-d34029484f64", "relationship--1a2f8da7-ab0b-4b87-8446-067f4e9534f5", "relationship--7644f299-d543-4384-bacc-5f892cc2b2cc", "relationship--6204f8f7-eb4d-425b-8ee1-1f660727de5c", "relationship--19a5fb2c-5e16-4369-8f64-1f9a5d8990ed", "relationship--a9618225-da9f-440c-b29f-b8607cae2fa6", "relationship--1219d83a-7576-43a5-8e48-6bd68add7652", "relationship--4a9c0a5b-44a5-4b79-8deb-49f7e8509056", "relationship--c356c6ac-d981-424b-9929-a98b5a464ce3", "relationship--6f0c5914-0e0e-4b80-b985-7775c3884259", "relationship--85d12273-c4fe-4d1e-904d-000c9a89d770", "relationship--806cfad4-237d-49cb-bf54-cda194172181", "relationship--a60bf7ef-811c-4768-9b08-35ddcf334261", "relationship--1f434c87-852a-41ae-9ead-f6bdad39edae", "relationship--0248a624-5023-40ec-a02b-ac2af03459fe", "relationship--16bacdd3-c7f5-4a8a-b0f6-e87b5505a729", "relationship--3fa94e37-e30b-4eed-b5e7-439566ca7b9d", "relationship--f1debb12-27ef-4a17-90d5-36e2599f5e13", "relationship--e7e9d9f1-2968-4c3a-8620-bc639e9de91f", "relationship--160a5694-6ff3-4588-b75a-e493aa8e33f9", "relationship--1d37e332-810b-4ef3-bf30-68372267bf2b", "relationship--3aaddf3e-eaeb-48a8-be21-806dc78d4247", "relationship--13081fed-773c-4c45-b403-fa68ba7f06a6", "relationship--9e2b7bd2-4b5f-42ce-80fb-a5d5006bed6c", "relationship--7441df73-bc1c-43a1-8140-0df6367cedb8", "relationship--78f82bbe-1aa0-4a5a-b23c-511feec742eb", "relationship--d5bfa779-7630-4084-9d0f-e816c6b7d209", "relationship--9c11c2cd-3149-48bc-bbb9-9cee1f1f1cc0", "relationship--8a674f41-cdeb-4aaa-b382-fd3412e0c166", "relationship--58c13e6d-d131-4359-b0a1-c83e285977ba", "relationship--437f33d6-3892-4764-9340-c71957800396", "relationship--4840ab2a-a941-4e4c-a90e-9dd22368cafb", "relationship--5eed0a56-adbc-47f7-a102-176135c14aa3", "relationship--2ddfe8d1-6fbc-4295-9f75-3b14bcdc0349", "relationship--91b41453-94f6-4701-998d-8ddf302a417c", "relationship--cbbcac8c-bbf7-4f1f-8a7b-16468270b0ed", "relationship--2ea657bc-35ea-4522-9ed7-8e636ea5da3c", "relationship--215d8109-d625-46ee-9b53-7425e83540a9", "relationship--dc8a3727-7fd7-4a7e-9dd5-c1d0030c03bf", "relationship--71563947-e7d4-42a6-8f17-bf29db7f46b8", "relationship--589311cf-d756-4ab7-b4e1-34e6053176f2", "relationship--7a4ce4aa-6bd4-461d-b9a7-42afb450d774", "relationship--e9f3f8a3-02e6-41c6-9ef0-f41e9def4a25", "relationship--4d515a35-fc47-448a-8bad-5390db0ca577", "relationship--72f3259a-da44-4423-a84a-cbbb8e695a25", "relationship--a7a10330-cb4d-47d2-aee7-5d5b03898776", "relationship--35f0b133-13bf-4f5d-acea-e4efa0c5619e", "relationship--3547ac94-fcd4-4bae-b6c8-4d1ba2baaab2", "relationship--6d8ba8b6-db66-4d7e-a052-21aea0d576fc", "relationship--bd10beed-fa52-4294-9cd8-324c39b13356", "relationship--cd9fe24d-1458-4691-98a2-8ed0bd17e91a", "relationship--a9df8884-eee2-41d4-8e5c-e64f65e6fb8d", "relationship--4c9ee333-dc24-45b2-b178-fe0e15216bfa", "relationship--e684260c-43bb-4a4b-85c8-7be30fbaa33e", "relationship--089e6688-0fea-4194-84ed-7ce261680299", "relationship--aca7d572-9641-4eba-a4a7-0f8db7ded61b", "relationship--e9a9f631-1446-4185-a60a-caac2c8e6d59", "relationship--3d4eeec9-6112-44ab-b05d-e608ad9b9350", "relationship--451852a3-618a-40db-909c-e8f416fcdd30", "relationship--e102594d-248b-4230-8402-d0ff0979e33c", "relationship--df2a7364-c093-4e2a-a585-53e52fcc9257", "relationship--8d71bcc5-772d-4693-bee3-2c678134e63f", "relationship--18551989-3449-4a8a-beac-73c7ca3521a3", "relationship--aebc1389-c063-48df-9d24-5568d95c118d", "relationship--edaaf089-b377-4b74-b7a0-965790d88a76", "relationship--89f6b304-2fcb-4a9a-9e9e-0e186e2f14c2", "relationship--70736df1-7dfc-4ea6-93cb-454fd10291ef", "relationship--a661e596-66e4-4ed1-a8a4-650e09e0169a", "relationship--4959d99b-34b9-4cd7-9bcc-29544bf7ab40", "relationship--da2f15ab-5c3f-49d4-a133-c404799f8ed0", "relationship--95c087b5-bf41-4df3-9b75-ea363e4daa31", "relationship--53e22414-52c4-488a-ab81-7da6a5508706", "relationship--88a2bb2b-3146-491a-9f0a-4729dd38c380", "relationship--2dd6ae89-f957-4866-839e-63f132dec55c", "relationship--34e9cc71-f6c2-40d8-8064-5d835eae3fb4", "relationship--c30c88f8-af52-4b7d-a6ac-0c5a6553d855", "relationship--03f0f047-6649-490c-9610-3593bc630e9f", "relationship--60642f01-90df-424c-84c7-546a55add58d", "relationship--6caa86e6-ad6c-4d14-a18f-2fddc461ed65", "relationship--3fb4ba1b-e0d1-476d-8f6e-9d560628fdb8", "relationship--437c0117-749f-413a-9995-e6974546007c", "relationship--fb8cecb4-8b6c-443b-af7b-86bc4f2f7208", "relationship--fa7f9ba4-7773-4d24-a212-78d6f4aad155", "relationship--ef352155-9613-4397-99fb-ce488436fa78", "relationship--d8b817d0-a77b-49c8-87a1-07adb2bf5a61", "relationship--3e6488c5-a4cc-4921-b02a-51e8db4225c8", "relationship--b435245a-e8c1-4c98-abaa-f6311ea616e2", "relationship--1cbcf93a-5668-4cca-aa84-4dbb6386b083", "relationship--8a8a2af8-c32b-4431-bb74-7a4a7ec3a5ce", "relationship--bd0681a1-eee2-4557-b65e-6c3e8e3de814", "relationship--058a9bd3-ed17-4297-8bd8-1175cd385805", "relationship--ea9315ec-2f62-4957-b052-0f82f368589a", "relationship--cac34993-717b-4164-b401-1d9e91dff123", "relationship--ac36a647-0fdd-4014-a88b-7022888d60c8", "relationship--68831598-e15d-4900-88fd-da974e00886e", "relationship--2215755d-522f-4618-af4d-ad803a8a318a", "relationship--25048a97-af6e-4f22-89b2-3b062d2b819e", "relationship--c3e37ad0-a03d-481c-a6e6-efccbb3f1525", "relationship--c97d8786-d735-40ad-8d24-584209e62032", "relationship--a6b7ade4-5f58-4260-a61c-d5ea068c967c", "relationship--81e96356-b706-43e9-82b0-6b30a4bf97c8", "relationship--c8ca8053-19a5-40ca-a456-56efefd6a4c4", "relationship--168ebe74-45c8-4db4-86ae-b7f2b922270f", "relationship--aa238c16-2ffd-4a41-8d06-6296d3fc6434", "relationship--3407cad2-6a66-4a2e-a935-c276e7f82c1c", "relationship--5f7e9a71-c000-40b0-9026-fe721d74bd0e", "relationship--472098ae-014e-4bb4-8c66-71ee9129fd6d", "relationship--0ae6c709-bec1-44e0-bd0f-5bbaa4293433", "relationship--502d6146-b484-44f8-9117-4d15cb6dfb14", "relationship--7561ce9c-d298-41df-9028-6f3570269459", "relationship--7d438990-5c49-46c6-bb66-a0f2122444e5", "relationship--5dfea9db-57b6-4a8c-978d-5e820656453c", "relationship--10925815-de81-4970-bc8c-5648e92227c5", "relationship--346007cd-ff26-48e7-912d-53ec401de0c5", "relationship--8194eb6b-5de6-4873-8087-03fcc93c3118", "relationship--f009e571-070a-4a10-90b5-34b104687802", "relationship--ce936209-975d-40dc-b7c4-80c2cafa3544", "relationship--47e529f2-4cf0-4e09-bd8e-bca2e1cecf51", "relationship--962c72d6-7553-4de7-9831-b700f7de5c9c", "relationship--dee96f6e-918d-4863-950b-f3f29c28c557", "relationship--682f2d20-038f-49ac-896b-733a6a3039e6", "relationship--8ffe2443-2b03-4781-8dfd-e940a4704203", "relationship--cfaa91c6-8c58-4498-8938-c281098f3e73", "relationship--542bcb23-8dbe-4b92-83b0-f0f27cff2f7d", "relationship--db795e1d-7897-4476-9daa-cffce845031c", "relationship--9f728787-4892-4818-b432-c0ff27816758", "relationship--0ce71d90-15b5-4319-884f-ce946627f823", "relationship--c0416bdf-3aeb-482f-b5c8-d6b9181e798c", "relationship--2efeb335-8ec1-43bb-8934-a6a66c43212b", "relationship--6c542c0f-2375-4a46-a535-362ee82e7082", "relationship--c1e76371-4945-41b9-b19f-fee386cb893a", "relationship--07bdd76c-a0b7-4f2d-98a3-4d7e1eb69291", "relationship--b42d57aa-3ecd-48d8-8357-3c87c1ef12ce", "relationship--c9dd5370-2e0d-451f-a40e-948a2d5bdf15", "relationship--211d0a0d-9133-435c-98af-c895d6b154f3", "relationship--0a3aa2a4-a832-42ed-8fdd-3311a0ad35eb", "relationship--dc1429a1-2c7d-4d2e-9b2c-76b393e0890e", "relationship--774bc5da-c455-4abc-b093-6621d8776fc7", "relationship--12d0475d-1d59-4832-b3d9-d7ecd4cd65c3", "relationship--f31def80-ebd4-4cd8-9b8b-7212f88ba3e1", "relationship--857bb106-a377-4670-9e9a-374790435c34", "relationship--d116901e-769c-4156-bd1c-38e05bb1aa12", "relationship--24c12586-554b-4fc4-a99b-0aa35f480a98", "relationship--b32c1088-ff98-427e-b328-852b78b5fa21", "relationship--3ef24b1b-db2f-4bd9-9ed9-aabbfa50c2b8", "relationship--047dc7c5-8fe3-40bf-a4f8-c3b5eef41763", "relationship--d76bffab-3b60-42d1-aa86-f542d56e37cd", "relationship--8837c5f1-b525-44b7-8d1c-56fbd0391a06", "relationship--c3da7bd5-77b5-4a7a-a17c-44bb5b092663", "relationship--a00ff831-d8f2-43a0-879b-4b082f1ba8c4", "relationship--f6dbba84-15eb-4d2e-964e-7bdc21971c65", "relationship--88e02f50-a1f4-4f8e-a336-1e49129bb8f4", "relationship--f6ab4853-605e-493a-ad40-bb576d052632", "relationship--92f5aacb-aece-42ef-8b5f-73de1ce6dae1", "relationship--28e197e4-5f1b-44d9-813a-f827cee7956e", "relationship--8539d576-dd2f-4668-ba76-2d7c3985b94f", "relationship--d1c94685-2909-42ab-9a1f-5b322cb4d637", "relationship--bfda4552-aa02-4958-a463-789abd4ccb4d", "relationship--a04e2c8b-fe7e-4640-9800-e4f79ea5d5e3", "relationship--b820281f-aa67-4d0f-a6cc-b0b78096eb7a", "relationship--79761be2-1f5a-412a-9269-994c256853db", "relationship--a168f9de-1493-4c54-b508-cea02c7948cc", "relationship--f6d6cd06-11d3-48c4-8ea0-a64bdbd6e356", "relationship--2adbc6f5-33fe-458e-afc7-b5c9bc2a36a5", "relationship--43dd87b8-991e-4f66-aa42-3f1ddfe24b25", "relationship--35d4f367-1844-4858-a5a8-89ddb8e5c13b", "relationship--f124bf91-3a08-4fc6-b148-aa8f995f6c5b", "relationship--b733512e-0266-422d-97b4-928832a6175f", "relationship--201c309f-cb77-4a09-8431-a2c80745a008", "relationship--d58d899c-b410-4125-9269-b60ab460c5d1", "relationship--78743101-98e7-420a-a912-7471308d0231", "relationship--f143f52e-209d-424b-ba99-aaea0c4e1446", "relationship--a8ba82c5-fb81-4e65-b936-5f9b49a51346", "relationship--b20f39fa-eafd-4b73-bd07-9df57ee66f97", "relationship--1e52dacf-aba0-4e5f-b63d-db424e2fdfe1", "relationship--e0fe4033-59e5-4d57-9114-6cd2a402e145", "relationship--c8dc6c74-3c77-4cc2-a8d7-d55035da85c4", "relationship--044a3425-c271-450f-bf62-25f7222d9f60", "relationship--763051cf-3f4a-45b0-bded-577129b4d526", "relationship--76046501-74da-46f2-b31e-db92888127a6", "relationship--2d69fcae-6147-4e7d-b2aa-18710b754738", "relationship--6f7d5ca4-b82f-45ae-8169-791134e1a4ab", "relationship--b7e494ff-914a-47db-8b2f-48add3c21b7c", "relationship--f4b069c9-b0c7-4c02-8490-2790e8cd5467", "relationship--47c1b924-afcb-4d7d-bec8-f4832ad7c932", "relationship--dde087fa-2943-4f00-93d3-350e7c229b79", "relationship--9f26b4d3-9927-4671-8369-419aaad00677", "relationship--bfc979c1-821b-4c79-ac50-ead9a0612b1d", "relationship--33a7c3ad-77a9-44a6-bc53-cf6acd34db6e", "relationship--f9897e8b-4311-4797-8cb4-27f88662415b", "relationship--995d52f9-c39a-4857-93eb-95d52d530818", "relationship--5f59a07b-f060-4956-b9d1-79275e7601f0", "relationship--f0accdc8-3085-40ca-8035-2e56568ba19c", "relationship--b3d13b17-6851-4364-931f-aab3395e9f50", "relationship--4bfdbd3f-fc14-41da-8939-37f56481f034", "relationship--a0087f5a-6396-4b19-bf54-750a0558e6c4", "relationship--f93db03c-9795-427a-83c0-b2440b466d24", "relationship--3e887502-3609-4ce9-be0e-310012f40ef2", "relationship--34ab6f1b-b8cc-45ed-a6dd-5077976cc1a0", "relationship--dd068d46-8e86-48b3-a62b-124cbda34724", "relationship--8ddadb00-28a1-48c3-82ef-b509ba8ec469", "relationship--d80860e4-e414-4203-8347-8e69f9415186", "relationship--4905562b-49b1-44ec-b9c5-af220f8b9f94", "relationship--9c1adc7d-240e-460f-a64b-033680094c7a", "relationship--10520f07-b526-4f21-8c09-12417286567b", "relationship--1dcd8890-bbd7-4918-9a41-d336f94420ff", "relationship--7f9e62a0-8410-4411-99e1-a95041558f25", "relationship--78ec5664-c1d2-4c4c-b166-d529b72af800", "relationship--00f7a671-6eb7-4184-9ffe-e82843a39829", "relationship--f34274fe-0707-4ac0-9552-30849c9fdb1a", "relationship--7fd7b15a-8826-4578-a311-5ca680c68d14", "relationship--4c4915e4-33c4-4cb3-b18f-f75f8f05df65", "relationship--e029e0ce-33b8-4c24-b281-84b370609f01", "relationship--c44712b5-18fd-44d8-9de2-63db30bc2db8", "relationship--255d7500-86db-4691-9fa5-9320761cf064", "relationship--07a31bc1-c01e-497e-adba-c663685fefb4", "relationship--dd1bf6dc-eb29-439d-b692-77b3b2d48c48", "relationship--8722a3dc-e43c-4608-ae99-fb313df6b58f", "relationship--fe274d44-5254-40c4-8d3f-8c997416926e", "relationship--c7a0c18d-3741-4880-a664-de3fdb776129", "relationship--517bd6cd-8c25-4807-8ee5-dbdc8b646071", "relationship--0f8fe511-e2cc-4efa-9503-33c35be011d9", "relationship--e31f05b2-75a7-4e1f-9cc6-1c463e2cdaa8", "relationship--02b3ce33-44b1-459b-a77c-df3cd07c4de1", "relationship--b6831e96-a058-4cc8-9ead-470a71d27517", "relationship--622c3f5f-4dd2-4de0-b30b-7314213dca1b", "relationship--e6fe2660-0c2e-46f3-a3cb-f1389998452c", "relationship--3d08b2fa-98b9-4ab4-a18d-ed57b21f2431", "relationship--2f3db87d-2e25-49fa-b7c3-1cad77428e91", "relationship--7266956a-65bd-4162-8ca7-23522d5711ff", "relationship--54ddf097-d537-4235-b0a4-8d70b879a6a1", "relationship--4edf3b4c-f5d4-44d7-bd85-51700a1bfe4c", "relationship--7f1e4cc8-cb3b-4e06-913f-a42a971464d6", "relationship--e1d5a770-94ac-4a43-8116-7bf9009dc56c", "relationship--237964aa-6d5d-4977-a333-f37d2e53f99d", "relationship--5a5d8a74-8f9c-4593-af5e-328802598244", "relationship--0d1087a5-5a31-40f6-bb0c-51f96e13f6c9", "relationship--46f7e0a0-db74-442c-86ce-49051414c055", "relationship--6bfaee44-f842-42e1-b549-460fe6449291", "relationship--6efa2af8-3ee2-4eec-aeb1-79b1c0d6a027", "relationship--8bed13f0-60f8-4fb6-b6e5-4dad03c9b5dd", "relationship--75c826c1-2027-4e49-8cc5-8bfc13d5d93c", "relationship--5eba95a8-4e38-4d6f-bfa1-63627e05666b", "relationship--dee394e6-b08b-45ca-9533-6849291cc4b3", "relationship--ee9971c2-bbea-43f8-9440-7de3a8583e49", "relationship--0b40f653-3ba0-4d78-85c9-d47c0b8c3dc0", "relationship--4e8fee04-9dde-44e1-9514-6a3074846064", "relationship--a4a7e109-bc93-4bdb-be22-598a27605594", "relationship--3a5fbef5-6627-4b4f-9d26-b153d5ea84c5", "relationship--4756daf3-96e0-4368-bf28-0db3ebeef773", "relationship--06c9234a-ede6-459c-a225-72670c898161", "relationship--455dac45-0e5e-4977-b64a-c601dc3bac59", "relationship--9582fa49-ca67-4dd0-9d40-685fa3423c39", "relationship--477b7cdd-8234-4479-9e6a-e52336f303f2", "relationship--c70329f8-e531-4241-9f57-d5a696dd4296", "relationship--bd15748a-966d-49b4-b398-3c14f4383bdd", "relationship--a87978bd-0032-42e4-a9ae-3fc5e36310b0", "relationship--2c39a97e-3142-4ce0-b5b5-6c4f23a22c67", "relationship--1312645d-b242-468d-b33c-c5f35c90cc2e", "relationship--f0d7839c-06b1-473e-a90f-5c4fb512d681", "relationship--509ce010-02b5-4c53-874e-52f345b0450d", "relationship--617d9868-3a87-4109-85f9-438d0c1af1e3", "relationship--a154e4fe-200f-4136-8fc7-28acedf0068e", "relationship--54ee966b-3900-40d9-913a-59ef9879aa9b", "relationship--a13e2ef1-e3d9-4739-80ea-967bf3ebf19e", "relationship--6394d3f5-4428-468b-acb3-03001322333e", "relationship--c6f7dd09-99ca-49cb-8e31-74dd60404309", "relationship--503bbea5-150b-4417-ae90-e8d36d737f26", "relationship--1b50729b-30c5-4ecd-99f0-f9921cfc9907", "relationship--3dd1b81b-df95-4906-9fc6-a18cfbdec03f", "relationship--3f7a6b81-b6b7-4639-8792-d0544b74856f", "relationship--3a56b153-acfd-4ce9-a177-1bd058a5b599", "relationship--c6f00007-9788-4e9c-ab78-deae53d4cb09", "relationship--178c5de6-2596-4f0e-aaac-290e45f5a13d", "relationship--422eed9d-3783-468d-a554-185b94fb77d0", "relationship--68af8418-833f-4c01-adb8-fa7e06068417", "relationship--7e4dfc14-5314-4923-9b27-b77a8031e831", "relationship--3543fc13-943c-4988-b06a-d708bc301f9f", "relationship--e9ce87cc-784e-4465-8634-6378b1f54fd4", "relationship--39601039-0ff7-4b64-b765-ceb829a01824", "relationship--777ef914-4a83-4cc2-ae9d-81785d16c5d9", "relationship--cc59a142-fe55-4623-a881-a211ca360b8a", "relationship--bfc37462-892f-41eb-b3df-c9bf77dd8252", "relationship--1a9b268c-2a79-49e4-82f5-681c9764ee94", "relationship--39abf1b2-11ae-4363-8adc-c59d71c0e26e", "relationship--d237965e-b403-4254-8601-9c59df12456e", "relationship--42f59cca-fe3f-4d93-853c-a9507cb8d24c", "relationship--581f9a89-d5eb-4f55-941f-f5ee9352ad0c", "relationship--84e2e177-b6f4-4854-abf7-ecb82ede9b2f", "relationship--c1ebcbdc-1f47-43fe-b79d-83da15ad19fb", "relationship--5b234b2a-d658-4e81-8531-12b32493e000", "relationship--31f4a958-c811-46c4-9ae0-183cf8df2576", "relationship--7432dbc7-9d05-480e-9acb-e11314116096", "relationship--5f0c327c-357f-4dbc-a8af-7ff776e154ca", "relationship--0b24a21f-514d-4d27-8d2c-32156d043184", "relationship--a27342ab-a03e-4757-ae89-2ffde0b8f402", "relationship--dad801a3-5baf-4f0f-9fcd-c7d9a378b02e", "relationship--f464a841-d58a-4be6-bdc9-3372f278b3ae", "relationship--ce9e79f6-ebe3-47ec-91ef-74d826c4e4e1", "relationship--c0afcece-4624-4c69-b428-32eba071bf5d", "relationship--1362b621-5bc5-4af1-9d28-9f541d9ad97e", "relationship--11fc50c8-9227-40ff-89ce-e8e08e89f435", "relationship--403c223a-39ce-4b24-8b03-c2055d878357", "relationship--031ea36e-e31b-462f-a08f-ddc067288a55", "relationship--9d72ba49-aa01-4db4-977e-7090b453ee2b", "relationship--de88036c-1754-4c3b-acfe-a8f209229e1e", "relationship--865c7419-790b-44e5-87cd-939635f4f76c", "relationship--3f570861-1177-4610-b488-0d40f23165f8", "relationship--31900f12-df88-477e-bdea-fa1b10490b27", "relationship--47bf8bd2-1d09-4221-88f3-bd6d735a72d7", "relationship--d68bc9bb-86d0-4531-bc14-d25671cd70cd", "relationship--c9d04d43-5625-48d2-9e92-2e4f67532957", "relationship--402a0993-14bf-45b1-9060-d850f933cc8c", "relationship--e183fc83-eca6-46d8-aa06-6e8c2bd7777a", "relationship--09be1e3b-f167-4a33-a1f7-e6039d124823", "relationship--f18295ab-8b3e-4acc-b341-3369b2cb90ed", "relationship--3ad80f94-7857-477e-ae9e-175d6a444c28", "relationship--ef1ca125-8fe8-4a9e-b2e8-de554c0e6053", "relationship--7d9b76e2-fe2e-4384-aa20-7d5947e703a9", "relationship--6b75d960-172e-4117-b337-cf04acd9414a", "relationship--43c71e87-b6da-48bb-8aed-a928458a68b8", "relationship--ca07f65e-101e-4b18-9cf2-79a920eae532", "relationship--eb73c002-7b2e-4a8b-b82b-2ed2670a4415", "relationship--b19eec31-e04e-474c-8d85-f57dce1302c2", "relationship--86fef05a-b8a1-49ba-96b7-ea302b571e27", "relationship--7b8a5b46-1285-437d-b4c2-71d73ae36f62", "relationship--a29e4db3-9460-4d22-833a-a730573d243d", "relationship--8dd194ee-1c6f-4d1f-bcf3-91717fd914b7", "relationship--bbb4804c-da20-4d70-8189-c6ce9bb1f0ef", "relationship--a9ea3fe9-10be-4056-8d50-91b48687152d", "relationship--dd1253a9-98a4-4934-a9c3-22a9d009c71c", "relationship--a2c771fd-56a2-466b-8220-606409603525", "relationship--d1ba8c49-8eca-4e30-95c9-8472fe4d2ab7", "relationship--862dc0d3-decb-4ac0-81e2-b03bc0d836cf", "relationship--0bd633e3-ddcc-4b38-b6e0-4772cab3d85d", "relationship--9ecd7295-71dd-402c-ae39-f3cca2b110f3", "relationship--9a944d4d-d08b-4870-b888-10aa82d4ec0f", "relationship--7ac2b0c1-f811-408f-8861-ef464c173b96", "relationship--2ccbdab4-d714-4726-bdc0-250f777d66db", "relationship--9f2cdce3-ddf2-44a4-8852-4d2031598efa", "relationship--d3f49444-0e60-43f6-a6de-0c2da6c37243", "relationship--852300be-74dc-4c38-92eb-3b97b402112a", "relationship--c45477ca-d27b-4103-8400-b49af8f75c07", "relationship--09ccac59-c56a-4dd0-8ad6-c82aac63f353", "relationship--a8684ae1-7f54-4817-ba3b-ba1260ee81dd", "relationship--091a5a67-5346-4faa-9e23-438a19704ee2", "relationship--a308f46c-45bc-48fa-9157-4708834e2f0f", "relationship--7f3ede63-9a24-47aa-9d4a-8429f39de152", "relationship--ba283e30-9171-465b-bca8-0e1de809da46", "relationship--ecaa0207-dc6c-499a-9664-f972f3c1e7e2", "relationship--9a676f84-491d-48b4-9adb-b6cd0647cd6a", "relationship--81436ad3-e4bc-436e-83d6-21ae8114b718", "relationship--3b49aacf-6125-431f-8f92-58e14c203dbd", "relationship--20bff1a8-0d7f-41bd-b828-454440ce268c", "relationship--374eca1d-b26c-4bc2-8b8d-dfb6bc0fb5aa", "relationship--788cf373-684f-4778-936e-78e951de236e", "relationship--7bbf38e1-9647-441b-a60f-1c28c13b8e84", "relationship--0036c408-abb0-4b50-8b3a-614024e492af", "relationship--e28817a5-d950-4a02-8c93-a0137b0a409c", "relationship--6774241d-9748-4a6e-b26d-fcb18048635e", "relationship--b1953fad-3a01-42ba-9780-c5850d6c10db", "relationship--9a73f904-1258-4482-b205-7f9a445aab4b", "relationship--a22e73d9-91bb-4bbc-8720-4c1a6f277a3d", "relationship--bd5d7683-4d33-460b-ab60-5cd1a5f1e014", "relationship--4a88cc28-95c2-4d99-a18a-fab30259d28d", "relationship--3097aa76-4892-4e43-b98c-fb8ce2044532", "relationship--7bae7be3-8f6f-4def-aa3a-ab424c7c71f1", "relationship--48b8e0c3-bbcd-4bf3-9453-f54f740b88c4", "relationship--6811d53f-2905-4e93-93d7-4d8d0693a4ce", "relationship--2493a49f-b277-4475-a44d-498ea77d5cbc", "relationship--01e265c8-8e79-4845-97ef-0180efac9e0c", "relationship--7a22ec34-24f4-468b-90d5-39dc637874cc", "relationship--2aafd984-9a94-4ca2-9b4f-43cf28ac044a", "relationship--46ec3d17-2a89-4ceb-b9d4-e1c4cfd04446", "relationship--6c4d3635-ccf6-4d31-ad15-cd43e13075b1", "relationship--9ff66be1-5525-4a4e-b640-8faae6747973", "relationship--0c0c8233-de3b-4664-8bb1-c0cdfaafeffa", "relationship--5d989b2e-4fe6-47ce-8ea0-f2ba0de9f785", "relationship--4276b979-6678-4948-b77b-1c88122ab4b8", "relationship--6cbee07a-c7b5-4c55-a070-8c84a79fc18e", "relationship--33d23f94-1a65-4354-b242-fe72387f4557", "relationship--cddac6c0-932f-438a-bad1-636f3068c905", "relationship--faf5fde3-4f94-475e-9209-3100c426ece9", "relationship--461f43bb-3c4b-4980-9393-0f405e7e84d5", "relationship--1d48ad60-24ba-4cc1-bbb1-24e0cbbc1ad2", "relationship--be943cab-1f23-4003-9650-21740ff3b12a", "relationship--35151e0a-de27-440d-9793-cbb59d8a9420", "relationship--c5e04c0f-ee65-4826-82e7-bd605fdec241", "relationship--4a6fa64a-9bb7-4ed2-b0b2-7d84d61bdb32", "relationship--4928ce85-7571-473a-a176-1854f1976526", "relationship--3ff673f0-b07e-471a-a508-b4b591b398bc", "relationship--90f0845e-0e57-4946-af64-577f02918f13", "relationship--5ea7f910-86e1-4aa9-89a7-35ebbc3cbe86", "relationship--d142e4f4-d781-4a40-91f9-ad6974744a97", "relationship--9db1dac5-0631-4524-9603-9b12d0520c55", "relationship--646269d3-2d93-454a-8db2-e893ad0dd0a8", "relationship--0e4a144b-88b6-42e3-9c00-c2722d25c86b", "relationship--70176638-d91e-4e04-b2d8-e5f582d74797", "relationship--e3eaac81-9201-49d2-b0e0-fea7734199ea", "relationship--d87425e5-1c19-48a2-9460-f3375ac57ff2", "relationship--f34137ba-6a9c-48eb-9271-3d3b5a398822", "relationship--7c60fe7c-4d31-42d5-934d-b5bfb211f024", "relationship--39bcbaba-1980-4271-b353-30cd9a6c2dac", "relationship--811ff14b-87b5-4250-83a6-40aaf86d8cb1", "relationship--f77ce733-4153-4ea6-b31b-24beb34311f9", "relationship--003f7d7c-7fe1-412f-90a0-5adfc10e44c2", "relationship--ba7e9b3a-168b-49f9-bf3f-48f03829e5fb", "relationship--b6f6af79-3a7c-4e8a-bbfc-1babef4ac925", "relationship--572dd252-ca29-44aa-827c-693f2efc5ba7", "relationship--e2a724ee-0527-4215-9a3e-4e6714c77435", "relationship--669efbed-b50d-47c7-8caa-a043c16defa8", "relationship--a270bb9c-437c-4547-ae44-dfff3eee01c5", "relationship--e4e96fd5-0831-4b00-8f7b-5e23aedf8a21", "relationship--201e89e4-da5f-40ef-a966-d08fc4c176f7", "relationship--3697284e-7e7d-402a-afc1-f1bb60b0ce64", "relationship--0e8d92d0-8531-4a7a-a21c-6213f104a820", "relationship--59f678cb-5b45-447f-bfec-f51fc7253447", "relationship--5126b973-ce51-47fb-98df-d72914a28b55", "relationship--eec87ede-ac5a-42eb-ad94-c840b2ac92ac", "relationship--c6603d47-5b92-4ac0-810a-7596e71a6668", "relationship--e6d20790-e1a7-4b1d-b954-b91b670dd50c", "relationship--7fb5700f-bcb2-4ed2-8d79-3fa6d1d51506", "relationship--d512f2bb-c1d6-469b-b962-4661416365d0", "relationship--6241bc00-604f-4f12-8b0e-5634c1a69289", "relationship--1ed0b202-5690-455a-a239-48b9e30a48a0", "relationship--ddbf32aa-e138-4f10-9ad8-e6a43131663a", "relationship--cac005e8-25cb-45b3-b993-46b5733869fc", "relationship--b77a699d-cabb-47d2-b27f-a07b97427ddd", "relationship--094545c9-1ecd-449a-aa37-cf85776623c4", "relationship--71496b06-7971-4e63-bc24-5a4a68d1073d", "relationship--1c09b7a4-4390-409d-bd7c-ca55ec60e9f0", "relationship--2540423d-d215-422b-9975-5ab821547407", "relationship--93f46692-86da-4edb-9de6-900e57c7b1e1", "relationship--c35f8d9f-620d-4dcc-bd74-3981266de9eb", "relationship--7167cf1a-73b0-4de5-870f-e1b975351035", "relationship--57118793-55c6-4ca9-a26c-d069563f23ec", "relationship--7b91e692-8179-43ae-9117-2ac754cce664", "relationship--9928a863-da46-4f4c-8f0e-2172b184df5a", "relationship--d0f9343f-b695-43e1-9434-a8d417d2b33d", "relationship--97e25c77-fd2e-46d0-8a80-a2c997a3a426", "relationship--a45efdd7-1929-44cf-8453-cf5827a45e8f", "relationship--96ea0b2b-b87c-4cf1-8c13-92b0319f3707", "relationship--5c7ff515-b118-4eb2-b980-a762a787d336", "relationship--fbf27887-3a72-4192-b238-0f4e424f7b68", "relationship--2d58e259-4b28-4e83-8f7a-3b48db8df7f9", "relationship--4f467efe-2f4b-443c-82d5-eb63f575507c", "relationship--41443f50-37f1-4d63-a655-3ae6afc09520", "relationship--e0dd5ded-33b2-4cc6-9b73-43420db2fdfb", "relationship--c81a76a6-7b95-4264-bf03-559157ea8c60", "relationship--d356b9eb-fe87-4b54-bc76-31ed3a539f85", "relationship--67a4a757-8a1f-4547-9189-88856e3c74fa", "relationship--7325ee55-73b1-4abb-8be4-6e3ba2e2698b", "relationship--8c79d74e-7d56-4ad0-a291-76fd3d88c05d", "relationship--d54bd7fa-ef7e-47cc-937c-d8222fc9805b", "relationship--12f20d62-9702-41dd-8f6e-ddd06f78f8b5", "relationship--fb2fb8f8-0056-4b37-865f-53826a03d32e", "relationship--049869f2-30ef-4131-a302-799f368d5a4e", "relationship--06f67ff8-1d4a-4015-ba1b-152c4abba86f", "relationship--48aded01-6961-4d20-adeb-97052cf678d0", "relationship--27224b1e-cdfc-4e61-8129-d7ae6b5061ac", "relationship--d815f7f0-e2f8-4912-8ed8-c21217bba5c8", "relationship--7e2d01a9-c3f6-4277-ad53-c0124ba060e8", "relationship--f7afbb52-2240-49ae-ada2-ae8db9c35af5", "relationship--ef3dca6a-b95d-4df5-8ed5-fac951ad9049", "relationship--7c845a82-d8e4-4ec3-9a46-84f26a29ae58", "relationship--472c5492-8262-41da-8822-39bc385e9881", "relationship--65cc1436-ef40-43b6-8e24-31ac8c7ac054", "relationship--effad57d-b9d1-4bd6-89f1-688f4289938b", "relationship--72cc1cef-be48-4992-9db4-ecc12e87a586"], "external_references": [{"source_name": "Malicious Chrome Extension IOC Database", "url": "https://github.com/The-Privacy-Commons-Institute/chrome-mal-ids"}]}]}