{ "type": "bundle", "id": "bundle--ae2f791a-60d9-458a-8668-c1e3a5fa37cf", "spec_version": "2.1", "created": "2026-06-11T23:57:51.198Z", "modified": "2026-06-11T23:57:51.198Z", "objects": [ { "type": "extension-definition", "id": "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4", "spec_version": "2.1", "created": "2022-08-02T19:34:35.143Z", "modified": "2022-08-02T19:34:35.143Z", "name": "Attack Flow", "description": "Extends STIX 2.1 with features to create Attack Flows.", "created_by_ref": "identity--fb9c968a-745b-4ade-9b25-c324172197f4", "schema": "https://center-for-threat-informed-defense.github.io/attack-flow/stix/attack-flow-schema-2.0.0.json", "version": "2.0.0", "extension_types": [ "new-sdo" ], "external_references": [ { "source_name": "Documentation", "description": "Documentation for Attack Flow", "url": "https://center-for-threat-informed-defense.github.io/attack-flow" }, { "source_name": "GitHub", "description": "Source code repository for Attack Flow", "url": "https://github.com/center-for-threat-informed-defense/attack-flow" } ] }, { "type": "identity", "id": "identity--fb9c968a-745b-4ade-9b25-c324172197f4", "spec_version": "2.1", "created": "2022-08-02T19:34:35.143Z", "modified": "2022-08-02T19:34:35.143Z", "created_by_ref": "identity--fb9c968a-745b-4ade-9b25-c324172197f4", "name": "MITRE Center for Threat-Informed Defense", "identity_class": "organization" }, { "type": "attack-flow", "id": "attack-flow--d2ec54a5-a9b4-44f2-b649-610ee72ccf2c", "spec_version": "2.1", "created": "2022-10-27T02:44:54.520Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "created_by_ref": "identity--72f43450-ca72-47da-88e0-d2f02046ac91", "start_refs": [ "attack-action--2a8b2d9c-c1cb-44e8-9c18-e146fdb28c3b", "attack-action--57dca417-5fce-4cb6-9392-c23d24ba8c83", "attack-action--0cf0c85b-c2e5-4dfd-9a92-547357784bd1", "attack-action--e51a777f-14ba-4aac-8e6d-d95b93389173", "attack-action--7a4205e1-043e-4c6d-8a9f-89f9a3a8ec83" ], "name": "Conti CISA Alert", "description": "Conti ransomware flow based on CISA alert.", "scope": "malware", "external_references": [ { "source_name": "CISA", "description": "Alert", "url": "https://www.cisa.gov/news-events/alerts/2021/09/22/conti-ransomware" } ] }, { "type": "identity", "id": "identity--72f43450-ca72-47da-88e0-d2f02046ac91", "spec_version": "2.1", "created": "2026-06-11T23:57:51.198Z", "modified": "2026-06-11T23:57:51.198Z", "name": "Dr. Desiree Beck", "contact_information": "dbeck@mitre.org" }, { "type": "attack-action", "id": "attack-action--2a8b2d9c-c1cb-44e8-9c18-e146fdb28c3b", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Spearphishing Attachment", "description": "Malicious Microsoft Excel file is attached to a phishing email.", "effect_refs": [ "attack-operator--7686e85f-53e7-4e22-b799-cd068137d4c8" ], "asset_refs": [ "attack-asset--14a9c069-abae-41d2-8615-8ca20ba0ca68", "attack-asset--12823850-2efb-44c5-be26-ac34703683b8" ] }, { "type": "attack-asset", "id": "attack-asset--14a9c069-abae-41d2-8615-8ca20ba0ca68", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "User of Patient Zero workstation", "description": "The user compromised by the spearfishing email." }, { "type": "attack-action", "id": "attack-action--803b8f27-1c9b-4d83-b155-b443b69672f8", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Malicious File", "description": "User of the Patient Zero Workstation clicks on malicious Excel file, compromising the workstation.", "effect_refs": [ "attack-operator--ee2f9478-ca65-4b3c-9c77-77cd2a277a91" ] }, { "type": "attack-action", "id": "attack-action--08dfcf4a-96c4-487e-8531-3ddd7fbb6e70", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Kerberoasting", "description": "Actors use Kerberos attacks to attempt to get the Admin hash to conduct brute force attacks.", "effect_refs": [ "attack-condition--223e9388-26aa-4cd7-88a3-bc192aa13622" ] }, { "type": "attack-action", "id": "attack-action--4c0e9ba3-e5ad-4215-8b41-6636f9ec90b2", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Lateral Movement", "tactic_id": "TA0008", "tactic_ref": "x-mitre-tactic--7141578b-e50b-4dcc-bfa4-08a8dd689e9e", "description": "Lateral movement to 1 statutory and 6 voluntary hospitals", "effect_refs": [ "attack-condition--623bc1c8-fc38-4a2d-a3d0-d925f073af53" ] }, { "type": "attack-action", "id": "attack-action--fda03654-388a-45e1-b3c5-36a0593aec6d", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Data Encrypted for Impact", "tactic_id": "TA0040", "tactic_ref": "x-mitre-tactic--5569339b-94c2-49ee-afb3-2222936582c8", "technique_id": "T1486", "technique_ref": "attack-pattern--b80d107d-fa0d-4b60-9684-b0433e8bdba0", "description": "Threat actors encrypt sensitive data by detonating Conti ransomware.", "asset_refs": [ "attack-asset--bce29a7e-123b-4e98-a7ae-f3590236d856" ] }, { "type": "attack-asset", "id": "attack-asset--6c3bf979-882d-49ad-8cb5-43a59f42d32e", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Exfiltrated Data", "description": "Data exfiltrated by threat actor." }, { "type": "attack-action", "id": "attack-action--8956f5e4-bfaf-4709-83fa-309275967a30", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Exfiltration", "tactic_id": "TA0010", "tactic_ref": "x-mitre-tactic--9a4e74ab-5008-408c-84bf-a10dfbc53462", "description": "Threat actors often use the open-source Rclone command line program for data exfiltration, such as Rclone.", "asset_refs": [ "attack-asset--6c3bf979-882d-49ad-8cb5-43a59f42d32e" ] }, { "type": "attack-asset", "id": "attack-asset--bce29a7e-123b-4e98-a7ae-f3590236d856", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Encrypted Data", "description": "Data encrypted by Conti ransomware." }, { "type": "attack-condition", "id": "attack-condition--f8f14cd5-8cb3-41eb-a7de-d13c92afd312", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "description": "User of Patient Zero workstation is compromised" }, { "type": "attack-condition", "id": "attack-condition--a32b0dae-0b41-472b-9c23-fd234955beca", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "description": "Patient Zero workstation is compromised" }, { "type": "attack-action", "id": "attack-action--57dca417-5fce-4cb6-9392-c23d24ba8c83", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Fake Software", "description": "Fake software promoted via search engine optimization", "effect_refs": [ "attack-operator--7686e85f-53e7-4e22-b799-cd068137d4c8" ], "asset_refs": [ "attack-asset--14a9c069-abae-41d2-8615-8ca20ba0ca68" ] }, { "type": "attack-action", "id": "attack-action--0cf0c85b-c2e5-4dfd-9a92-547357784bd1", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Social Engineering", "description": "Actors may get user information via phone calls", "effect_refs": [ "attack-operator--7686e85f-53e7-4e22-b799-cd068137d4c8" ], "asset_refs": [ "attack-asset--14a9c069-abae-41d2-8615-8ca20ba0ca68" ] }, { "type": "attack-action", "id": "attack-action--e51a777f-14ba-4aac-8e6d-d95b93389173", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Spearphishing Link", "description": "Malicious Microsoft Excel file is attached to a phishing email.", "effect_refs": [ "attack-operator--7686e85f-53e7-4e22-b799-cd068137d4c8" ], "asset_refs": [ "attack-asset--14a9c069-abae-41d2-8615-8ca20ba0ca68" ] }, { "type": "attack-operator", "id": "attack-operator--7686e85f-53e7-4e22-b799-cd068137d4c8", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "operator": "OR", "effect_refs": [ "attack-condition--f8f14cd5-8cb3-41eb-a7de-d13c92afd312" ] }, { "type": "attack-asset", "id": "attack-asset--12823850-2efb-44c5-be26-ac34703683b8", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Microsoft Office document", "description": "The document is a downloader-dropper. Examples include Cobalt Strike, IcedID, and TrickBot." }, { "type": "attack-action", "id": "attack-action--8c673d05-35b9-4563-a19c-612225ba58f2", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Valid Accounts", "tactic_id": "TA0001", "tactic_ref": "x-mitre-tactic--ffd5bcee-6e16-4dd2-8eca-7b3beedf33ca", "technique_id": "T1078", "technique_ref": "attack-pattern--b17a1a56-e99c-403c-8948-561df0cffe81", "description": "User reveals credentials", "asset_refs": [ "attack-asset--b25c46f7-e302-4bcc-a75f-7b97913dedeb" ], "effect_refs": [ "attack-operator--ee2f9478-ca65-4b3c-9c77-77cd2a277a91" ] }, { "type": "attack-asset", "id": "attack-asset--b25c46f7-e302-4bcc-a75f-7b97913dedeb", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "User credentials", "description": "User credentials for a valid account" }, { "type": "attack-action", "id": "attack-action--7a4205e1-043e-4c6d-8a9f-89f9a3a8ec83", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Remote Desktop Protocol", "description": "Stolen or weak Remote Desktop Protocol (RDP) credentials", "asset_refs": [ "attack-asset--ad245cbc-08a4-4a73-a0fd-cd49205b5721" ], "effect_refs": [ "attack-operator--ee2f9478-ca65-4b3c-9c77-77cd2a277a91" ] }, { "type": "attack-asset", "id": "attack-asset--ad245cbc-08a4-4a73-a0fd-cd49205b5721", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "RDP account", "description": "Compromised RDP account" }, { "type": "attack-action", "id": "attack-action--11575ef5-332b-4719-9283-ad0988becfef", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Process Discovery", "tactic_id": "TA0007", "tactic_ref": "x-mitre-tactic--c17c5845-175e-4421-9713-829d0573dbc9", "technique_id": "T1057", "technique_ref": "attack-pattern--8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "description": "Actors run a getuid payload before using a more aggressive payload to reduce the risk of triggering antivirus engines.", "effect_refs": [ "attack-operator--ad5f81ee-b495-4efb-b6f9-d62fe07cfe0b" ] }, { "type": "attack-action", "id": "attack-action--e972b38b-5e0c-43f6-a578-f904dab23a64", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Brute Force", "tactic_id": "TA0006", "tactic_ref": "x-mitre-tactic--2558fd61-8c75-4730-94c4-11926db2a263", "technique_id": "T1110", "technique_ref": "attack-pattern--a93494bb-4b80-4ea1-8695-3236a49916fd", "description": "Use Router Scan, a penetration testing tool, to maliciously scan for and brute force [T1110] routers, cameras, and network-attached storage devices with web interfaces.", "effect_refs": [ "attack-operator--ad5f81ee-b495-4efb-b6f9-d62fe07cfe0b" ] }, { "type": "attack-operator", "id": "attack-operator--ee2f9478-ca65-4b3c-9c77-77cd2a277a91", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "operator": "OR", "effect_refs": [ "attack-condition--a32b0dae-0b41-472b-9c23-fd234955beca" ] }, { "type": "attack-condition", "id": "attack-condition--060bac6c-30cd-4cef-93e2-04c1939f3fc2", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "description": "HSE Server is compromised" }, { "type": "attack-operator", "id": "attack-operator--ad5f81ee-b495-4efb-b6f9-d62fe07cfe0b", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "operator": "OR", "effect_refs": [ "attack-condition--060bac6c-30cd-4cef-93e2-04c1939f3fc2" ] }, { "type": "attack-action", "id": "attack-action--51d84486-8f49-40aa-a3ef-65ab544dff0f", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Brute Force", "tactic_id": "TA0006", "tactic_ref": "x-mitre-tactic--2558fd61-8c75-4730-94c4-11926db2a263", "technique_id": "T1110", "technique_ref": "attack-pattern--a93494bb-4b80-4ea1-8695-3236a49916fd", "description": "Actors get the Admin hash to conduct brute force attacks.", "effect_refs": [ "attack-operator--ad5f81ee-b495-4efb-b6f9-d62fe07cfe0b" ] }, { "type": "attack-action", "id": "attack-action--2a78a7b6-4cf3-4a8e-9856-e34935a18dbd", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Persistence", "tactic_id": "TA0003", "tactic_ref": "x-mitre-tactic--5bc1d813-693e-4823-9961-abf9af4b0e92", "description": "Threat actors exploit legitimate software to maintain persistence.", "asset_refs": [ "attack-asset--68bf90ee-2a96-48e3-8acc-cb3068e20db0" ] }, { "type": "attack-asset", "id": "attack-asset--68bf90ee-2a96-48e3-8acc-cb3068e20db0", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Software", "description": "Remote desktop software or remote monitoring and management software." }, { "type": "attack-action", "id": "attack-action--9955f520-81f0-4826-a04f-e29c222cf214", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Privilege Escalation", "tactic_id": "TA0004", "tactic_ref": "x-mitre-tactic--5e29b093-294e-49e9-a803-dab3d73b77dd", "description": "Threat actors use tools already on the victim network to obtain users' hashes and clear-text credentials", "effect_refs": [ "attack-condition--1a4cb2c8-008f-4bec-8659-6a4cccb638b4" ] }, { "type": "attack-action", "id": "attack-action--21b2ccee-d3ed-4866-b931-87c37f98dc93", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Exploitation for Client Execution", "tactic_id": "TA0002", "tactic_ref": "x-mitre-tactic--4ca45d45-df4d-4613-8980-bac22d278fa5", "technique_id": "T1203", "technique_ref": "attack-pattern--be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "description": "Threat actors exploit vulnerabilities in unpatched assets to escalate privileges and move laterally.", "effect_refs": [ "attack-condition--759ddb9f-c0a6-4fa4-bc83-f20a4ae8ea35" ] }, { "type": "attack-condition", "id": "attack-condition--759ddb9f-c0a6-4fa4-bc83-f20a4ae8ea35", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "description": "Network Asset A is compromised" }, { "type": "attack-condition", "id": "attack-condition--1a4cb2c8-008f-4bec-8659-6a4cccb638b4", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "description": "Network Asset B is compromised" }, { "type": "attack-condition", "id": "attack-condition--623bc1c8-fc38-4a2d-a3d0-d925f073af53", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "description": "Network Asset C is compromised" }, { "type": "attack-condition", "id": "attack-condition--223e9388-26aa-4cd7-88a3-bc192aa13622", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "description": "Admin hash is compromised" }, { "type": "attack-action", "id": "attack-action--c3c4d3ba-ee40-437d-92a7-224bdb5cfaa0", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Privilege Escalation", "tactic_id": "TA0004", "tactic_ref": "x-mitre-tactic--5e29b093-294e-49e9-a803-dab3d73b77dd", "description": "Threat actors exploit vulnerabilities in unpatched asset to escalate privileges.", "effect_refs": [ "attack-condition--1a4cb2c8-008f-4bec-8659-6a4cccb638b4" ] }, { "type": "relationship", "id": "relationship--423f15c8-584f-44f5-8826-aa62a39fda0d", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--f8f14cd5-8cb3-41eb-a7de-d13c92afd312", "target_ref": "attack-action--803b8f27-1c9b-4d83-b155-b443b69672f8" }, { "type": "relationship", "id": "relationship--06d6403d-1df6-442e-ab26-22f15ccd8067", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--f8f14cd5-8cb3-41eb-a7de-d13c92afd312", "target_ref": "attack-action--8c673d05-35b9-4563-a19c-612225ba58f2" }, { "type": "relationship", "id": "relationship--fa5482ea-0ce4-4cea-a5d7-62bcd48b93ea", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--a32b0dae-0b41-472b-9c23-fd234955beca", "target_ref": "attack-action--11575ef5-332b-4719-9283-ad0988becfef" }, { "type": "relationship", "id": "relationship--b0294281-0a06-4312-b8fe-c5c5f346e242", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--a32b0dae-0b41-472b-9c23-fd234955beca", "target_ref": "attack-action--08dfcf4a-96c4-487e-8531-3ddd7fbb6e70" }, { "type": "relationship", "id": "relationship--87a0fee5-f373-4031-aaa9-7f89521f085f", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--a32b0dae-0b41-472b-9c23-fd234955beca", "target_ref": "attack-action--e972b38b-5e0c-43f6-a578-f904dab23a64" }, { "type": "relationship", "id": "relationship--c4d4046d-5c57-4433-a959-96df400f6a0e", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--060bac6c-30cd-4cef-93e2-04c1939f3fc2", "target_ref": "attack-action--2a78a7b6-4cf3-4a8e-9856-e34935a18dbd" }, { "type": "relationship", "id": "relationship--1572a17d-0a1a-4ed8-a540-9345d87abd43", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--060bac6c-30cd-4cef-93e2-04c1939f3fc2", "target_ref": "attack-action--9955f520-81f0-4826-a04f-e29c222cf214" }, { "type": "relationship", "id": "relationship--87945a83-30da-463d-b031-9dce58ebe759", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--060bac6c-30cd-4cef-93e2-04c1939f3fc2", "target_ref": "attack-action--21b2ccee-d3ed-4866-b931-87c37f98dc93" }, { "type": "relationship", "id": "relationship--927687f3-6657-411c-ad8a-35785ce3c0f2", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--759ddb9f-c0a6-4fa4-bc83-f20a4ae8ea35", "target_ref": "attack-action--c3c4d3ba-ee40-437d-92a7-224bdb5cfaa0" }, { "type": "relationship", "id": "relationship--a4a1198e-092f-4cfc-b937-ac0ab3e8a4a0", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--1a4cb2c8-008f-4bec-8659-6a4cccb638b4", "target_ref": "attack-action--fda03654-388a-45e1-b3c5-36a0593aec6d" }, { "type": "relationship", "id": "relationship--fb57f060-f68b-43d0-9a9d-ebb2955e28aa", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--1a4cb2c8-008f-4bec-8659-6a4cccb638b4", "target_ref": "attack-action--8956f5e4-bfaf-4709-83fa-309275967a30" }, { "type": "relationship", "id": "relationship--e0af17c1-c801-450b-a741-53a7f0205ea5", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--1a4cb2c8-008f-4bec-8659-6a4cccb638b4", "target_ref": "attack-action--4c0e9ba3-e5ad-4215-8b41-6636f9ec90b2" }, { "type": "relationship", "id": "relationship--093194bd-5889-4393-989f-1666a4a8b445", "spec_version": "2.1", "created": "2026-06-11T23:57:51.199Z", "modified": "2026-06-11T23:57:51.199Z", "relationship_type": "related-to", "source_ref": "attack-condition--223e9388-26aa-4cd7-88a3-bc192aa13622", "target_ref": "attack-action--51d84486-8f49-40aa-a3ef-65ab544dff0f" } ] }