diff --git a/clusters/android.json b/clusters/android.json index 4dadc9f..c84eeae 100644 --- a/clusters/android.json +++ b/clusters/android.json @@ -138,13 +138,6 @@ ] }, "related": [ - { - "dest-uuid": "a6f481fe-b6db-4507-bb3c-28f10d800e2f", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "b8fa5036-813f-4887-b4d4-bb17b4a7eba0", "tags": [ @@ -3802,7 +3795,7 @@ }, "related": [ { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -3821,41 +3814,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", @@ -4605,15 +4563,6 @@ "https://researchcenter.paloaltonetworks.com/2018/04/unit42-henbox-inside-coop/" ] }, - "related": [ - { - "dest-uuid": "36ee04f4-a9df-11e8-b92b-d7ddfd3a8896", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "72c37e24-4ead-11e8-8f08-db3ec8f8db86§", "value": "HenBox" }, @@ -4676,5 +4625,5 @@ "value": "Triout" } ], - "version": 15 + "version": 16 } diff --git a/clusters/banker.json b/clusters/banker.json index 8820196..0937e4f 100644 --- a/clusters/banker.json +++ b/clusters/banker.json @@ -99,26 +99,12 @@ ], "type": "similar" }, - { - "dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "66781866-f064-467d-925d-5e5f290352f0", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e", @@ -200,13 +186,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "0f96a666-bf26-44e0-8ad6-f2136208c924", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "ffbbbc14-1cdb-4be9-a631-ed53c5407369", @@ -241,13 +220,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "ffbbbc14-1cdb-4be9-a631-ed53c5407369", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "0f96a666-bf26-44e0-8ad6-f2136208c924", @@ -480,13 +452,6 @@ ] }, "related": [ - { - "dest-uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "75f53ead-1aee-4f91-8cb9-b4170d747cfc", "tags": [ @@ -559,20 +524,6 @@ ], "type": "similar" }, - { - "dest-uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "66781866-f064-467d-925d-5e5f290352f0", "tags": [ @@ -643,13 +594,6 @@ ], "type": "similar" }, - { - "dest-uuid": "6e1168e6-7768-4fa2-951f-6d6934531633", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549", "tags": [ @@ -757,13 +701,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "e159c4f8-3c22-49f9-a60a-16588a9c22b0", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "87b69cb4-8b65-47ee-91b0-9b1decdd5c5c", @@ -1000,13 +937,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "87b69cb4-8b65-47ee-91b0-9b1decdd5c5c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "e159c4f8-3c22-49f9-a60a-16588a9c22b0", @@ -1244,5 +1174,5 @@ "value": "CamuBot" } ], - "version": 14 + "version": 15 } diff --git a/clusters/botnet.json b/clusters/botnet.json index dee8b15..e7d9206 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -195,20 +195,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "b2ec1f16-2a76-4910-adc5-ecb3570e7c1a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "6e1168e6-7768-4fa2-951f-6d6934531633", @@ -721,6 +707,13 @@ ], "type": "similar" }, + { + "dest-uuid": "17e12216-a303-4a00-8283-d3fe92d0934c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc", "tags": [ @@ -734,13 +727,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "variant-of" - }, - { - "dest-uuid": "17e12216-a303-4a00-8283-d3fe92d0934c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "fcdfd4af-da35-49a8-9610-19be8a487185", @@ -877,6 +863,13 @@ ] }, "related": [ + { + "dest-uuid": "ec67f206-6464-48cf-a012-3cdfc1278488", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "fcdfd4af-da35-49a8-9610-19be8a487185", "tags": [ @@ -897,13 +890,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "variant-of" - }, - { - "dest-uuid": "ec67f206-6464-48cf-a012-3cdfc1278488", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc", @@ -1151,5 +1137,5 @@ "value": "Persirai" } ], - "version": 16 + "version": 17 } diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json index fb1d618..dc5cd8c 100644 --- a/clusters/exploit-kit.json +++ b/clusters/exploit-kit.json @@ -280,20 +280,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "5594b171-32ec-4145-b712-e7701effffdd", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "5eee35b6-bd21-4b67-b198-e9320fcf2c88", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c", @@ -761,5 +747,5 @@ "value": "Unknown" } ], - "version": 11 + "version": 12 } diff --git a/clusters/malpedia.json b/clusters/malpedia.json index 96995cd..000dd6b 100644 --- a/clusters/malpedia.json +++ b/clusters/malpedia.json @@ -497,13 +497,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "fbda9705-677b-4c5b-9b0b-13b52eff587c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "a6f481fe-b6db-4507-bb3c-28f10d800e2f", @@ -2814,13 +2807,6 @@ ], "type": "similar" }, - { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "tags": [ @@ -2842,26 +2828,12 @@ ], "type": "similar" }, - { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", @@ -5282,6 +5254,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "16794655-c0e2-4510-9169-f862df104045", @@ -7483,20 +7462,6 @@ "type": [] }, "related": [ - { - "dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "66781866-f064-467d-925d-5e5f290352f0", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e", "tags": [ @@ -7505,7 +7470,7 @@ "type": "similar" }, { - "dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a", + "dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -8296,20 +8261,6 @@ ], "type": "similar" }, - { - "dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a", "tags": [ @@ -9560,13 +9511,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "cd201689-4bf1-4c5b-ac4d-21c4dcc39e7d", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "4166ab63-24b0-4448-92ea-21c8deef978d", @@ -9611,13 +9555,6 @@ "type": [] }, "related": [ - { - "dest-uuid": "083bb47b-02c8-4423-81a2-f9ef58572974", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "d7183f66-59ec-4803-be20-237b442259fc", "tags": [ @@ -10718,6 +10655,13 @@ "type": [] }, "related": [ + { + "dest-uuid": "2a16a1d4-a098-4f17-80f3-3cfc6c60b539", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "74167065-90b3-4c29-807a-79b6f098e45b", "tags": [ @@ -14002,13 +13946,6 @@ ], "type": "similar" }, - { - "dest-uuid": "4166ab63-24b0-4448-92ea-21c8deef978d", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "652b5242-b790-4695-ad0e-b79bbf78f351", "tags": [ @@ -14477,13 +14414,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "6e1168e6-7768-4fa2-951f-6d6934531633", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549", @@ -16077,7 +16007,7 @@ "type": "similar" }, { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -16103,27 +16033,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", @@ -17671,13 +17580,6 @@ "type": [] }, "related": [ - { - "dest-uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "75f53ead-1aee-4f91-8cb9-b4170d747cfc", "tags": [ @@ -19978,5 +19880,5 @@ "value": "Zyklon" } ], - "version": 1650 + "version": 1651 } diff --git a/clusters/mitre-enterprise-attack-intrusion-set.json b/clusters/mitre-enterprise-attack-intrusion-set.json index bfacbdb..b256c4b 100644 --- a/clusters/mitre-enterprise-attack-intrusion-set.json +++ b/clusters/mitre-enterprise-attack-intrusion-set.json @@ -290,6 +290,13 @@ ] }, "related": [ + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", "tags": [ @@ -297,6 +304,13 @@ ], "type": "similar" }, + { + "dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "tags": [ @@ -350,6 +364,13 @@ ], "type": "similar" }, + { + "dest-uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0", "tags": [ @@ -659,6 +680,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "tags": [ @@ -810,6 +838,13 @@ ], "type": "similar" }, + { + "dest-uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "519630c5-f03f-4882-825c-3af924935817", "tags": [ @@ -884,6 +919,13 @@ ] }, "related": [ + { + "dest-uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", "tags": [ @@ -1179,6 +1221,13 @@ ], "type": "similar" }, + { + "dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", "tags": [ @@ -1343,6 +1392,13 @@ ] }, "related": [ + { + "dest-uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", "tags": [ @@ -1468,6 +1524,13 @@ ], "type": "similar" }, + { + "dest-uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", "tags": [ @@ -2059,6 +2122,20 @@ ] }, "related": [ + { + "dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", "tags": [ @@ -2159,6 +2236,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -2257,6 +2341,13 @@ ] }, "related": [ + { + "dest-uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", "tags": [ @@ -2460,5 +2551,5 @@ "value": "Gamaredon Group - G0047" } ], - "version": 6 + "version": 7 } diff --git a/clusters/mitre-enterprise-attack-malware.json b/clusters/mitre-enterprise-attack-malware.json index 4130409..1306a7d 100644 --- a/clusters/mitre-enterprise-attack-malware.json +++ b/clusters/mitre-enterprise-attack-malware.json @@ -370,13 +370,6 @@ ], "type": "similar" }, - { - "dest-uuid": "c04fc02e-f35a-44b6-a9b0-732bf2fc551a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -1560,6 +1553,27 @@ ], "type": "similar" }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", "tags": [ @@ -1869,6 +1883,13 @@ ], "type": "similar" }, + { + "dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7", "tags": [ @@ -3620,6 +3641,13 @@ ], "type": "similar" }, + { + "dest-uuid": "0a52e73b-d7e9-45ae-9bda-46568f753931", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -4007,48 +4035,6 @@ ], "type": "similar" }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -4630,6 +4616,13 @@ ], "type": "similar" }, + { + "dest-uuid": "da079741-05e6-458c-b434-011263dc691c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", "tags": [ @@ -5821,13 +5814,6 @@ ] }, "related": [ - { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "tags": [ @@ -5849,20 +5835,6 @@ ], "type": "similar" }, - { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", "tags": [ @@ -5913,5 +5885,5 @@ "value": "ELMER - S0064" } ], - "version": 7 + "version": 8 } diff --git a/clusters/mitre-intrusion-set.json b/clusters/mitre-intrusion-set.json index 88298f5..c71799d 100644 --- a/clusters/mitre-intrusion-set.json +++ b/clusters/mitre-intrusion-set.json @@ -177,6 +177,13 @@ "uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff" }, "related": [ + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", "tags": [ @@ -184,6 +191,13 @@ ], "type": "similar" }, + { + "dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "tags": [ @@ -228,6 +242,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "Deep Panda" @@ -418,6 +439,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "tags": [ @@ -495,6 +523,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "Moafee" @@ -555,6 +590,13 @@ "uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a" }, "related": [ + { + "dest-uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", "tags": [ @@ -663,6 +705,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "Naikon" @@ -728,6 +777,13 @@ "uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd" }, "related": [ + { + "dest-uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", "tags": [ @@ -849,6 +905,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "FIN7" @@ -1017,6 +1080,27 @@ ], "type": "similar" }, + { + "dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", "tags": [ @@ -1024,12 +1108,54 @@ ], "type": "similar" }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "47204403-34c9-4d25-a006-296a0939d1a2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "OilRig" @@ -1295,6 +1421,13 @@ "uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973" }, "related": [ + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", "tags": [ @@ -1302,6 +1435,13 @@ ], "type": "similar" }, + { + "dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "tags": [ @@ -1326,6 +1466,13 @@ "uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c" }, "related": [ + { + "dest-uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", "tags": [ @@ -1431,5 +1578,5 @@ "value": "Gamaredon Group" } ], - "version": 7 + "version": 8 } diff --git a/clusters/mitre-malware.json b/clusters/mitre-malware.json index 65d5f46..3a5e96e 100644 --- a/clusters/mitre-malware.json +++ b/clusters/mitre-malware.json @@ -263,13 +263,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "c04fc02e-f35a-44b6-a9b0-732bf2fc551a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "value": "Backdoor.Oldrea" @@ -458,6 +451,27 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "Komplex" @@ -1025,6 +1039,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "PoisonIvy" @@ -1887,48 +1908,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "value": "CORESHELL" @@ -2172,6 +2151,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "da079741-05e6-458c-b434-011263dc691c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "ComRAT" @@ -2781,13 +2767,6 @@ "uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2" }, "related": [ - { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "tags": [ @@ -2809,20 +2788,6 @@ ], "type": "similar" }, - { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", "tags": [ @@ -2852,5 +2817,5 @@ "value": "ELMER" } ], - "version": 6 + "version": 7 } diff --git a/clusters/mitre-mobile-attack-intrusion-set.json b/clusters/mitre-mobile-attack-intrusion-set.json index 5ab4d71..2d563f4 100644 --- a/clusters/mitre-mobile-attack-intrusion-set.json +++ b/clusters/mitre-mobile-attack-intrusion-set.json @@ -32,56 +32,14 @@ }, "related": [ { - "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", + "dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", + "dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -92,5 +50,5 @@ "value": "APT28 - G0007" } ], - "version": 5 + "version": 6 } diff --git a/clusters/mitre-pre-attack-intrusion-set.json b/clusters/mitre-pre-attack-intrusion-set.json index e75f561..da45a89 100644 --- a/clusters/mitre-pre-attack-intrusion-set.json +++ b/clusters/mitre-pre-attack-intrusion-set.json @@ -131,6 +131,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "tags": [ @@ -326,5 +333,5 @@ "value": "APT17 - G0025" } ], - "version": 5 + "version": 6 } diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 361537d..e30837d 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -3290,15 +3290,6 @@ "https://www.bleepingcomputer.com/news/security/new-bip-dharma-ransomware-variant-released/" ] }, - "related": [ - { - "dest-uuid": "15a30d84-4f5f-4b75-a162-e36107d30215", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "2b365b2c-4a9a-4b66-804d-3b2d2814fe7b", "value": "Dharma Ransomware" }, @@ -9483,15 +9474,6 @@ "CrySiS" ] }, - "related": [ - { - "dest-uuid": "2b365b2c-4a9a-4b66-804d-3b2d2814fe7b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "15a30d84-4f5f-4b75-a162-e36107d30215", "value": "Virus-Encoder" }, @@ -9891,6 +9873,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "00c31914-bc0e-11e8-8241-3ff3b5e4671d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "e8af6388-6575-4812-94a8-9df1567294c5", @@ -11119,5 +11108,5 @@ "value": "SAVEfiles" } ], - "version": 38 + "version": 39 } diff --git a/clusters/rat.json b/clusters/rat.json index 4a142b0..fa74895 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -105,6 +105,13 @@ ], "type": "similar" }, + { + "dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7", "tags": [ @@ -1827,6 +1834,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "da079741-05e6-458c-b434-011263dc691c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "9223bf17-7e32-4833-9574-9ffd8c929765", @@ -3035,6 +3049,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "0a52e73b-d7e9-45ae-9bda-46568f753931", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "e0bea149-2def-484f-b658-f782a4f94815", diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 217c6c1..db1a795 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -127,6 +127,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "a653431d-6a5e-4600-8ad3-609b5af57064", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c", @@ -476,7 +483,14 @@ "type": "similar" }, { - "dest-uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10", + "dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -628,13 +642,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "24110866-cb22-4c85-a7d2-0413e126694b", @@ -1111,15 +1118,6 @@ "Royal APT" ] }, - "related": [ - { - "dest-uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8", "value": "Mirage" }, @@ -1542,6 +1540,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", @@ -1613,6 +1618,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", @@ -1718,6 +1730,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "f98bac6b-12fd-4cad-be84-c84666932232", @@ -1867,6 +1886,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "f873db71-3d53-41d5-b141-530675ade27a", @@ -1955,6 +1981,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "tags": [ @@ -3641,6 +3674,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "47204403-34c9-4d25-a006-296a0939d1a2", @@ -4587,6 +4627,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "tags": [ @@ -5616,29 +5663,6 @@ "https://www.cfr.org/interactive/cyber-operations/winnti-umbrella" ] }, - "related": [ - { - "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10", "value": "Winnti Umbrella" }, @@ -5658,15 +5682,6 @@ "https://www.cfr.org/interactive/cyber-operations/henbox" ] }, - "related": [ - { - "dest-uuid": "72c37e24-4ead-11e8-8f08-db3ec8f8db86§", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "36ee04f4-a9df-11e8-b92b-d7ddfd3a8896", "value": "HenBox" }, @@ -5825,15 +5840,6 @@ "the Rocra" ] }, - "related": [ - { - "dest-uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "same-as" - } - ], "uuid": "358b8982-bcaa-11e8-8a5b-4b618197c5b0", "value": "Red October" }, @@ -5857,15 +5863,6 @@ "https://www.cfr.org/interactive/cyber-operations/cloud-atlas" ] }, - "related": [ - { - "dest-uuid": "358b8982-bcaa-11e8-8a5b-4b618197c5b0", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "same-as" - } - ], "uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126", "value": "Cloud Atlas" }, @@ -5930,15 +5927,6 @@ }, { "description": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs, to steal cash equivalent to tens of millions of dollars. FBI has attributed malware used in this campaign to the North Korean government. We expect FASTCash to continue targeting retail payment systems vulnerable to remote exploitation.", - "related": [ - { - "dest-uuid": "e306fe62-c708-11e8-89f2-073e396e5403", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "e38d32a2-c708-11e8-8785-472c4cfccd85", "value": "FASTCash" }, diff --git a/clusters/tool.json b/clusters/tool.json index 3e30385..1465e42 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -160,6 +160,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54", @@ -833,6 +840,20 @@ ] }, "related": [ + { + "dest-uuid": "9223bf17-7e32-4833-9574-9ffd8c929765", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "d9cc15f7-0880-4ae4-8df4-87c58338d6b8", "tags": [ @@ -1167,7 +1188,7 @@ "type": "similar" }, { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -1188,14 +1209,14 @@ "type": "similar" }, { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", + "dest-uuid": "75c79f95-4c84-4650-9158-510f0ce4831d", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", + "dest-uuid": "f108215f-3487-489d-be8b-80e346d32518", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -1259,14 +1280,21 @@ "type": "similar" }, { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "dest-uuid": "75c79f95-4c84-4650-9158-510f0ce4831d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f108215f-3487-489d-be8b-80e346d32518", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -1358,14 +1386,21 @@ "type": "similar" }, { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "dest-uuid": "75c79f95-4c84-4650-9158-510f0ce4831d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f108215f-3487-489d-be8b-80e346d32518", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -2231,6 +2266,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "652b5242-b790-4695-ad0e-b79bbf78f351", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "ff0404a1-465f-4dd5-8b66-ee773628ca64", @@ -2659,6 +2701,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a", "tags": [ @@ -2667,7 +2716,7 @@ "type": "similar" }, { - "dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e", + "dest-uuid": "16794655-c0e2-4510-9169-f862df104045", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -2692,6 +2741,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "ff0404a1-465f-4dd5-8b66-ee773628ca64", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "652b5242-b790-4695-ad0e-b79bbf78f351", @@ -2890,6 +2946,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "2a16a1d4-a098-4f17-80f3-3cfc6c60b539", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "74167065-90b3-4c29-807a-79b6f098e45b", @@ -2906,12 +2969,26 @@ ] }, "related": [ + { + "dest-uuid": "28c13455-7f95-40a5-9568-1e8732503507", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "a673b4fb-a864-4a5b-94ab-3fc4f5606cc8", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "74167065-90b3-4c29-807a-79b6f098e45b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "2a16a1d4-a098-4f17-80f3-3cfc6c60b539", @@ -2940,6 +3017,13 @@ ], "type": "similar" }, + { + "dest-uuid": "17e12216-a303-4a00-8283-d3fe92d0934c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc", "tags": [ @@ -2953,13 +3037,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "variant-of" - }, - { - "dest-uuid": "17e12216-a303-4a00-8283-d3fe92d0934c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "dcbf1aaa-1fdd-4bfc-a35e-145ffdfb5ac5", @@ -3108,14 +3185,14 @@ }, "related": [ { - "dest-uuid": "e6085ce0-af6d-41f7-8bcb-7f2eed246941", + "dest-uuid": "6e668c0c-7085-4951-87d4-0334b6a5cdb3", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { - "dest-uuid": "6e668c0c-7085-4951-87d4-0334b6a5cdb3", + "dest-uuid": "e6085ce0-af6d-41f7-8bcb-7f2eed246941", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -3530,12 +3607,33 @@ ] }, "related": [ + { + "dest-uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5", @@ -5165,6 +5263,20 @@ ], "type": "similar" }, + { + "dest-uuid": "e0bea149-2def-484f-b658-f782a4f94815", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f", "tags": [ @@ -5695,6 +5807,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "d1482c9e-6af3-11e8-aa8e-279274bd10c7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "a71ed71f-b8f4-416d-9c57-910a42e59430", @@ -6437,6 +6556,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "a71ed71f-b8f4-416d-9c57-910a42e59430", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "d1482c9e-6af3-11e8-aa8e-279274bd10c7", @@ -6913,6 +7039,13 @@ ] }, "related": [ + { + "dest-uuid": "e8af6388-6575-4812-94a8-9df1567294c5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "6f736038-4f74-435b-8904-6870ee0e23ba", "tags": [ @@ -6966,15 +7099,6 @@ }, { "description": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs, to steal cash equivalent to tens of millions of dollars. FBI has attributed malware used in this campaign to the North Korean government. We expect FASTCash to continue targeting retail payment systems vulnerable to remote exploitation.", - "related": [ - { - "dest-uuid": "e38d32a2-c708-11e8-8785-472c4cfccd85", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "e306fe62-c708-11e8-89f2-073e396e5403", "value": "FASTCash" }, diff --git a/tools/gen_mapping.py b/tools/gen_mapping.py index 6a50eb7..ce2beac 100755 --- a/tools/gen_mapping.py +++ b/tools/gen_mapping.py @@ -36,7 +36,7 @@ type_mapping = { 'mitre-mobile-attack-tool': 'tool', 'backdoor': 'tool', # 'mitre-pre-attack-attack-pattern': '', - 'mitre-mobile-attack-intrusion-set': 'tool', + 'mitre-mobile-attack-intrusion-set': 'actor', 'mitre-tool': 'tool', # 'mitre-mobile-attack-attack-pattern': '', 'mitre-mobile-attack-malware': 'tool',